All you need to know about cookies, and why

Lora

17.06.2021

If you are reading this, chances are you've been hearing a lot about cookies, GDPR and ePrivacy. And yes, it can be confusing and even frustrating at times, we know. But if you have a website these days, you should be familiar with those terms and there's no way around it. That is why we did our best to collect everything you need to know on the subject in a single, simply written article. Hopefully it can help you make more informed decisions about your website.

What are cookies?

You have probably noticed that since May 2018, a notification shows in nearly every website you visit for the first time. It informs you that the website collects information using cookies and asks you to allow that. But what exactly does that mean?

Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by the web browser. Cookies are essential for every website to function properly, improve user experience and collect data for marketing and statistics purposes. If you consent to the Cookies policy, you agree on being tracked while browsing or having your data saved for the next time you visit the website. However, by law every website user must have the right to choose their “cookie preferences”. Besides some exceptions described later in this article, user data can't be collected or used without the user’s consent.

Types of cookies

There are three classes of cookies, depending on their specifications:

Duration
- Session cookies - these are temporary cookies that expire once you close the browser or your session ends.
- Persistent cookies - the duration of these cookies may vary, depending on the expiry date set into their code. According to the ePrivacy Directive, they should last for at most 12 months.
Provenance
- First-party cookies - these are the cookies saved to your device directly from the website you are visiting.
- Third party cookies - these cookies are saved to your device by a third party website (e.g advertiser)
Purpose
- Strictly necessary cookies - these are cookies which are essential for the purpose of the website. Such cookies hold your items in the shopping cart of an online shop, for example. As they are strictly necessary, the user does not have to consent to their use, but still needs to be informed about their existence and the way they work.
- Preferences cookies - when you save your username and password for future visits of a website, or select your preferred language, this data is stored in preferences (functional) cookies.
- Analytics cookies - the purpose of these cookies is to measure the performance of the website. While this includes third party cookies that track your activity on the website, the data can only be used by the sole owner of the website. The collected information is anonymous and therefore can not identify you.
- Marketing cookies - these are mostly third-party cookies, used by advertisers to provide more relevant advertising or to control how many times a user sees certain ad. These are persistent cookies and the collected data can be shared with other organisations.

GDPR and ePrivacy directive

GDPR

The General Data Protection Regulation (GDPR) does not say much about the cookies:

 “Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

Simply put, this means that companies do have a right to collect and process personal data, as long as they get consent or they have legitimate interest.

As a website owner, violation of GDPR may cost you a fortune, so it is essential that you don’t collect data illegally.

ePrivacy directive

The purpose of the ePrivacy directive, also known as the Cookie law, is to secure the user’s privacy through data protection. It is all about what companies, website owners and service providers can do with your consent and what they are not allowed to do without it.

Unfortunately, a lot of the websites only inform you that they use cookies and the single choice left to the user is “OK”, meaning that your data will be used in any case.

How to be cookie compliant?

If you are a website owner, you must make sure that the following requirements are covered by your website’s cookie extension:

You need user’s consent to use any cookies except strictly necessary cookies.
You have to provide clear information about what information is being collected through each cookie and how is the data used.
You need to store all users’ consents.
You should still allow your users to access your website, even if they did not agree on the use of cookies.
You should provide as easy way for the users to withdraw their consent as it was when they agreed on the cookies.

Conclusion

Many companies have already suffered the consequences of cookies not being compliant. While some websites only get a request for adding the cookie pop-up, others get fines which are not to something to underestimate. Besides, your website’s visitors thrust you when they visit your website - why punish them by stealing their data?

Now that you’re aware of how important cookies and their proper use are, you have no excuse but to make sure you are all set cookie-wise. The good news is that we at boldit.studio have a solution to that and if we are going to build your website, it will be 100% cookie-proof. Because, well, we love cookies 🙂

“People have got to learn: if they don't have cookies in the cookie jar, they can't eat cookies.”
~ Suze Orman, personal finance expert

Share on social media

Cookie	Duration	Description
AWSALBCORS	7 days	This cookie is used for load balancing services provded by Amazon inorder to optimize the user experience. Amazon has updated the ALB and CLB so that customers can continue to use the CORS request with stickness.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga_8SLPV1R0Z9	2 years	This cookie is installed by Google Analytics.
CONSENT	16 years 5 months 17 days 10 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_pk_id.48264.8109	1 year 27 days	No description
_pk_ses.48264.8109	30 minutes	No description
AWSALB	7 days	AWSALB is a cookie generated by the Application load balancer in the Amazon Web Services. It works slightly different from AWSELB.
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.