Privacy and security / December 14, 2021

Cookie pop-ups: To accept or not to accept?

woman using a laptop

By now you’ve probably come across the pop up “this website uses cookies” - with a prompt to accept the cookies settings as they are or to customize them. Most people just accept blindly because they want to get on with the task at hand.

But what are cookies? Why do we see them on the websites we visit? What do they actually do? And should we always be clicking yes to accept? This article answers those questions.

The origin of the cookie

In 1994, Lou Montulli was a 23-year old engineer working at Netscape Communications, one of the pioneers of early web browsers. One of his clients was storing a magnitude of shopping cart data on its own servers and was struggling with space and cost issues. As a solution, Montulli referenced an old computing token – the magic cookie. The magic cookie was used to identify when someone logged into a system by passing information from the server to the user’s computer. Lou recreated the concept for web browsing.

According to the video, What are Cookies and How do they Work?, cookies are data that is stored on a user’s computer or device after visiting a website.

Cookies serve three key purposes for different stakeholders:

  • Marketers/advertisers use cookies to keep track of browsing activity and gain insight into consumers’ interests so they can serve relevant ads
  • Website users benefit from cookies as websites remember the details that improve the overall experience (e.g. log in credentials, shopping cart items, location, language preferences)
  • Website owners use cookies to track unique visits and gather additional insights about how visitors use their site so they can optimize it for business benefit

When you visit a website for the first time, that site puts a cookie with a unique identification code on your hard drive or device. The cookie then tracks your session and what you do. For example, if you’re loading your cart in an online store but get interrupted and step away, cookies help by remembering what you had previously added to your cart.

Types of cookies

An average website has roughly 23 cookies and there are a few different types of cookies that currently exist. Below are the five most prominent cookies:

  • First-party cookies: the individual websites you visit use these types of cookies to track page views, sessions and unique visits
  • Third-party cookies: these cookies are typically used by advertisers on other people’s sites to track activity and serve up targeted advertising
  • Session cookies: these cookies have a short shelf life – they expire quickly after a user leaves the site. Session cookies are popular with e-commerce sites to keep carts full and users logged in
  • Persistent cookies: persistent cookies stick around longer than any other type of cookie – some can even stay on a user’s system for 10 years
  • Secure cookies: used primarily by HTTPS sites, secure cookies encrypt data for sensitive transactions (think e-commerce sites and online banking)

Why cookie pop-ups, why now?

The proliferation of cookie pop-ups has been attributed to the passing of the General Data Protection Regulation (GDPR) in the European Union (EU). The GDPR is a comprehensive privacy law with extra-territorial effect - applying to all organizations that process personal data, or monitor or track the behaviour of individuals within the EU (including companies that are established outside its borders). This includes the use of certain kinds of cookies.

While Canada has anti-spam and privacy laws that cover the use of cookies, we do not have a law that regulates cookies in the same way as the GDPR. With many large Canadian companies operating globally (and processing data about individuals in the EU), we’re seeing a proliferation of cookie pop-ups in Canada as well. Smaller Canadian-based companies have also jumped on the “cookie bandwagon” to mitigate risks of privacy non-compliance and steep fines. For many, it’s a “better to be safe than sorry” scenario. Laws and regulations aside, at the end of the day, cookie pop-ups are meant to promote transparency about online privacy.

So, what are your options when you encounter a pop-up? You can read the complicated cookie policy every time so you know what you’re agreeing to. For websites that provide a layered consent approach, you can choose to reject all cookies other than the functional cookies that are required to make the site operate. Alternatively, you can try to ignore the pop-up and use the site anyhow (sometimes that works). Or you can decline and hope your user experience isn’t affected negatively. Lastly, Incognito mode provides another option. If you enable incognito mode on your browser, your browsing history and any cookies placed on your computer/device will be wiped when your private session is done.

Until regulators come up with a more functional and efficient solution, we’ll likely continue to see cookie pop-ups and individuals will need to decide for themselves if they’ll accept in exchange for access and convenience.

Tags:
Privacy & permissions
Safe digital habits
Share this article with your friends:

There is more to explore

Privacy and security

Don't get fooled: how to spot scams in your inbox

Learn how to protect yourself from falling victim to phishing emails.

Read article

Privacy and security

Safeguarding your email from hackers

Learn how to protect your email and reduce potential exposure.

Read article

Privacy and security

Protecting your personal information in our interconnected world

Learn best practices to ensure the security and privacy of your online accounts.

Read article