What Are Cookies?
In many cases, cookies are necessary for a website to function as expected. One example includes ecommerce, which relies on cookies to store items in a shopping cart if users leave the page. Anyone who browses the internet takes advantage of cookies every day, even if they don’t realize it.
While cookies are used as a catch-all term, there exist different types of cookies that perform distinct tasks and pose varying levels of security risks. A few of the most common types of cookies include:
Session Cookies: are used to save short-term bits of information used during a single browsing session, as in the ecommerce example above. Session cookies are explicitly deleted whenever the browser is closed, making them perfect to maintain the user’s login identity. Session cookies are also often used for website navigation tracking.
Persistent Cookies: are longer-term values that the browser remembers whenever the user visits the site, even after the browser is closed. Persistent cookies have a defined duration that can be as short as seconds or minutes, and as long as years. Persistent cookies are often used to save settings and preferences to maintain a convenient and consistent experience for the user. Persistent cookies can also be used to identify and track long-term user behavior on the site across multiple browsing sessions.
Third-Party Cookies: Session and Persistent cookies described above are only visible to the specific website who set them. Third-party cookies, however, are capable of storing values that apply to multiple websites. Third-party cookies can be used to identify individuals as they navigate across multiple websites… but only if those websites use the same third-party tools. Third-party cookies are typically set by widgets and other tools that website owners place on their sites. These third-party cookies have the capability to identify and track users on any website that uses that particular widget.
Despite their importance, cookies can present trust, privacy, and security risks, particularly when it comes to third-party cookies. It’s your responsibility as a website owner to know what cookies your site is setting and to ensure the cookies are used ethically and responsibly so your user’s information stays safe.
What is Cookie Management?
As issues over digital privacy rights become more forefront, users are increasingly demanding to know how websites use their private information. A recent Cisco survey found that over 84% of global consumers wanted more control over how their data is used.
Site owners can start by performing a cookie audit. Most sites run more tracking cookies than you realize, so you’ll need to know exactly which user data is being collected and for what purpose. Remove cookies that collect data you don’t need, or that violate privacy rules. Finally, create a list of cookies being used on your site and classify them by the categories listed above. You can perform a cookie audit using tools such as Osano’s free Website Privacy Report.
Your final step involves requiring user consent over your cookie use. Pop-up banners are typically the most effective way to gain user consent, as they are difficult, if not impossible, to ignore. This banner will pop up the first time a user visits your site and should accomplish the following three goals:
- User is aware and consents to cookie use
- User has the option to set their cookie preferences
- User can revoke consent at any time
In recent years, the US, and especially Europe, created laws to protect consumer data and combat unethical cookie practices. The most comprehensive of these laws is the General Data Protection Regulation (GDPR), which was adapted from the EU ePrivacy Directive and applies to any site that operates in the EU or is used by EU citizens. Considering most websites attract visitors across the globe, the GDPR applies to virtually every site.
To stay in compliance with GDPR, you must meet the following requirements:
- Consent must be freely given, specific, informed, and unambiguous
- Consent must be a clear affirmative action, such as an opt-in box or an accept button
- User must be able opt out
- User needs to have the option to accept or decline particular cookies
- User who reject cookies must still receive full access to the website
While there is no similarly comprehensive cookie law in the US, the California Consumer Privacy Act (CCPA) covers users in California, the most populous state in the US, making good odds that the law will apply to your site. But if you complete all the GDPR requirements, you’ll likely also be covered under CCPA, though there are additional requirements under CCPA related to the selling of data. Visit the provided links to become familiar with both laws. It’s also worth noting that GDPR and CCPA do not apply to essential cookies meant to improve the site’s functional use.
Time For a Cookie Break
Cookies are one of most complex, yet important tools in your toolbox as a site owner. They help your site function and give the kind of user experience your visitors expect, delivering a website experience that’s memorable and convenient. Your task is now to explain to your users why they’re so important. They’ll thank you for your service with increased trust.
It might sound like a lot to deal with all these cookies, but the main thing to remember is that your goal is to be as transparent as possible. Trust is the most valuable currency when it comes to offering services online, and this should always be your end goal. If you’re straight with your users, they are more likely to trust you and use your services.