What are cookies?
Cookies are an important tool for any business that operates a website. They can give you a lot of insight into your users’ online activity and help you create targeted marketing and advertising strategies. And digital advertising is big business, with global spending aimed at hitting the US680 billion dollars in 2023.
Cookies can store a wealth of data – enough to identify your users without their consent. Over the past decade, a number of laws and regulations have come into play to ensure this does not happen.
What are the different types of cookies?
In general, there are three different ways to classify cookies: what purpose they serve, how long they last and their source or origin.
duration
-
- Session cookies – They are temporary cookies that expire as soon as a user closes their browser
- Persistent cookies – are cookies that remain on the user’s hard drive until he deletes them or his browser deletes them.
source
-
- First-party cookies – are cookies that your website puts directly on a user’s device
- Third party cookies – are cookies that a third party, such as an advertiser or analytical system, puts on a user’s device while browsing your website.
Purpose
-
- Necessary cookies – Essential for users to browse your site and use its features, such as accessing secure areas of the site
- Preferences cookies – Enable your site to remember choices users have made in the past, such as which language they prefer or their username and password, so they can log in automatically
- Statistics cookies – Collect information about how users browse your site, such as which pages they visited and which links they clicked. Their sole purpose is to improve the site’s functions
- Marketing cookies – Track users’ online activity to help advertisers show more relevant advertising or limit the number of times you see an ad.
What is consent to cookies?
In the European Union, the regulations concerning cookies are divided between the General Data Protection Regulation (GDPR) and the ePrivacy Directive (or the EU Cookies Law). Although they differ in scope, both require publishers, advertisers and brands to consider their digital data privacy practices and how they communicate it to their users.
How does cookie consent work under the ePrivacy Directive?
The ePrivacy Directive is a law that requires websites to obtain consent from users before retrieving or storing their personal information. Essentially, it gives users the right to say no to the collection, storage and use of their information.
To be cookie compliant under the ePrivacy Directive, a business must:
-
- Get users’ consent before using cookies, except strictly necessary cookies
- Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before accepting consent
- Document and store consent received from users
- Allow users to access your service even if they refuse to allow the use of certain cookies
- Make it as easy for users to opt out as it was to give their consent in the first place
Do cookie consent laws affect my business?
If your business processes personal data in the EU and provides services through electronic communications, the ePrivacy Directive applies to you. If a US-based company does not conduct business with EU residents, it is not required to comply with the ePrivacy Directive.
The GDPR is much broader, applying to all companies and organizations, regardless of their place of origin, that offer goods and services to consumers in the European Union or collect and process personal data of website users located in the European Union.
Outside the EU, there are several laws such as the GDPR that protect data privacy. These include the Personal Information Protection Law (PIPL) in China, the California Consumer Privacy Act (CCPA) in California, and the Consumer Data Protection Act (CDPA) in Virginia, among others.
What are the penalties for not complying with cookie consent laws?
Penalties under the EU cookie law are set and enforced by local governments. If you don’t comply, you could face criminal charges and fines. For example, in 2022 France fine Google $169 million and Facebook $67 million Requiring too many clicks for users to opt out of cookies.
The future of cookies
Laws such as the ePrivacy Directive and GDPR mean there is more awareness of cookie consent and user privacy. Millions of internet users around the world have taken extra steps to ensure the protection of their data, which allows Ad blockers, which block cookies and other tracking technologies.
In accordance with regulations and in recognition of users’ ongoing privacy concerns, browsers are deprecating support for third-party cookies. Apple, Google and Mozilla have all announced plans to do so in the coming years.
What is zero side data?
The phase-out of third-party cookies will have a profound impact on the digital advertising world and require businesses to rethink how they collect user data. 
There is an alternative to cookies called zero-party data – data that users voluntarily share with your business. This data can include things like preferences, interests and contact details. This is usually collected through methods such as surveys, polls and quizzes.
While it takes more effort to collect, zero-party data has the potential to be more valuable to businesses than cookies because it is more accurate, specific and reliable. In addition, zero-party data is collected with the user’s consent, so there is no privacy concern.
