Skip links

Cookies: What am I giving away?

Cookies: What am I giving away?

Recently, a man in UK noticed an increase in the number of baby and other childcare product and advice advertisements being displayed as he browsed the internet, YouTube and his social media feeds. When the divorced father of two teenage children started receiving mail through his letterbox at home from companies selling all manner of early childhood related products and services he was perplexed. It was only when he found out, a couple of weeks later, that his teenage daughter was pregnant that the mystery was solved.

You see, in the weeks leading up to the deluge of baby related advertising, his daughter had suspected that she may be pregnant and had searched several pregnancy related queries online. What she didn’t know at the time was that her activity was being tracked and that, through various ‘cookies’, her data and, indirectly, that of her father’s was being recorded, packaged and sold to a number of third-party marketing firms. The fact is that, through her online activity, several savvy data brokers and their clients knew that she was very probably pregnant even before a pregnancy test could confirm it.

The data cash cow.

Since first proving their effectiveness in the mid-90s, the use of cookies to do more than improving online user experience has proven extremely lucrative. Many companies realised that cookies could enable the collection of demographic information about their users in addition to increasing site ease of use. Then, with the introduction of third-party cookies, individuals and organisations could monitor users’ browsing habits and start profiling them for marketing purposes, including targeted advertising.

Currently, several large data broking firms actively set up and monitor third-party cookies from which they harvest, package and sell user information to companies seeking to increase their marketing effectiveness and bottom line. With private, corporate and government customers seeking this in-depth user information, the industry is growing exponentially, and information is being sold at a premium. It is concerning that, although user information sold is mostly anonymised, identifying specific users from the data provided has turned out to be relatively simple.

Unfortunately, due to lack of regulation, it is entirely possible that information on your online activity is being collected and passed along to third party websites without your knowledge or consent.

So, what is a cookie?

Created for the first time in 1995, a cookie is a small text file that is generated when a user accesses a website and is placed on an internet users hard drive. The information that the cookie contains can be accessed by the website whenever a user visits it. Basically, it allows the website to see when a user returns and tracks online activity. Interestingly, the term cookie was used because it referred to the American tradition of sharing baked cookies between family and friends.

Ultimately, a cookie’s role is to streamline interactions between online users and websites. For example, allowing a user to add items to an online shopping basket or remembering a user’s preferences and registration details for future visits. They help users to save time and make browsing more enjoyable.

What personal information do cookies collect?

Because cookies don’t scan your computer’s hard drive, they are only able to collect the information that you provide online. This means that any personal information you provide online can potentially be collected. Some examples of the type of personal information collected by cookies includes:

  • Your name, physical and email addresses, mobile number and location.
  • On e-Commerce sites, your shopping cart and wish list contents, browsing preferences as well as login information including time, date and location.
  • Google Analytics tracking of interactions with advertisement engagement, sites you’ve visited including the pages you looked at and duration of visit.
  • Exposure to pop-ups and whether you’ve viewed or interacted with them.
  • Search terms and browser history

Mostly, when your personal information is stored, it is coded to make it unreadable to third parties who may have access to your cookie folder. Technically, only the server that created the cookie can decipher the information that has been collected.

As mentioned, above, some third-party companies do sell the information they collect from their own third-party cookies to organisations that actively market online and aim to track your online activity so that they can target you with ‘personalised’ advertising and content.

How can I protect my personal information online?

Clear Cookies

Clear Cookies

Check your browser for cookies and delete them.

Privacy Browser

Privacy Browser

Consider using a browser that has strong privacy protection and cookie confining credentials e.g., Firefox and Brave, amongst others.

Tailor consent

Tailor consent

Decided on which cookies you will allow and tailor cookie setting per website you visit.

Beware of 'free' offers

Beware of 'free' offers

Don’t click on any ‘free’ offers. They are free because your personal information is the product.

Incognito mode

Incognito mode

Use private or incognito settings when browsing the internet.

Deactivate tracking

Deactivate tracking

Where possible deactivate tracking in your device’s settings.

EU GDPR, ‘Cookie Law’ and ePrivacy Regulations

To date, the EU General Data Protection Regulation (GDPR) is the most comprehensive data protection legislation that has been passed by any governing body today. Unfortunately, it hasn’t adequately outlined clear guidelines for the use of cookies within the EU and the protection of user date in the region.

Additionally, ‘The Cookie Law’ that started as an EU Directive that was adopted by all EU countries, including the UK, in May 2011 gave individual users the right to refuse the use of cookies that reduce their online privacy. In the UK this meant an update to the Privacy and Electronic Communications Regulations.

So, what’s next for the EU e-Privacy Regulation?

The approval of a final version of the e-Privacy Regulation in 2022 is dependent on the outcome of further consultations with the EU Parliament. Should it be finalised this year, the regulation will be enforced from the 20th day after its publication and followed by a grace period of two years before enforcement begins.

In January 2017, the first draft of the EU e-Privacy Regulation was presented by the EU Commission and has, since then, been caught up in a legislative battle between EU Member States who have not be able to come to consensus on the proposed regulation’s scope, interplay with the GDPR and other rules, including those on device tracking and cookies.

During the last few months, after many years of to and fro, the EU council has finally succeeded in its efforts to convince EU member states of its proposal. After extensive negotiations between the European Commission, European Parliament and Council started, the EU Councils new e-Privacy Regulation Draft was published on 10 February 2021. Draft amendments are now being made and it is hoped that after the EU Council’s new draft proposal was published on 10 February 2021. The final amendments are now being made.

How do I prepare my organisation for the e-Privacy Regulation?

Should the EU e-Privacy Regulation be approved and enforced in 2022 you will have until 2024 to ensure that you organisations online presence is compliant.

Without a doubt, the EU e-Privacy Regulation will have a major impact on organisations and it is, therefore, very important to start preparing sooner than later.

This can be done in the following ways:

  • Define the cookies you use on your websites and their purposes.
  • Put processes in place where end-users can opt-in to direct marketing communications and optional cookies, instead of them having to opt-out.
  • Review use of cookie walls and pre-ticked boxes regarding cookie preferences.
  • Beware of third-party cookies on your websites.
  • Make sure that your settings are generally user-friendly and transparent so that users are able to provide explicit consent.

If need any advice on what security measures to implement to effectively protect yourself or business please contact us or call us to speak to one of our experts.

With decades of global experience working for financial institutions, corporates, start-ups, and enterprises, our college of CTOs can provide a wide variety of highly valuable insights on governance, security and strategy.

Need some help with your security? Speak to one of our specialists.

Request a Call