It's almost impossible to use the internet for long without coming across a website asking if you accept cookies. That's because of a range of laws designed to protect your data privacy

In this guide we'll explain what cookies are, how they work, and how you can make informed decisions about them

!Let's jump in

What are Cookies?

A cookie is a small text file that is created by a website and stored on your computer through your browser. The idea is that the website can access the cookie at a later time and retrieve information about you. The website then customizes pages based on this information.

Many uses of cookies are uncontroversial and help the users. Examples include:

  • Storing your username (but not your password) to save you having to remember it or type it in when you return to a site
  • Keeping items in a virtual "shopping basket" for an online retailer website
  • A site such as a weather forecast service or movie theater listings 'remembering' your location and automatically displaying relevant details when you next visit

Some uses of cookies, such as tracking your online activity to deliver targeted advertising, can be more controversial.

Cookies fall into two main categories: session cookies only last until you leave the website in question, while persistent cookies will last until a set expiration date.

This is an example of the information covered by one cookie placed by the CNN website. It identifies the user's location, which could affect the order in which news stories appear on the page:

Cookies in Use - Block or Remove screen: Cookie content

This cookie is set to work on all pages on the CNN site, but will be deleted at the end of the browsing session (that is, when the user closes the browser):

Cookies in Use - Block or Remove screen: Cookie expires highlighted

There are a number of different types of cookies, and they each can serve a different purpose. Some stick around for a long time (years) while others, as seen above, are only there when you're on the related website.

What are Third-Party Cookies?

What are Third-Party Cookies?

third-party cookie is one that is placed on a browser by somebody other than the operator of the site you are visiting. Specifically it is placed by a different domain (website). That's in contrast to a first-party cookie, which is created and placed by the domain you are visiting.

The main technical difference is that a first-party cookie is only accessible to the domain that issued it. A third-party cookie can be accessible on multiple sites that include code from the third party.

A common example of a third-party cookie would be where a website hosts advertising provided through an advertising network. Once the third-party cookie is on your browser, it could be accessed whenever you visit any website that shows ads from the advertising network.

This could help the network tell advertisers how many times an average user has seen the same ad. Alternatively, the cookie could be used to make sure you don't see the same ad repeatedly, or to make sure you see a series of ads from the same campaign in a particular order.

Some uses of third-party cookies are more controversial, particularly ones known as tracking cookies. For example, a cookie might be used to keep a record of the type of websites you visit and then deliver more targeted advertising.

Sometimes this can be very noticeable, for example if you visit a page about a product on a retailer's website and then start seeing ads for that product on other websites you visit.

By 2022, most major browsers will block third party cookies by default. Depending on the browser, users may be able to change browser settings to accept them by default or deal with each third-party cookie individually.

Why Do Websites Warn About Cookies?

Why Do Websites Warn About Cookies?

Several national and international data laws and regulations govern the way sites can use cookies. A common theme is that cookies are acceptable but only if users can make an informed decision about whether to allow them.

The European Union ePrivacy Directive

This is also known informally (if inaccurately) as the EU cookie law. It's a European Union directive, which means a set of principles that individual countries build into their own domestic law.

The key principle is that a website in an EU country can't put a cookie on your device without getting prior consent. The only exception is for a cookie that's needed for the website's basic functionality.

You will often see the ePrivacy Directive in action when a website displays a message on the page or in a pop-up window telling you that it uses cookies. It may contain links to details of how to block cookies or warn that if you don't consent to cookies you should stop using the site.

At some point this directive is likely to be replaced by a specific European Union regulation that updates the rules to take account of technological changes, but this hasn't happened yet.