What Are Cookies?

by Jennifer L. Legal writer.
What Are Cookies?

If you've ever wondered how websites remember your login details, or how items in your online shopping cart stay there while you shop, it's not magic. It's actually all down to tiny strands of data called cookies.

There are many types of cookies, including cookies that:

  • Save your password(s) so you don't need to remember them whenever you visit websites
  • Remember what sites you've visited in the past so you can view your browser history
  • Keep track of your shopping cart as you browse an online store
  • Show you targeted ads based on your browsing behavior
  • Verify user login details

We'll look at consent later, but for now, just bear in mind that most websites use cookies and it's important that they tell you so. They should alert you to cookie usage as soon as you land on the website, and it should be clear where you can find further information about their Cookie Policy.

Remember - you have the right to control what data you share with retailers, companies, and other third parties, and what cookies they install in your browser. Some pieces of legislation, like the EU's ePrivacy Directive, give you very specific rights over personal data sharing through cookies - more on all this below.

For now, let's turn to something simple. Where did we get the idea for cookies from, and what's their main job? It actually hasn't changed much since they were invented back in 1994. The inventor, Lou Montulli, created cookies to solve two problems:

  • The difficulty in tracking whether users visited websites more than once, and
  • The lack of technology that made it impossible to launch ecommerce stores

The idea of "tracking" is still central to why websites use cookies now, although there are now many types of cookies and a whole host of ways they can be used. We'll go over these in more detail shortly, but for now here are two things to bear in mind.

Some cookies are absolutely necessary. For example, if you're shopping online, you couldn't purchase anything unless you could save items in your virtual cart. You'd lose the item as soon as you moved to the "checkout" page. So, in some cases, cookies are essential to a website's functionality.

If the website won't work without certain cookies, the owner should make this clear. Sports apparel retailer, Gymshark, explains that the shopping cart won't work unless you accept certain cookies:

Gymshark Cookie Policy: Session cookies clause

Secondly, cookies, for the most part, can't and don't transfer malware or other malicious programs onto your device. It's typically safe to accept cookies, but there are times when you might want to reject them - we'll look at this later.

With all that in mind, what are the advantages and disadvantages of using cookies, and why should you care about them? Let's briefly take a look.

Advantages to Cookies

Advantages to Cookies

There are a number of advantages to using cookies, but here are a few that stand out:

  • They remember your preferences, so you'll only typically see ads that are relevant to you
  • They save your passwords and usernames so there's no need for you to remember these details when you log onto different websites
  • Once you know where to find them, they're easy to delete and control - more on that below
  • Cookies remember your browsing behavior, so you'll often see search results that are most relevant to you when you're using Google or other search engines.

What, though, are the disadvantages?

Disadvantages to Cookies

Disadvantages to Cookies

Just like there are advantages to accepting cookies, there are also a few drawbacks. The main ones you should be aware of are:

  • It's sometimes possible for third parties to access information stored by cookies, which raises obvious privacy concerns
  • You may feel like someone is watching you as you're browsing the internet, which understandably makes some feel uncomfortable
  • If you don't know where to look, it can be difficult to find cookies and delete them
  • Some viruses may be disguised as cookies, and in other cases, cookies recreate themselves after they've been deleted - these are colloquially known as "zombie" cookies

What's important is that you understand how cookies actually work and how you can take control of your internet privacy. Without getting too technical, let's be clear on what cookies are, what types of cookies are out there, and how each type of cookie gathers various bits of information about you, your computer, and your browsing history.

An Introduction to Cookies

Let's get back to basics. Cookies, in their simplest form, are little clusters of data. A web server passes these data clusters through to your computer after you've landed on a website. Your computer then stores the data as files inside your browser cache. It's less complicated than it sounds, so to illustrate, here's how it works:

  • You visit a website
  • The web server passes a short message along to your web browser
  • The browser saves this message in a file titled something like "cookie.txt"
  • You click on another website page (for example, a shop category)
  • Your browser sends a short message "back" to the server that reveals a little more about what you're looking at

Let's look at an example. Say you visit the popular healthcare website, NetDoctor. Once you land on the homepage, a box pops up that tells you about the website's Cookie Policy:

NetDoctor cookie consent notice

If you click off this box and browse the website, it'll install cookies on your browser, and your browser sends a message back about what you're on looking at - for example, cold remedies.

If you're still a little confused, think of this whole process like a text message exchange between two parties - the server, and your browser.

Now we're clear on how cookies end up in your device, let's talk about what types of cookies you'll encounter and what they're used for.

Types of Cookies

Types of Cookies

Broadly, there are six major types of internet cookies out there:

  • Session cookies
  • Persistent cookies
  • Third-party cookies
  • First-party cookies
  • Marketing cookies
  • Performance and analytical cookies

Let's look at each type of cookie in turn and see what they're used for.

Session Cookies

Session cookies are temporary. They literally only last for a "session." Once you close the browser window, or leave the website, the cookie disappears. Unlike other cookies, session cookies are never stored on your computer. Session cookies allow you to:

  • Use your shopping cart on ecommerce websites
  • Browse websites without constantly re-entering the same information

Here's how UK car dealership, Arnold Clark, describes session cookies in its Privacy Policy:

Arnold Clark Privacy Policy: Session cookies clause

Persistent Cookies

Persistent cookies are a little different. These cookies do stay on your computer once you've closed the browser. They're designed to remember your preferences for a specific period of time, whether it's your login details, your shopping wishlist, or your recently viewed items.

Gymshark describes persistent cookies as temporary but beneficial because they help make the shopping experience easier:

Gymshark Cookie Policy: Persistent cookies clause

Third-party Cookies

These cookies are slowly going out of fashion, but you should still know about them. They allow third parties to check how well their ads are performing on other websites. Basically, if you click on an ad for a product from Company A while you're browsing Company B's website, you'll get a cookie on your computer from Company A.

Since these cookies raise potential privacy concerns, they're far less popular than before, and platforms like Google are cracking down on them.

First-party Cookies

First-party cookies shouldn't be confused with third-party cookies. These cookies improve the overall functionality of a website and they're set by the website owner. Unlike session cookies which disappear right after your session, these cookies stay on your device so it's easier for you to use the website the next time around.

Here's how a fitness retailer, Fitness Superstore, describes these functionality cookies. You'll note that these cookies are strictly confined to the one website i.e. they can't track your browser behavior or which other websites you visit:

Fitness Superstore Cookie Policy: Functionality cookies clause

Marketing Cookies

Marketing cookies are similar to third-party cookies, but they're less invasive. They're primarily used to show you ads that are relevant to you which improves your experience while you're browsing the internet.

That's exactly how Gymshark describes marketing cookies in its Cookie Policy:

Gymshark Cookie Policy: Marketing cookies clause

Performance and Analytical Cookies

These cookies help a company assess their website's overall performance and usability. In other words, they can track:

  • How long people spend on the website
  • Whether people find the information they're looking for
  • If people are ignoring certain parts of the website, or if there's unusually high activity in other parts

Arnold Clark sums this up nicely. As the company notes, these cookies are all about improving how the website actually works so it's easier for future customers to navigate:

Arnold Clark Cookies Policy: Performance or analytical cookies clause

So, now we're clear on what cookies do, you probably have another question: Do you have to accept all these cookies, even if you don't want to? The answer is no. Here's why.

What the Law Says About Cookies

What the Law Says About Cookies

The principles here are, thankfully, quite straightforward. Thanks to international privacy laws including the EU's General Data Protection Regulations (GDPR) and the ePrivacy Directive, websites must do two things before they can install cookies in your browser or device:

  • Tell you about the cookies they use
  • Get your consent to using these cookies

Why do they need to get your consent? It comes down to the type of information that cookies can gather. Cookies can collect what's known as "personal data" or "personal information." Personal data is, broadly speaking, any information that can be used to identify you or your household. Examples include:

  • Name
  • IP address
  • Email address
  • Financial details
  • Login details

Global privacy laws allow consumers to:

  • Restrict who has access to personal information
  • Revoke consent to a company holding your personal data at any time
  • Refuse to accept marketing and other unnecessary cookies that collect personally identifiable information

Most importantly, if a company wants to use cookies, consumers have the right to know:

  • Why they're using cookies
  • Specifically what type of information they plan on collecting
  • How they use the data, and who they share it with
  • How to revoke consent
  • How to delete cookies

Companies should set out these rights in what's called a Cookie Policy. You'll either find this inside the Privacy Policy, or it'll be a separately- linked document.

Commonly, you'll find the Policy linked at the bottom of the website in the footer. Here's an example from Gymshark showing separate Privacy Notice and Cookie Policy links:

Gymshark website footer with Privacy Notice and Cookie Policy links highlighted

When you access the Cookie Policy, you can see how the company uses cookies and why, along with other relevant information:

Gymshark Cookie Policy: Intro and table of contents

The only exception to the rule of consent is if the cookie is "strictly necessary" for the website's functionality - for example, session cookies. If you don't want to accept strictly necessary cookies, that's fine, of course, but you won't be able to use that website.

So, if websites need your consent to using cookies, how do they get it? Most often they use Cookie Notices, or popups.

The notice will tell you that the website uses cookies, and it should give you the option to view the different cookies before you proceed. Here's an example from the BBC:

BBC cookie consent notice - extended version

If you click "no" you'll go straight to the Cookie Policy where you can set your specific preferences. You'll note that strictly necessary cookies are turned on by default:

BBC updated cookies toggle mechanism

If you decide to delete cookies stored on your device or browser, here's what to do.

How to Delete Cookies

How to Delete Cookies

We'll show you step by step how to delete cookies from some of the most popular, commonly-used browsers.

How to Delete Cookies on Google Chrome for Windows

  1. From the main menu, click the three-dot menu and select Settings:
  2. Google Chrome menu with Settings highlighted

  3. In the Privacy and security section, click Clear browsing data:
  4. Google Chrome Settings: Privacy and security - Clear browsing data highlighted

  5. In the Clear browsing data window, click the Advanced tab. Choose the time period you wish to clear cookies from and click Clear data:
  6. Google Chrome: Clear browsing data - Advanced tab

How to Delete Cookies in Firefox (Mozilla) for Windows

  1. From the main toolbar, click Options:
  2. Firefox menu with Options highlighted

  3. In the left sidebar, click on Privacy & Security:
  4. Firefox menu with Privacy and Security highlighted

  5. Under Cookies and Site Data, click Clear Data:
  6. Firefox Cookies and Site Data: Clear Data button highlighted

For further assistance, visit the Mozilla help page here.

How to Delete Cookies on Opera for Windows

  1. In the Tools sidebar, click on Settings:
  2. Opera Tools menu with Settings highlighted

  3. In the left sidebar, click Advanced, and then Privacy & security:
  4. Opera Settings: Advanced - Privacy and Security highlighted

  5. Under Privacy and security, click the arrow next to Clear browsing data:
  6. Opera Settings: Privacy and security - Clear browsing data highlighted

  7. Go to the Advanced tab, choose your parameters and click Clear data:
  8. Opera Clear browsing data: Advanced tab - Clear data button highlighted

For further assistance, visit the Opera security and privacy page here.

How to Delete Cookies on Edge Browser for Windows

  1. In the browser's main menu, click Settings:
  2. Edge browser menu: Settings highlighted

  3. In the Settings menu, click Privacy and services:
  4. Edge browser Settings menu: Privacy and services highlighted

  5. Under the Clear browsing data section, click Choose what to clear:
  6. Edge browser Clear browsing data: Choose what to clear option

  7. Select which time range you'd like to clear data from and click on Clear now:
  8. Edge browser Clear browsing data: Choose what time range to clear option

Conclusion

For websites to work properly, they rely on cookies. Cookies are small files containing computer code that can sometimes identify you, your preferences, and your browsing behavior.

There are many types of cookies, and they collect different types of data. However, because cookies can collect information that is used to personally identify you, websites need your permission before they install them on your device or browser.

The only exception is when a cookie is strictly necessary i.e. if it's the only way to keep products in your shopping cart. This type of information isn't strictly personal because it can't technically identify you.

You can delete cookies at any time by clicking through the menu options in your browser, and you can always contact retailers or websites individually to ask them to delete your personal information.

Put simply, you're always in control of what happens to your personal data and who has access to it. Only consent to marketing and analytics cookies if you're comfortable sharing this type of information, and remember, you're free to change your mind at any time.

Last updated on 14 April 2020

Article categories

Jennifer L.

Legal writer.