On virtually every website you visit, you will come across them: cookie notifications. Often, without thinking about it at length, you click "accept" or "reject" (or similar buttons) and continue your browsing adventure. And, of course you understand roughly how cookies work. But what exactly happens behind the scenes, what the many possibilities of cookies are and what is (legally) permissible, remains vague. Do you recognize yourself in this? In a number of different blogs, Mike Landerbarthold answers all your questions. With the first section: how do cookies work and why do they exist?
In a technical sense, a cookie is nothing but a small text file that can be stored on a device - such as a computer or smartphone. Storing and reading cookies, is done through a script embedded in the HTML code of the website. Cookies actually do 3 things: write information (for example: 'place cookie 1'), read information (for example: 'show all cookies placed' or 'perform action x'), or delete (for example: 'delete cookies placed').
Because a cookie reads a particular script, an infinite number of different functions and actions can be executed. Indeed, a programmer is free to write a script in such a way that it performs the function he wants. For example, cookie scripts can be used to check whether a visitor has already logged in to a certain website, to remember his or her preferences regarding a website or simply to retrieve information about the visitor (think of an IP address or (sub)pages visited by the visitor).
But, are cookies actually essential to the functioning of the Internet? Yes and no. For a simple website, cookies (in my opinion) are not necessary at all. For example, a website of a restaurant or tourist attraction displays information such as the menu or the attraction's accessibility. If the visitor becomes interested after seeing this information, they can take action and go to the restaurant or attraction, for example. But, some websites need to be able to "remember" information from visitors in order to function. And that's when cookies are necessary.
For example, a web store should be able to remember that a visitor has loaded products into his or her shopping cart after clicking on "order," or that after paying for the same product through a payment portal, he or she should be directed back to the web store and then receive a message that payment has been made. And in addition, it is convenient both for the website, and for a visitor, that the website knows which country the visitor is from, so that he or she can see the correct (national) catalog on the web store and pay in the correct currency.
And actually, a web store also wants to know which specific products its visitors have viewed, so that it can offer them more suitable products in the future, show them targeted ads on other websites and thus generate more revenue. And all that, is only possible by using cookies. But, you feel yourself that especially the last types of cookies, unlike the first, are certainly not essential for the functioning of the Internet, but at best merely convenient. And that is especially true for the website owner....
For the above, it is important to understand the technique behind cookies. Technically, when someone visits a website without cookies, the situation is as follows: the browser connects to the web server, which, after establishing the connection, sends an information request and then receives a "package" of information from the server. The browser then translates this information into a website, which the visitor then views.
The problem in this process for many websites, is that servers are in principle "static," meaning that they treat every "information request" from every visitor the same. For the 'simple websites,' we already saw that this is not a problem in principle. After all, they only need to display information, which a visitor can then take an action on. But for a web store, for example, the situation is different, as we also saw above. To solve this 'static problem', people in the 1990s came up with the 'magic cookie', later simply called 'cookie'. Cookies made 'static' servers 'dynamic,' by allowing them to store information from certain information requests. In other words, 'dumb' websites could be made 'smart' through cookies.
The invention of cookies significantly changed the process described above. Now, when someone visits a website with cookies, the following happens: the browser connects to the server, which checks whether cookies have (already) been placed on the device. If this is not the case, the server writes a new cookie (or performs an "update" regarding an installed cookie) and then reads the information from the cookie (and then performs a certain function). Thus, by placing or reading a simple text file, the Internet changed completely and - for example - Web stores became possible. All's well that ends well, you might say....
But, while the above is cut and dried for many, many questions still remain about cookies. Since cookie scripts themselves are (usually) not public, and moreover can have numerous different functions, in many cases one does not know what certain cookies do and what one thereby learns about the visitor. And of course, privacy risks then come around the corner.
This article can also be found in the e-privacy file.
More from SOLV Lawyers
