• EN
    • DE
  • Login
Consent Management Platform
Consent Management Platform (CMP) Usercentrics
  • ProductsHolistic Consent Management Software
    • Website Consent Management
    • Mobile Consent Management
    • AMP Consent Management (BETA)
    • Smart Data Protector
    • Automatic Privacy Policy
  • Solutions
    • GDPR
    • CCPA
    • CMP for Publishers
  • Pricing
  • Resources
    • Developer Documentation
    • Videos
    • FAQ
    • Knowledge Hub
    • Whitepaper
    • Webinars
    • RFI Template
    • What’s new?
  • Partner
    • Find a partner
    • Become a partner
    • Tech Partner
    • Expert Partner
    • Reselling Partner
    • Referral Partner
  • Company
    • About us
    • Career
    • Press
    • Events
    • Contact
  • GET STARTED NOW
  • Menu
GDPR & Cookies
April 29, 2019 | 3 min read

What are cookies?

Resources
Knowledge Hub
What are cookies?

Table of contents

Show more Show less

Since the GDPR came into effect in May 2018, website operators have had to ask themselves, whether cookies count as personal data or not. To answer this question, the term “cookies” must be defined.

Definition of cookies?

A cookie is a small text file. Websites place these small text files in the browsing history of users, which is why we often talk about “setting cookies”. Cookies are either sent to the user by the respective server (HTTP cookie) or generated when a website is visited (scripted cookie). By setting cookies, website visits are tagged and recognized, which allows them to customize their browsing habits. Cookies are generally used to optimize a page for the user – certain cookie types are also responsible for the flawless functioning of the website (e.g. shopping cart cookies).

Generally, there are three types of cookies:

  • Cookies required for the function of a website
  • Performance or functional cookies
  • Tracking or advertising cookies

The difference between first and third party cookies

First party cookies

First party cookies are those cookies that are set on the website on which a user is surfing. These cookies are not made accessible by browsers across domains, meaning you will not be passed to third parties. First party cookies mostly include: necessary cookies, performance cookies, functional cookies and advertising cookies.

Tracking cookies or third party cookies

Third party cookies or tracking cookies are commonly used to identify the user. These cookies are used to monitor the browsing behavior of a user over a longer period of time and are therefore used to create targeted advertisement. These cookies are set by banners that are integrated on a website and not by the website itself. This happens even without explicit user registration on a website and across multiple web offers. In doing so, third party cookies are navigating the user through links and are collecting useful information such as: the dwell time on various web pages and page views, as well as the frequency of page views.

Functions of Cookies

The use of cookies enables a number of functions. The functions of cookies can be divided into three areas.

Firstly, website operators can use cookies to conduct user analysis, which records visiting times or the frequency of page views. Usage streams can be used to eliminate bugs and manage bids. Examples of these are sales and comparison portals, streaming services, search engines, etc. These match the behavior of their users and thus determine the best possible result for precise hit rates.

To enable the free use of websites for visitors, website operators often advertise. Advertising agencies as a third party advertise based on the user information generated by the cookies. Cookies can therefore contribute to the financing of a website through advertising.

By storing user information while surfing on a website, cookies process and store personal information. This information can be seen as an e-mail address, name, age, product suggestions, etc.

Risk of cookies

The biggest concern with cookies is the data theft. If cookies are not protected or even poorly protected, the stored personal data of a user is readily available to abuse and is vulnerable to hacker attacks. A further problem is the creation of personal profiles through the use of cookies. In general, profiling should only be necessary on an anonymous basis. Cross-site merging of cookies, however, can create detailed user profiles. Profiling is understood to mean the automated processing of personal data in any form by the evaluation of personal aspects of a natural person. This means that people can be clearly identified and recorded with their activities by profiling based on browser history, web searches, IP addresses, purchases, and personal account activity.

Cookies under the General Data Protection Regulation

The General Data Protection Regulation regulates and restricts the processing of personal data. The processing of personal data is only allowed if it is either anonymous or used for specific purposes. Since most cookies process personal data, these are therefore also covered by the GDPR. Learn more

In short:

  • If it is a technical necessity for a cookie to be set, no consent is required (e.g. shopping cart cookie).
  • There are also the so-called functional and performance cookies. It depends on whether these cookies are first party or third party cookies. If functional and performance cookies are set as a third party cookie, consent is required.
  • The third type of cookies are analysis, tracking or advertising cookies. User consent is required in every case.

Are cookies personal data?

Disclaimer

Usercentrics GmbH does not offer legal advice. The content of this article is not legally binding. The article represents the opinion of Usercentrics.

Related Articles

5 Tips for Handling Cookies Correctly in Live Chat Supportlive-chat_userlike
November 23, 2020
6 min read
GDPR & CookiesUsercentrics Best-Practices

5 Tips for Handling Cookies Correctly in Live Chat Support

Cookies aren’t just for tracking user behavior and displaying ads. They’re part of nearly every online tool, such as...

Read more
Brexit and the ICO Guidelines on Cookie Consent: How to be compliant after the transition periodBrexit - Article
August 13, 2020
5 min read
GDPR & Cookies

Brexit and the ICO Guidelines on Cookie Consent: How to be compliant after the transition period

The end of the Brexit transition period is quickly approaching – and publishers are wondering if their data strategy...

Read more
GDPR Cookies Checklist: Your Toolkit for ComplianceGDPR Checklist | Usercentrics
July 2, 2020
3 min read
ePrivacy & Privacy PolicyGDPR & Cookies

GDPR Cookies Checklist: Your Toolkit for Compliance

Uncertain about how to become compliant with GDPR and the ePrivacy Directive? We’re here to help. Future-proof your marketing strategy...

Read more

Next Steps

Scan your website

Scan your website

Check your privacy compliance
Request a demo

Request a demo

Schedule for free
Get started

Get started

See our pricing

Legal Update

Always up-to-date: With our legal update, we keep you up to date with the latest trends around data protection.

Products

  • Website Consent Management
  • CMP for Publishers
  • Mobile App Consent
  • Automatic Privacy Policy
  • Smart Data Protector
  • AMP Consent Management (closed beta)

Resources

  • Whitepaper
  • Case Study
  • On Demand Webinars
  • Live Webinars
  • Knowledge Hub
  • RFI Template
  • Videos
  • FAQ
  • Developer Documentation

About Us

  • Who we are
  • Career
  • Press
  • Events
  • Contact

Our Mission

Helping companies to achieve compliance in harmony with their marketing strategy.

Legal

  • Legal Notice
  • Privacy Policy
  • Terms and Conditions

Address

Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany

© Copyright 2021 Usercentrics

This website and all services provided by Usercentrics are not intended for users and companies outside of the European Union, U.K. or Switzerland.

Cookie Hint Cookie Banner Cookie Banner Cookie Banner
Scroll to top