A cookie is created at the request of the website which a user is viewing. The website requests the web browser to create a small text file containing a small amount of information which it can access whilst you are viewing the website. The information is usually to provide certain functionality to enhance your experience on the site.
Cookie security and privacy
Cookies are small text files stored on your computer, and therefore cannot be used to infect your computer with a virus or allow malicous code to run on your computer. Cookies are not deemed dangerous, however there maybe concerns over privacy.
Cookies cannot access any other information on your computer, so the privacy concerns relate solely to tracking of websites that you browse.
UK Regulations and Cookies
(As at November 2017)
The UK introduced the amendments on 25 May 2011 through The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. The relevant section is below:
6. - (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment -
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.
(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.
(4) Paragraph (1) shall not apply to the technical storage of, or access to, information -
(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.
Cookie Uses and Applications
Cookies are used on websites to provide enhanced functionality on improve the users experience.
Examples of website cookie use include:
- Websites which can display different content based on if you have never visited a site before. An example of this is that many sites show a cookie warning on first visit to the website. These warnings may be repeated several days or weeks later to ensure your choices are stll valid.
- Ability for a website to save any preferences set by you so that next time those settings don't need to be set again. Some examples might be storing your name or email address so it is shown to you next time you visit on the same computer.
- Tracking your browsing habits. An example is an online store might suggest more useful additional items to buy, based on the previously visited pages.
- Websites which requires you to login; these allow you to avoid having to enter in your user name and password every time to visit the site (or view different pages on a site)
Types of Cookie
A session cookie only exists whilst the user is reading or navigating the website. When the user closes their web browser these cookies are generally removed.
A persistent cookie for a website exists on a user's computer until a future date. For example the cookie expiry date could be set as 1 year, and each time the website is accessed over this period, the website could access the cookie.
A secure cookie can only be used via HTTPS. This ensures the cookie data is encrypted, reducing the expose to cookie theft via eavesdropping.
First-party cookies are cookies set with the same domain (or its subdomain) as your browser's address bar. Third-party cookies are cookies set with domains different from the one shown on the address bar. The web pages on the first domain may feature content from a third-party domain, e.g. an advert run by another website. Privacy setting options in most modern browsers allow you to block third-party tracking cookies.