What is the privacy impact of web cookies?
There are two main reasons why people are concerned about web cookies:
- End-users are concerned because they feel that cookies can be used to track their activities on the web (behavioral profiling). For example, if you search for "Camels" today on your favorite search engine, you might continue to see cigarette related advertisements on other, unrelated websites for the next month or so. It's the behavioral profiling network that worked here and decided that you might be interested in cigarette ads. Because once your profile has been compiled, everyone wants to puts their hands on it, you might even get a higher health insurance premium once the "smoker" feature is added to your profile!
- Because of these concerns European Union has enacted new law regulating storage of data on consumer devices (cookies and similar techniques) and behavioral profiling. The scope of this directive is rather wide and it is not limited to classic HTTP cookies but any kind of data. As result, if you are a website owner in Europe, you just became a "data controller" and as such should comply with a number of regulations related to cookies.
From privacy and compliance point of view there are three main types of cookies:
- Session cookies — used for purely technical purposes, like storing your session over multi-step processes etc.
These cookies are usually considered harmless (and it doesn't necessarily mean that the others are harmful).
These cookies are usually forgotten when your browser is closed.
- Permanent cookies — allow the website to recall your preferences or presence for longer time.
This can be used to keep things like your color preferences but also identify you as a returning customer,
that has purchased X, Y and Z in the past, even if you did not register.
These cookies can be stored in your browser for months or years.
» More on permanent cookies...
- Third-party cookies — are simply cookies that are set (and read) by one company on another company's website.
For example, you can be shopping on
bookstore.comwebsite which includes analytics code from
advertising.com. Your browser will silently send information on your actions (what you view, how much time you spend on a page, what you order etc) not only to the
bookstore.combut also to
advertising.com. Because the latter has their code on many, many other websites, and sells them to other advertising companies, they are usually able to precisely track your actions and profile your interests across almost the whole web. Third-party cookies are the core technique used for web analytics and behavioral profiling, and one some websites you can find literally hundreds of third-party cookies set by various advertising providers to track users.
An example of a session cookie:
Set-Cookie: sessionid=0c3ca1b85524d571454b2cf22c62fb34; httponly; Path=/
An example of a permanent cookie:
Set-Cookie: csrftoken=NUZeWttMIijbs7OQrVNm0k1pIknjLyPW; expires=<u>Thu, 27-Feb-2014</u> 22:55:03 GMT; Max-Age=31449600; Path=/
An example of a third party cookie (and it's permanent at the same time):
Set-Cookie: GAD=0c3ca1b85524d571454b2cf22c62fb34; <u>Domain=hub.com.pl</u>; Path=/; Expires=<u>Wed, 30 Aug 2017</u> 00:00:00 GMT