Cookies

Learn the difference between first and third party cookies, and how your business should treat them to comply with privacy regulations.

What are Cookies?

Cookies are tiny text files that carry information used to identify users as they browse the web. Cookies can be used to improve the user's web browsing experience by helping websites remember things like logins, preferences and shopping carts, but cookies can also be a privacy risk. Third-party cookies, for example, can be used to track individuals across domains without their consent. Because of these privacy implications, cookies are increasingly regulated by privacy legislation like the EU's GDPR and California's CCPA.

Session Cookies vs. Persistent Cookies

There are two primary kinds of cookies: session cookies and persistent cookies. These cookies are characterized by how long they keep track of a user, what kind of data they gather, and how much data they can gather.

Session cookies: Session cookies, also known as temporary cookies or non-persistent cookies, are cookies that are only used while the user is on a given website. They are deleted once the user leaves the website. Session cookies are typically enabled by default to help pages load faster and improve the navigation on a page.

Persistent cookies: Persistent cookies are cookies that stay on a device indefinitely; though some have expiration dates. Persistent cookies are used for a faster and more convenient web experience. They are often used to save your settings, sign-on information, preferences, and more. 

First-Party vs. Third-Party Cookies

Cookies can also be defined by who created them. Cookies can be either first-party or third-party cookies.

  • First-party cookies: First-party cookies are cookies that are created by the website you are visiting. For example, if you are reading this blog post, a first-party cookie would be a cookie that Ensighten.com created. These cookies are generally used to improve the user experience and save settings and other data.
  • Third-party cookies: Third-party cookies are cookies that are created by other websites that you are not visiting. These cookies are often used to do cross-site tracking, ad services, and retargeting.

 First-party cookies are typically used to improve your experience, while third-party cookies are primarily used for marketing and advertising reasons. 

Functional, Performance, and Targeting Cookies

Performance Cookies

Performance cookies, or statistics cookies, are cookies that are used to monitor the performance of a website as a user interacts with it. Performance cookies can track the pages most frequently visited by users, the path a user takes through a website, or which links result in errors. Performance cookies do not collect any identifiable information on users and exist for the sole purpose of performance cookies is to improve website functionality.

Functional Cookies

Functional cookies are cookies that perform tasks related to the function of a website, such as remembering a user's login details or location. Without these cookies, the user would have to log in upon each visit to the website and would not receive personalized information.

Targeting Cookies

Targeting cookies are cookies that are designed to gather information about the user and track their online activity to help marketers and advertisers display relevant advertisements and build visitor profiles and statistics for insights into advertising performance. Targeting cookies are almost always third-party, persistent cookies.

Cookie compliance is the process of adhering a website's cookie and tracking practices to the standards set forth by privacy laws and directives like the GDPR and CCPA. Depending on the jurisdiction, this could be as simple as notifying users that they are being tracked (notice only consent), or as complex as asking users for their permission to track their activity, storing, and enforcing those preferences, and offering them the option to change those preferences at any given time. Penalties for noncompliance vary but can reach as high as 4% of annual turnover, under the GDPR. For most organizations, a consent management platform is the easiest, most cost-effective approach to cookie compliance

Unsure about your website's compliance? Get compliance and data security  scorecard from our team of experts.