What does “cookie preferences” mean?
When visiting websites you’ve probably encountered a “cookie preferences” message, often with a list of terms and phrases like, “we value your privacy” and “enhance your user experience,” but what does this all mean?In order to understand what you’re being asked, we first need to understand what cookies are, how they work, and what they are being used for. Then can you make a more informed decision.
What are cookies?
Cookies are small text files that are stored on your computer and contain small bits of information.[2] They allow websites to capture, store and transmit information related to the website, device and browser information, and your activity including information about your shopping cart or viewing history.[1-3] Cookies are an essential part of modern websites.
While cookies can be used to improve your experience by remembering things like shopping choices and viewing history, they can also be used to store information that you may not want the website owners to know, like your location.1 There are many different kinds of cookies with different purposes. At a high level, they can be understood by three key characteristics: duration, provenance, and purpose.[3]
Duration refers to how long the information is stored and when it expires.
Cookies can be temporary and are deleted after you close your browser.[1] These are called session cookies. They store temporary information such as shopping cart items but typically do not collect personal data.[4]
Cookies can also be stored for a longer period of time and these are called persistent cookies. They are saved on your computer until their built-in expiration date or until they are deleted by you or your browser directly.[1] Persistent cookies have a variety of applications including:
- Tracking detailed visitor data such as location
- Tracking social media activity to enhance recommendations or advertisements, and
- Storing passwords and security information.[5-6]
Provenance refers to where the cookie came from.
First-party cookies are put on your device directly by the website you are visiting. Third-party cookies are placed on your device, not by the website you are visiting, but by a third party like an advertiser or an analytics company.[1-3]
Purpose refers to how the cookie is used.
Cookie purposes range from “strictly necessary” – which allows websites to function – to purposes that are more extraneous. An example might be cookies that allow a website to collect data about you such as your name or email but don’t necessarily provide additional functionality. In the middle, there are cookies which aren’t necessary for the website to work, but do provide additional functionality and improve your experience.[1-3]
What are the different types of cookies?
Cookies can take many different shapes and purposes. They can be roughly divided into strictly necessary, preference cookies, statistics cookies, and marketing cookies – although the names vary!
Strictly Necessary cookies allow websites to function.
Strictly necessary cookies support essential functions of modern websites such as saving language preferences or keeping you authenticated during your session.[1-3] These cookies do not collect data and under the EU’s GDPR they do not require your consent.
Preferences cookies personalize features and improve functionality.
Preference cookies, also known as functional cookies, do what you might expect. They store your preferences, creating personalized features and providing extraneous services that can help improve website functionality. Examples include web chat services, language settings, or location-based marketing. Preference cookies are anonymous and they do not track your data.[9]
Statistics cookies collect anonymized data on your website visit.
Statistics cookies collect information on the websites you visit and the links you click. These cookies are used by the website to improve their functionality. Although they collect data on how you use the website, this information is anonymous and aggregated, meaning your data is unidentifiable.[10]
Marketing cookies track your data allowing for ad personalization.
Marketing cookies, also known as tracking or targeting cookies, track your online data allowing advertisers to personalize their ads for your preferences.[8] This information includes browsing habits, location, device model, and the different pages you visit.[11] These cookies share information with other organizations or advertisers and are typically created by a third party.[10]
How can I tell the different types of cookies?
Due to privacy regulations such as the EU’s ePrivacy Directive and the GDPR, as well as California’s CCPA and CPRA, website owners are increasingly disclosing how they use cookies. While most websites have implemented cookie preferences, many use ambiguous messages, making it difficult to understand the cookies being collected. For these websites, you will likely need to dig deeper into what exactly the cookies are being used for. That being said, sometimes the prompts will have clues about the cookies being collected. Take this example:[12]
In this you can easily control your cookie preferences by toggling or clicking the arrow button for additional information. Here we can see four cookies: strictly necessary cookies, performance cookies, functional cookies, and targeting cookies. You may notice that strictly necessary cookies don’t have a toggle function. Because these types of cookies enable the website to function and do not store data, they do not need your consent.
Targeting cookies are a type of marketing cookie, where it uses the data collected from you to create profiles that follow you from site to site.[7]
In this example it is a bit more difficult to tell what cookies are being collected. Given the placement of three options, it can be assumed that the personalized is the least private option and the private option is an option that uses only strictly necessary cookies. When clicking the personalized cookies, it’s likely the site is collecting all cookies including preference, statistic and marketing cookies, and the balance is collecting preference and statistic cookies.
Should I disable cookies altogether?
Which cookies you choose to enable depend on your personal preferences on privacy. I suggest disabling third-party cookies and marketing cookies as those are the most invasive and don’t necessarily improve your online experience. While functional and performance cookies do collect data as well, this data is anonymized and your identity is generally protected.
Additionally, websites are constantly changing their cookie preferences messages, and if their messages and terms are ambiguous, there is no harm in playing it safe and declining their cookies.
Thanks to Tobias Kupek, Will Monge, and Jessica Traynor
Footnotes
- https://www.wired.com/story/what-do-cookie-preferences-pop-ups-mean/
- https://usa.kaspersky.com/resource-center/definitions/cookies
- https://www.makeuseof.com/a-beginners-guide-to-cookies/
- https://securiti.ai/blog/session-cookies/#:~:text=experience%20on%20websites.-,What%20is%20a%20Session%20Cookie%3F,shopping%20on%20e%2Dcommerce%20websites.
- https://www.cookiepro.com/knowledge/what-is-a-persistent-cookie/#:~:text=Once%20the%20expiration%20date%20is,is%20a%20Google%20Analytics%20cookie
- https://www.geeksforgeeks.org/explain-persistent-cookie/
- https://cookie-script.com/knowledge-base/kb-targeting-cookies#:~:text=What%20are%20Targeting%20Cookies%3F,ads%20for%20that%20specific%20user
- https://techcrunch.com/2023/05/18/google-will-disable-third-party-cookies-for-1-of-chrome-users-in-q1-2024/#:~:text=Starting%20in%20early%202024%2C%20Google,of%202024%20remains%20on%20track
- https://cookie-script.com/knowledge-base/kb-functionality-cookies
- https://gdpr.eu/cookies/#:~:text=Statistics%20cookies%20%E2%80%94%20Also%20known%20as,aggregated%20and%2C%20therefore%2C%20anonymized
- https://www.cookielawinfo.com/tracking-cookies/
- https://www.onetrust.com/products/mobile-app-consent/
What do you want to know about data, privacy, or technology?
Data Curious is a public resource supported by Good Research LLC in collaboration with the Center for Digital Civil Society at University of San Diego.
To contact us, send us an email at hello@datacurious.org.