If you’ve visited any website on your desktop or your mobile device, you likely see banners like this on the site you are visiting:
Whether you choose to accept all or reject all, your web experience will likely be impacted. The banner above is a consent banner that businesses are required to have when they use your cookies.
What are Cookies?
Cookies, also known as HTTP cookies, are small text files that sites place on your device when you are browsing the internet. Cookies help sites track your activity like the number of visits you have to a certain site or page. Although this may seem intrusive, cookies are necessary to personalize your web experience in addition to providing convenience. Without cookies your shopping cart would empty each time you left the checkout, your usernames and passwords wouldn’t be saved and your overall user experience on the web would be much worse.
In addition to providing a better user experience and more web functionality for customers, cookies are extremely valuable for businesses. Cookies help businesses personalize their customers’ experience and gain analytics into customer behaviors. With cookies, businesses can see how a customer found their site, what pages they are visiting, and how effective their marketing campaigns like PPC ads are.
Session Cookies and Persistent Cookies
There are two main types of cookies: session cookies and persistent cookies. These cookies are characterized by how long they track a user’s activity and what kind of data they can gather.
Session cookies: Session cookies are cookies that are only used when navigating a website. They only track the information of the user while they are in a given session on a site. Once the session ends, the cookies are automatically deleted. These cookies are enabled on sites by default. They help pages load faster and improve the navigation on a page.
An example of a session cookie in action can be displayed by the shopping cart feature on most e-commerce sites. The session cookie ensures that if you leave the checkout page, your added products will remain in your shopping cart when you go back to your checkout.
Persistent cookies: Persistent cookies are cookies that stay on your computer indefinitely; some have expiration dates and will be removed when a certain date is reached. Persistent cookies are important because they create a convenient and faster web experience. They are often used to save your settings, sign-on information, preferences, and more. The primary use cases for persistent cookies are for authentication and tracking of users’ activities while on a site. The ePrivacy Directive dictates that persistent cookies should not last more than 12 months.
First-Party and Third-Party Cookies
In addition to session and persistent cookies, cookies can also be characterized by who created them. Cookies can be either first-party or third-party cookies.
- First-party cookies: First-party cookies are cookies that are created by the website you are visiting. For example, if you are reading this blog post, a first-party cookie would be a cookie that Ensighten.com created. These cookies are generally used to improve the user experience and save settings and other data.
- Third-party cookies: Third-party cookies are cookies that are created by other websites that you are not visiting. These cookies are often used to do cross-site tracking, ad services, and retargeting.
Aside from provenance, the key difference between first and third-party cookies is the intention. In general, sites that you visit will have first-party cookies to improve your experience, while third-party cookies are primarily used for marketing and advertising reasons. The global shift towards personal data privacy is resulting in third-party cookies being phased out, and Google has announced that it will phase out all third-party cookies on Chrome by 2022.
Since cookies track the activity of users across the web, there are a variety of compliance guidelines that businesses need to follow if they are using cookies on their sites.
Some of the area-specific compliance requirements for cookies include GDPR requirements and CCPA requirements.
The General Data Protection Regulation (GDPR) is the primary compliance program for companies that want to do business in the EU. Since most websites have global visitors and many of them are located in the EU, they have to follow GDPR guidelines around cookies. For cookies, in particular, GDPR requires businesses to have valid consent and provide consent banners prior to using any cookie.
The California Consumer Privacy Act (CCPA) is another regulation that impacts any business with California customers. The CCPA is the most stringent consumer consent law in the United States. It allows customers the right now to know how their data is being used and what information is being collected. To make a consent banner GDPR compliant, it will have to inform the user about the specific purpose of each tracking cookie.