article banner
Data protection

Let’s open the cookies(jar)

Before you ask, isn’t there a better name for internet cookies, no this is how they are known. A cookie is a small piece of data or message that is sent from an organisation's web server to your web browser and is then stored on your hard drive.

Cookies can't read data off your hard drive or cookie files created by other sites; they are one of the technologies tracking people’s behaviour on the web.

For companies and organisations that have e-shops, enquiry or orders systems on the web the cookies are essential to improve people’s experience using their e-services. For example, if a person halfway through e-shopping remembers that „oh I also need this or that“, they can leave the shopping cart to add the goods and the shopping cart will retain the previous purchases. This is the cookies that help to make it happen.

In addition, cookies help companies to get to know their customer better. Statistical analysis of website visitors and tracking where they arrived from, what are they looking at the website helps companies to offer goods and services that you are most interested in. In digital marketing cookies and other trackers are indispensable tools.

There different types of cookies, functional, statistical and analytical. Functional as the name says are necessary for website to work. Statistical cookies gather usage data and analytical cookies are used for marketing. Website operators don’t have to ask consent for functional cookies, but they need to aks website visitors’ consent to other types of cookies. First party cookies are collected by the website the visitor is on and third-party cookies track the user on the internet across websites.

The consent requirement derives from e-privacy or cookies directive (2002/58/EC) that we discussed in more detail in the article (link) and on Äripäev raadio (link). The directive being lex specialist of the GDPR (2016/679/EC) is being updated and converted to a regulation for the fourth year. The use of cookies was further clarified by Europan Court of Justice in October 2019, stipulating that cookie consent has to be in compliance with the GDPR, i.e. specific, freely given and as easy to withdraw as to give. Specific means that consent can be asked for one personal data processing, for example receiving newsletters or consenting to marketing cookies. Consent cannot be asked for all of the processing whichever way a company wants to as defined in terms and conditions or privacy policy. Voluntary means that should I want to buy a washing machine in an e-shop I am not obliged to consent to privacy policy or marketing cookies to be able to purchase a washing machine.

The privacy rights regulations are toughening across the world and the death knell is also ringing to third party cookies. Chrome is about to block all the third-party cookies in their browser. This has been a long-time coming change but will affect the whole life cycle of digital marketing.

In the next newsletter we will discuss in more detail the changes in digital marketing: what’s happening with e-privacy directive, what IAB the global association of digital marketers and various European data protection regulators opinions on requirements to digital marketing.

Are you interested in the topic?