What is a cookie?
Cookies are small text files stored in your visitor’s browser by your website.
These files typically contain information about your visitor’s preferred language settings or location, but can store a wide range of information including personal identifiable information.
The information is passed between the browser and the webserver which makes it possible for the website to recognize your visitor’s settings when they return to your site.
There are several types of cookies. Their classification depends on their expiration, who sets them, and their function. Let’s take a closer look at what a cookie is.
If you are unsure whether your website is GDPR compliant, get a free compliance check here!
What types of cookies are there?
There are two main types of cookies: Session cookies and persistent cookies.
Session cookies are stored in temporary memory and are deleted when the user ends the “session” in the browser.
This type of cookie keeps track of your user’s visit on your site and prevents your site from asking for the same information multiple times – like login information.
Persistent cookies are stored on your user’s device (phone, tablet, computer). These cookies remain on the device until they reach their expiration date. Whenever your visitor returns to your site, the browser sends the information stored in the cookies to your site.
These cookies can identify users which you can use for your analytics and CRM systems to track visitors, leads, customers.
What information do cookies track?
Cookies may store any number of information specific to your visitor. Some information provides you with data for your business. Other types of information are categorized as personal data. Here’s an overview:
User specific
- Online identifiers and IDs (user IDs, device IDs, marketing IDs etc.)
- IP addressess
- Login information and passwords
- Operating system, browser, language settings etc.
User activity and behavior
- Page views
- Purchase information (shopping cart items)
- Website referrals (channel, social media, search engine, campaign)
- Time stamps
- Privacy settings such as cookie preferences
Who places cookies on your user’s device?
Basically, cookies are placed either by your own website (first-party cookies) or by services implemented on your site (third-party cookies).
First-party cookies are typically used to perform basic functionalities such as keeping your user logged in to your site or remember their shopping cart items.
Third-party cookies are set by other companies through your website. They typically provide you with data for analytics or ads. Most of these are used to collect your users’ personal data to create profiles and audiences for marketing purposes.
Examples of third-party services:
- Google Analytics
- Facebook Pixel/like buttons
- YouTube (video embeddings)
- Widgets from your CMS
- Advertising networks/partners
Do cookies pose a privacy risk?
Cookies contain information about the user’s visit to your website. Some of that information may be categorized as personal information e.g. IP-address, identifiers, geo-location.
But cookies cannot be used to hack information from users’ computers or carry malicious software.
Companies use tracking cookies to create extremely detailed user profiles used for marketing purposes i.e. to target ads to specific user profiles.
To accomplish that, many websites use third-party services like for example the Facebook share button which allows Facebook to track user activity across the internet where other share buttons are implemented.
With this data, Facebook and other ad networks can targeted advertisement to the users based on website visits, preferences, and a lot of other metrics.
Therefore the use of cookies and the data they collect and process is heavily regulated.