On virtually every website you visit, you will come across them: cookie notifications. Often, without thinking about it at length, you click "accept" or "reject" (or similar buttons) and continue your browsing adventure. And, of course you understand roughly how cookies work. But what exactly happens behind the scenes, what the many possibilities of cookies are and what is (legally) permissible remains vague. Do you recognize yourself in this? In a number of different blogs, Mike Landerbarthold answers all your questions. With the second part: what types of cookies are there and what do they do?
Whereas Mike Landerbarthold talked about "cookies" as a general term in his previous blog, he now defines what types of cookies and related techniques exist and exactly what they do. All types of cookies and related techniques have a common denominator, which is to store information from certain information requests. And this is useful (and sometimes essential) for various reasons, we read in his previous blog. But, what types of cookies are there, and what do they do? He explains that this week.
Cookies are set by a website with an associated domain. When cookies are set by the website that the visitor views directly, they are also referred to as "first party cookies. These cookies should be distinguished from "third party cookies," which are placed by a third-party website. Consider, for example, a blog, on which a YouTube video is placed. In that case, the use of third-party cookies is desirable for YouTube; after all, it also wants to be able to keep statistics on videos on third-party websites. But, there are also objections; after all, the use of third-party cookies also creates a lot of ambiguity for website visitors. After all, they often cannot find out which cookies are placed by which third parties, with all the consequences that entails.
Cookies can also be distinguished by the purposes for which they are used. Since there are countless names and descriptions lying around on the Internet, I will distinguish only three (general) types of cookies: functional, statistical and tracking cookies. Functional cookies, as the name gives away, are functional in nature and see, for example, to remember that you are logged in. Statistical cookies give the website owner insight into the visit and/or use of the website. Tracking cookies are used to monitor visitor behavior, for example to provide targeted and/or personalized advertisements. Whereas the first two categories are often labeled as harmless, the latter usually raises eyebrows. After all, based on tracking cookies, website owners can learn quite a bit about you. And that, of course, has many implications for website visitors' privacy rights.
Also important, is the distinction between "classic" cookies and session cookies. Both actually amount to the same thing, in that they are text files that are stored on the website visitor's device and work until they are deleted. Classic cookies include an expiration date (which can also be so far in the future that the cookies in principle continue to work indefinitely) and continue to work until that date even when a browser is closed. Session cookies have no expiration dates, which means they always expire when the browser is closed. Whereas classic cookies can be used for many different purposes (think statistical purposes, but also tracking), session cookies are typically used for functional or technical purposes (think remembering your shopping cart), or to support other cookies.
There are numerous techniques similar to the cookies described above that are used for the same purposes. One very popular technique is the so-called "Web beacons," or small images or pieces of code that are embedded in an HTML document such as a Web site or email. Beacons are used on the Internet under many names such as "pixel tags," "web bugs," "javascript tags" and "tracking bugs," and are primarily used for tracking purposes. Whereas cookies create text files, beacons merely send packets of information to the Web server when loaded. Beacons have the advantage that they are not domain-specific, making it easy to collect information centrally (for example, they can all link to a particular Web server). This makes analyzing data a lot easier for the party to whom the beacons lead. Especially website owners with multiple subwebs, such as Facebook, use beacons.
There are also cookies that are based on HTML5. This is a relatively young programming language, which has made the Internet, and thus the use of cookies, much more efficient. HTML5 cookies, also called "Web Storage," unlike classic cookies, do not automatically connect to the Web server with every information request. They therefore work a lot more efficiently, which can improve the performance of Web sites. Furthermore, HTML5 cookies can store much more information than classic cookies; up to 10mb, where classic cookies can only store 4kb of information. HTML5 cookies are distinguished into localStorage and sessionStorage, whereby the former can be compared to the previously discussed classic cookie and the latter to session cookies.
Finally, the Internet also often talks about "Supercookies" and "Evercookies. Supercookies use specific technologies (such as Adobe Flash and HTML 5) to 'uniquely' identify visitors and thus track them very efficiently across devices. Evercookies use different technologies described above that are stored in different locations and are programmed to identify visitors even after they have deleted their cookies (for example). They are sometimes referred to as "zombie cookies" in this context. Evercookies would even be so efficient that people could be tracked on the usually highly anonymous TOR network.
This article can also be found in the e-privacy file
More from SOLV Lawyers
