Table of Contents
Since the GDPR came into effect in May 2018, website operators have had to ask themselves, whether cookies count as personal data or not. To answer this question, the term “cookies” must be defined.
A cookie is a small text file. Websites place these small text files in the browsing history of users, which is why we often talk about “setting cookies”. Cookies are either sent to the user by the respective server (HTTP cookie) or generated when a website is visited (scripted cookie). By setting cookies, website visits are tagged and recognized, which allows them to customize their browsing habits. Cookies are generally used to optimize a page for the user – certain cookie types are also responsible for the flawless functioning of the website (e.g. shopping cart cookies).
Generally, there are three types of cookies:
- Cookies required for the function of a website
- Performance or functional cookies
- Tracking or advertising cookies
First party cookies are those cookies that are set on the website on which a user is surfing. These cookies are not made accessible by browsers across domains, meaning you will not be passed to third parties. First party cookies mostly include: necessary cookies, performance cookies, functional cookies and advertising cookies.
Third party cookies or tracking cookies are commonly used to identify the user. These cookies are used to monitor the browsing behavior of a user over a longer period of time and are therefore used to create targeted advertisement. These cookies are set by banners that are integrated on a website and not by the website itself. This happens even without explicit user registration on a website and across multiple web offers. In doing so, third party cookies are navigating the user through links and are collecting useful information such as: the dwell time on various web pages and page views, as well as the frequency of page views.
Functions of Cookies
To enable the free use of websites for visitors, website operators often advertise. Advertising agencies as a third party advertise based on the user information generated by the cookies. Cookies can therefore contribute to the financing of a website through advertising.
By storing user information while surfing on a website, cookies process and store personal information. This information can be seen as an e-mail address, name, age, product suggestions, etc.
Cookies under the General Data Protection Regulation
The General Data Protection Regulation regulates and restricts the processing of personal data. The processing of personal data is only allowed if it is either anonymous or used for specific purposes. Since most cookies process personal data, these are therefore also covered by the GDPR. Learn more
- If it is a technical necessity for a cookie to be set, no consent is required (e.g. shopping cart cookie).
- There are also the so-called functional and performance cookies. It depends on whether these cookies are first party or third party cookies. If functional and performance cookies are set as a third party cookie, consent is required.
- The third type of cookies are analysis, tracking or advertising cookies. User consent is required in every case.
Usercentrics GmbH does not offer legal advice. The content of this article is not legally binding. The article represents the opinion of Usercentrics.