Crumbs of Data: How Internet Cookies Are Baked Into Your Online Experience

susan
By Carolyn Wimbly Martin and Sara Etemad-Moghadam
Internet and Social Media + Privacy, Artificial Intelligence and Cybersecurity

We’ve all heard about cookies and clicked through the banners and online pop-ups addressing the use of cookies, but their actual purpose and the rules that govern their use are not commonly understood either by website owners or their visitors. With the Children’s Online Privacy Protection Act (“COPPA”), the California Consumer Privacy Act (“CCPA”), the General Data Protection Regulation (“GDPR”) and other laws, it is important to understand how to make your website cookie compliant.

What are cookies?

Internet cookies are small pieces of data that a website stores on a user’s browser. Cookies are set on a user’s device while the user is browsing a website and are stored for several reasons, including keeping a user logged into the website, remembering items in a user’s shopping cart, keeping a user’s payment information secure, saving a user’s preferred site settings and theme, tracking how the user interacts with a website and showing relevant, personalized advertisements. When someone visits or interacts with a website, a small text file is transferred from the site and stored on the visitor’s web browser. When the visitor returns to the website, the server can read the cookie stored in their browser and recall information about the user, like previous browsing history on the website.

Cookies can be classified based on their expiration period, origin and purpose. Cookies can either be session cookies, which are temporary and expire once the user closes their browser, or persistent cookies, which remain on the user’s hard drive until the user or their browser erases them, depending on the cookie’s expiration date. There are “first party” cookies, which are put directly on the user’s device by the website they are visiting, and “third party” cookies, which are placed on the user’s device by a third party like an advertiser or an analytics system.

Cookies are also categorized as “essential” and “non-essential.” Essential cookies, or strictly necessary cookies, are cookies that are essential for a website to function properly and provide the basic information requested by the website user. Examples of essential cookies are those that support log-in functions for a self-service platform or a shopping cart and payment cookies on an e-commerce website. Non-essential cookies are not required for the website to function and can be differentiated based on their purpose: functional, statistical or marketing.

Functional cookies help websites personalize the end-user’s browsing experience and support additional functionality that enhances the website. Functional cookies are anonymous and do not track browsing activity across other websites. Functional cookies include cookies that remember a user’s location, chosen language and other settings to provide a personalized experience for the user on the website. Chat services and user preferences are also available through functional cookies.

Statistical cookies track user browsing behavior over a certain period. Statistical cookies collect data for analyzing and reporting visitor interactions with a website.

Marketing cookies are usually third-party persistent cookies that track user activity to provide targeted advertisements. These cookies are used to support online marketing by collecting information about users to promote products through partners and other websites.

Google uses cookies and similar technologies to allow users to access features of Google’s services, including remembering choices and preferences, like choice of language; storing information relating to a user’s session, such as the content in an online shopping cart; enabling features or performing tasks requested by the user; and product optimizations that help maintain and improve that service. Google also uses this technology to authenticate users to help ensure that only the actual owner of an account can gain access, and to detect spam, fraud and abuse. There are also cookies to collect data that allow services to understand how users interact with a particular service. For example, businesses use Google Analytics to collect information on their behalf and report site usage statistics. Google uses cookies for advertising, including servicing and rendering ads, personalizing ads, limiting the number of times an ad is shown to a user, muting ads the user has chosen to stop seeing and measuring the effectiveness of ads. Personalization cookies enhance a user’s experience by providing personalized content and features, like more relevant results and recommendations, a customized YouTube homepage and ads tailored to a user’s interests. For more details on common Google cookies, their functionality, security and their analytics purposes, including for advertising and personalization, click here.

To check for the cookies used on a website, here are the steps to follow in Chrome and Microsoft Edge:

Chrome

  • Right-click anywhere on the website and click “Inspect” and the developer console will come up on the right-hand side of the screen.
  • At the top of the developer console, a bar will come up with “Elements,” “Console,” “Sources,” “Network,” etc., and click on “Applications.”
  • On the left-side of the developer console, it will read “Application,” “Storage,” “Background services,” and “Frames.”
  • Under “Storage,” there will be a “Cookie” section. Expand the “Cookies” dropdown, and select the website to see the cookie details, including the “Name,” “Domain” and “Expires / Max-Age” (how long the cookie lasts).

Microsoft Edge

  • Right-click anywhere on the website and click “Inspect” and the Microsoft DevTools will come up on the right-hand side of the screen.
  • At the top of the DevTools, a bar will come up with “Elements.” Next to “Elements” will be icons representing the console, sources, network, performance, and a plus sign. Click on the plus sign (+) and select “Application” from the dropdown.
  • On the left-side of the DevTools, it will read “Application,” “Storage,” “Background services,” and “Frames.”
  • Under “Storage,” there will be a “Cookie” section. Expand the “Cookies” dropdown, and select the website to see the cookie details, including the “Name,” “Domain” and “Expires / Max-Age” (how long the cookie lasts).

For example, if you were to check for cookies on Lutzker & Lutzker’s website, here is what you would find:

Our website has four cookies and uses Google Analytics.

If you need assistance with your website’s cookie and privacy policies, please contact Lutzker & Lutzker. We will be sharing more on privacy policy compliance in the coming days.