Fancy a cookie or two? Only if they’re compliant

We’ve all heard the word ‘cookie’ banded around, especially in the wake of GDPR, but sadly in the IT world, this one is not made of chocolate chips. Many people are still unfamiliar with the exact meaning of the word cookie and more importantly, the cookie law. Here, SCC explains exactly how cookies work, and what you need to be aware of.  

How do they work?

Nowadays, when browsing the web, a lot of ads you see will be targeted at you specifically and will correlate with products or services you have searched for previously. This is all thanks to cookies. Cookies are usually small text files placed on your computer by a web server when you view certain sites. These cookies are used to store data about you and your preferences, a bit like a tracker.

Generally, the role of cookies is beneficial, making your interaction with frequently-visited sites smoother – for no extra effort on your part

In fact, some people believe cookies get their name from the infamous Hansel and Gretel story. The siblings were able to mark their trail through a dark forest by dropping cookie crumbs behind them.  

The good, the bad, and the crumbly

Like most things, there are positives and negatives to cookies. They can be useful as they help you resume where you left off on a webpage, remember your login details, preferences, and other customisation functions. Generally, the role of cookies is beneficial, making your interaction with frequently-visited sites smoother – for no extra effort on your part. However, depending on your point of view, you may not be so happy about organisations storing information about you. You may just dislike the idea of your name being added to marketing lists, or your information being used to target you for special offers. You could be looking at gifts online on a shared computer, leading to a ruined surprise when the other user sees targeted ads related to your searches. Cookie security is also a large problem. Many security holes have been found in different browsers and some of these holes allowed cyber criminals to gain access to users’ information, including credit card details. At SCC, we can help make sure your IT is secure and protect you from cyber threats.  

The Cookie Law

The Cookie Law, requires organisations to seek consent from visitors to store or retrieve information on a desktop, laptop, tablet or mobile device. Adopted on 25 May 2011, it also gives users the right to refuse the use of cookies if they believe it will reduce their sense of online privacy.  

GDPR and cookies  

Cookies are mentioned in Recital 30 in the GDPR. It says, “Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.” In other words, when cookies can identify an individual via their device, it is considered personal data. However, not all cookies are used in a way that could identify users, but the majority are and these will be subject to the GDPR. Therefore, organisations that use cookies need to ensure compliance.  

Need help with compliance and security?

SCC can make sure you are compliant with GDPR and cookie laws, as well as ensuring your IT is safe and secure from cyber attacks. Click here now to find out more about our services