- Internet Cookies And Privacy
- Cookie 3 1 – Protect Your Online Privacy Game
- Cookie 3 1 – Protect Your Online Privacy
- Cookie 3 1 – Protect Your Online Privacy System
- Does Deleting Cookies Protect Privacy
Cookies are an important tool that can give businesses a great deal of insight into their users’ online activity. Despite their importance, the regulations governing cookies are split between the GDPR and the ePrivacy Directive.
Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by your web browser. In and of themselves, cookies are harmless and serve crucial functions for websites. Cookies can also generally be easily viewed and deleted.
However, cookies can store a wealth of data, enough to potentially identify you without your consent. Cookies are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads. Given the amount of data that cookies can contain, they can be considered personal data in certain circumstances and, therefore, subject to the GDPR.
In this post, we’re highlighting 20 ways to increase your online privacy. Some methods are significantly more extreme than others, but if you’re serious about maintaining your privacy, these. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
Before analyzing what the GDPR and the ePrivacy Directive have to say about cookies, it is essential to have a basic understanding of the different types of cookies.
Types of Cookies
In general, there are three different ways to classify cookies: what purpose they serve, how long they endure, and their provenance.
Duration
- Session cookies – These cookies are temporary and expire once you close your browser (or once your session ends).
- Persistent cookies — This category encompasses all cookies that remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary. According to the ePrivacy Directive, they should not last longer than 12 months, but in practice, they could remain on your device much longer if you do not take action.
Provenance
- First-party cookies -- As the name implies, first-party cookies are put on your device directly by the website you are visiting.
- Third-party cookies — These are the cookies that are placed on your device, not by the website you are visiting, but by a third party like an advertiser or an analytic system.
Purpose
- Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
- Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.
- Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.
- Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.
These are the main ways of classifying cookies, although there are cookies that will not fit neatly into these categories or may qualify for multiple categories. When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies. These cookies can contain significant amounts of information about your online activity, preferences, and location. The chain of responsibility (who can access a cookies’ data) for a third-party cookie can get complicated as well, only heightening their potential for abuse. Perhaps because of this, the use of third-party cookies has been in decline since the passage of the GDPR
Cookies and the GDPR
The General Data Protection Regulation (GDPR) is the most comprehensive data protection legislation that has been passed by any governing body to this point. However, throughout its’ 88 pages, it only mentions cookies directly once, in Recital 30.
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
What these two lines are stating is that cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.
Cookies and ePrivacy Directive
Passed in the 2002 and amended in 2009, the ePrivacy Directive (EPD) has become known as the “cookie law” since its most notable effect was the proliferation of cookie consent pop-ups after it was passed. It supplements (and in some cases, overrides) the GDPR, addressing crucial aspects about the confidentiality of electronic communications and the tracking of Internet users more broadly.
Cookie compliance
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
- Receive users’ consent before you use any cookies except strictly necessary cookies.
- Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
- Document and store consent received from users.
- Allow users to access your service even if they refuse to allow the use of certain cookies
- Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.
ePrivacy Regulation
The EPD’s eventual replacement, the ePrivacy Regulation (EPR), will build upon the EPD and expand its definitions. (In the EU, a directive must be incorporated into national law by EU countries while a regulation becomes legally binding throughout the EU the date it comes into effect.)
The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are drafts of the document online, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp.
The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job. However, properly informing your users about the cookies your site is using and, when necessary, receiving their consent will keep your users happy and keep you GDPR-compliant.
![Privacy Privacy](https://www.geeky-gadgets.com/wp-content/uploads/2020/01/Protect-your-online-privacy-1-3-1.jpg)
Related Posts
- Recital 30 - Online identifiers for profiling and identification
- What is considered personal data under the EU GDPR?
- A guide to GDPR data privacy requirements
- Art. 95 GDPR - Relationship with Directive 2002/58/EC
- Art. 94 GDPR - Repeal of Directive 95/46/EC
- Art. 34 GDPR - Communication of a personal data breach to the data subject
May 2011
Cookies
When you visit a website, not only are you offered information or services, but your computer may also be offered a “cookie.” A cookie is a small file that is passed from a website to an end user’s (your) computer, often without your knowledge or consent. The cookie is used to save information about the interaction between you and the site, such as login credentials, preferences, and any work in progress. The cookie file is automatically stored by your browser (e.g., Internet Explorer or Firefox) on the local hard drive, and it can later be retrieved by the website.
Cookies were invented in 1994 so that information could be saved between visits to a website. This lets you avoid logging in for every visit, and cookies are also used to keep track of preferences and works in progress (such as items in an online shopping cart). Today, just about all of the top websites use cookies for one purpose or another. Cookies are a very useful feature of the web and, without them, web sessions would have no history; you would have to enter your information over and over.
Third-Party Cookies
Initially, cookies were only shared between the website (the “first party” in the transaction) and the user (the “second party”). Soon after cookies were invented, however, their use was expanded to third parties—organizations not directly involved in the interaction—such as advertising companies displaying ads on certain websites.
When an advertisement is on a web page supplied by a first party, the advertising content and a cookie are passed from the advertising company (the third party) to the end user’s (your) computer. Later, when you revisit that same first-party website, or another site that uses the same advertising company, the third-party cookie can be retrieved by the advertising company. If the cookie contains a unique identifier, then information about your visits to different websites can be linked together.
Further, if any of the sites (such as social networking sites) collect personal information, this information might also be collected by the advertisers. In this way, advertising companies are able to track the websites that you visit and build up detailed personal profiles, which may then be used to target further advertising to you.
Third-party cookies raise privacy concerns because the transactions typically involve unknown third parties and are conducted without your knowledge or consent. Unless you pay attention to an often-confusing set of options in your browser software, the cookies are created and used invisibly, and the information that is gathered may be stored forever. In addition, the tracking and profiling done by advertising companies can be extensive; it is common for your computer to collect dozens of third-party tracking cookies.
Flash Cookies
Flash cookies (also called Local Shared Objects or LSOs) are created by Adobe’s popular Flash browser add-on for multimedia. Like traditional cookies, Flash cookies can be used to save state information, as well as preferences, between sessions. They are also used to track the websites that you visit. These cookies are normally not visible to you, the end user, and options to control or delete them are usually absent or very difficult to find. Flash cookies are frequently found on websites, and they are often used along with traditional web cookies. In fact, even if you delete web cookies, Flash cookies can be used to recreate them.
Flash cookies raise additional privacy concerns because they are more hidden than traditional web cookies, so you have to take extraordinary measures to remove them. Also, many privacy policies that describe the use of web cookies fail to mention Flash cookies, and procedures to opt out of web cookies often have no effect on Flash cookies.
Super Cookies
A third type of cookie, called “super cookies,” is also emerging. Super cookies use new storage locations built into browsers to save information about you. For example, the Internet Explorer browser has “userData” storage, while Firefox has “DOM” storage”. The emerging HTML 5 specifications also set aside web storage that can last either for a browser session or permanently (until deleted). These storage mechanisms are larger and more flexible than traditional cookies so more information can be stored. Like web cookies and Flash cookies, you, as a user, are often unaware that super cookies exist. You, as the user, are often not provided with tools to control the information that is stored.
Cookie-Less Tracking
A person’s browsing habits can also be tracked without cookies. One such method involves “web bugs”, which are small, invisible image files placed on a web page or hidden in an e-mail message. When you view the page or message, the image is downloaded from a server that can keep detailed logs. These logs record such information as your location, Internet address, the page or message you are reading, and the current date and time.
When people view web pages, their browsers can reveal a lot of information. The browsers can be queried to determine their detailed characteristics, including version number, window size, settings, add-ons, and customizations. The combination of information, often called “device fingerprinting,” can be quite specific to an individual machine. An experiment conducted by the Electronic Frontier Foundation suggests that this information may be unique to about one in one million people.
Web Privacy Tools
Unfortunately, protecting privacy while browsing the web is not an easy task. Web browsers provide some tools for storing and clearing cookies. However, the default is to store all cookies indefinitely and the privacy tools are often hard to find and use. Browsers can be set to block cookies, but many websites require that you, as a user, allow cookies to use the service. Even blocking third-party cookies can impair the experience of some services, so users are faced with the onerous task of allowing some cookies and not others. If you do configure your browser to delete stored cookies, this often only clears traditional cookies, without removing super cookies and Flash cookies.
![Protect Protect](https://download.vpnproxymaster.com/web/master/images/home/online_s_p.png)
Internet Cookies And Privacy
Some browsers have recently implemented a “private browsing mode,” designed to protect privacy. In Firefox, for example, web cookies are deleted when a private browsing session is ended. Unfortunately, super cookies and Flash cookies are not always affected by these settings, so they are still stored during private browsing sessions. In order to clear all the different forms of cookies and web storage, you generally have to install and use special add-on applications. Some popular tools for Firefox, for example, are the BetterPrivacy, NoScript, and Targeted Advertising Cookie Opt-Out (TACO) plug-ins.
Conclusion
Cookies are powerful tools that give the web a memory, making for a better user experience. They do, however, also pose privacy concerns because they are often used without your knowledge or consent, and can be used to track your web habits and build detailed personal profiles about you.
To protect your privacy on the web, you need to learn about the cookie controls provided in your browser. You should also investigate some specialized tools that can control all cookie types. Unfortunately, however, even if you do make the effort to control cookies, there is little that you can currently do to protect against cookie-less tracking methods.
The OPC is studying this issue. We raised concerns about tracking practices in our Report on the 2010 Consultations on Online Tracking, Targeting, and Profiling, and Cloud Computing. We will continue to address our concerns with industry, as appropriate.
Additional Reading
Eckersley, P. (2010) Browser versions carry 10.5 bits of identifying information on average.
Cookie 3 1 – Protect Your Online Privacy Game
Krishnamurthy, B. and Wills, C.E (2010). On the leakage of personally identifiable information via online social networks. ACM SIGCOMM Computer Communication Review, 40(1), 112—117.
McKinley, K. (2008). Cleaning up after cookies.
Cookie 3 1 – Protect Your Online Privacy
Schoen, S. (2009). New cookie technologies: Harder to see and remove, widely used to track you.
Cookie 3 1 – Protect Your Online Privacy System
Soltani, A., Canty, S., Mayo, Q., Thomas, L. and Hoofnagle, C. (2009). Flash cookies and privacy.
Does Deleting Cookies Protect Privacy
Wall Street Journal. (2010). What they know.