We’ve all seen the annoying prompts – particularly since the EU’s General Data Protection Regulation (GDPR) came into effect in May of 2018. That’s because the GDPR, along with other data privacy laws, forces companies to give users a clear opt-in to store cookies – small packets of data that facilitate online shopping, effortless logins, ad serving, and more.
Websites used cookies long before the GDPR took effect. So you may ask: what is it about the GDPR that’s forcing companies everywhere to bombard us with Accept/Decline Cookies prompts? And the answer is simple: hefty fines for non-compliance – up to $20 million or 2% of the company’s annual revenue from the preceding financial year, whichever is higher.
So, keeping in line with current data protection laws, businesses are no longer willing to step on the toes of data protection authorities.
But what are cookies exactly and how should we manage them? More importantly, should we avoid the hassle of managing them and just hit “Accept All” every time we want to access a website? Should we “Reject All Cookies?” There’s no simple “yes” or “no” answer to these questions. So let’s look at when it’s okay to accept cookies, and when it’s best to firmly say no to the nagging cookie prompt.
Cookies are small text files stored in your web browser that basically help companies remember information about you and track your behavior across websites.
Cookie prompts vary from website to website. Some mention first-party cookies and others third-party cookies, but most look, sound and work the same.
First-party cookies store essential information about you and your device in order to:
· Give you access to the website’s content
· Learn your location to improve your browsing experience
· Remember your credentials to let you log in a second time without typing your user name and password again
· Remember items you’ve added to your cart while shopping online
…and more
Third-party cookies come on top of the site’s own cookies and serve purposes like:
· Store information about the ads you have viewed, the websites you have visited, and the time you spent on each site. This data helps advertisers deliver personalized ads based on your interests and browsing history.
· Track your movements across different websites, allowing companies to create a profile of your online behavior. This includes the pages you visit, the links you click, and the content you interact with, mostly for analytics to better monetize you as a potential buyer, or simply to sell your data to another party
· Store information about your social media accounts and activities to track your interactions and provide certain ads, features, or recommendations
…etc.
As you’ve probably already guessed, third-party cookies are the ones we should manage more carefully. So when should we consent to cookies and when should we reject them?
Necessary or essential cookies make your website work correctly. They enable basic things like page navigation and remembering items in a shopping cart, or grant access to secure areas. These cookies typically do not store personal information and the website you’re browsing needs them to operate properly.
Preference cookies are also considered safe. They store information about your choices and preferences, like language settings, themes or font sizes. They’re designed to simply improve your browsing experience by customizing the website to your preferences.
Performance cookies are also considered acceptable, as they collect anonymous data about how you use a website. They help the website gauge your interactions, identify popular content, and improve site performance.
Functional cookies are generally safe as well, as they enable things like interactive content, embedded videos, social media sharing, and other handy buttons and functions. They may collect some non-sensitive data about you and your interactions, typically in good faith, to enhance the website's features without major privacy concerns.
Security cookies ensure ensure data is securely transmitted over the web, and detect and prevent malicious, fraudulent, invalid, or illegal activity. They also ensure the correct and efficient operation of systems and processes. You definitely want those on.
Third-party cookies are the non-essential cookies that you can safely decline without affecting your experience. They’re commonly used for tracking, so if you’re concerned about your privacy – and you should be – consider limiting or downright blocking third-party cookies. Ideally, a cookie prompt should give you the option to manually opt in or out of what you believe can affect your security or privacy.
Advertising cookies are considered the most intrusive, as they’re used to deliver targeted advertisements based on your browsing behavior and interests. They track your activity across multiple websites to build a profile of you, so if you don’t care for personalized advertising, you should block or at least limit these cookies.
Regardless of the type of cookies named in your prompt, never let them in if the website you’re visiting is unencrypted. Look for the HTTPS sign or the padlock icon in your browser’s address bar to make sure the website you’re visiting is safe to interact with. If your browser or security solution says it’s unsafe to interact with that website, decline all cookies and close that tab.
An unsecured connection means third parties, including malicious actors, can steal cookies from your browser, and intercept your personal information, credit card data, and more. Always remember that interacting with an unsecured website makes you more vulnerable to crimes like identity theft.
Accepting cookies can be risky even on a website that your browser or security solution deems safe. But that doesn’t mean you should accept all cookies blindly, as some of the responsibility of protecting your privacy and security ultimately falls onto you, the user. For example, if you share ID information (like your Social Security Number), banking data, health data, etc, it’s best to decline the use of cookies to make sure those details aren’t stored and later accessed in an unpredictable scenario, like a data breach, or a hacker attack on your computer. While cookie data is typically not harmful, an attacker can use it to impersonate you, log in to your various accounts, apply for credit in your name, extort you, etc. Some things should always be kept private, regardless of the promises made by the website you’re visiting. So always follow the old adage “better safe than sorry.”
Modern web browsers are beginning to phase out default support for third-party cookies while also implementing stricter controls on their use in order to protect user privacy and give people more control over their data. But the fight against tracking is only just beginning.
If you’ve accidentally accepted cookies you’re no longer sure about, use your browser’s settings menu to clear all cookies, or selectively dump cookies associated with a certain website or browsing session.
To take more control over your data, consider using a dedicated solution like Bitdefender Anti-Tracker, available with Bitdefender Total Security. This lightweight browser extension is designed to hide your activity from trackers, increase your online privacy, and reduce the time needed for websites to load.
For even more peace of mind, consider using Bitdefender Premium VPN, an ultra-fast VPN that keeps your online identity and activities safe from hackers, trackers and snoops.
Stay safe!
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024