It feels like every day is a fight with cookies — more precisely, those annoying cookie banners that get in the way right when you need some information quickly. Take me back to the good old pre-General Data Protection Regulation (GDPR) days, the days when companies could do whatever they wished with our data and just left us to browse in peace! If you’re anything like me, you spend far too much time grumbling to yourself every time a pop up about cookies gets in your way without any real thought as to what they are. However, hypertext transfer protocol (HTTP) cookies have been around since the early 90s and have a significant impact on how we experience the internet and how it interacts with us.
Cookies go by many names: HTTP cookies, browser cookies, web cookies, and internet cookies. In essence, they are little packets of data that are sent from a web server to the user’s device while browsing a web page. These enable many functions including a website remembering what’s in your shopping cart or your login credentials. These are certainly useful functions, but cookies also give websites and the people behind them a lot of power when it comes to our data and our privacy. This is why in recent years their use has been so strictly legislated for, and why it is so important that we now have the power to grant permissions for their use.
Cookies can be classified in several ways. Firstly, by their duration of storage. Session cookies last only until the user closes the webpage in question, whereas persistent cookies stay on your device for much longer periods of up to 12 months. This is only if they comply with the EU ePrivacy Directive, nicknamed “the Cookie Law”. They can also be broken down into first-party and third-party cookies. As you might expect, first-party cookies come directly from the website you are visiting, whereas third-party cookies are those placed on your device by an external source, such as an analytics company or an advertiser. These are the cookies that most concern us in terms of data protection. Third-party cookies bring us targeted ads, which is one of the reasons when you search for shoes on a particular website, you’ll probably be inundated with ads for similar pairs across every other website you use for days afterwards. Some people prefer the small pay-off in lost data privacy to have a smoother online experience, while others choose less tailored information in order to retain added data privacy. This is one of the main choices we make when choosing which box to click when a cookie banner comes up on a web page.
“The average consumer has already begun to get frustrated with the seemingly relentless nature of the cookie notifications.”
When the EU ePrivacy directive was introduced in 2002, and revised in 2009, it marked the beginning of cookie banners and cookie walls. These are the main aspects of cookies that we the consumers are conscious of: the little obligatory message telling us that the webpage will use cookies to give us a “better user experience”. However, we only began to see the full force of these once GDPR came into effect in 2018. The previous “Cookie Law” did not require the same level of “freely given consent” as GDPR, and we suddenly found ourselves having to actively tick boxes to opt-in to cookies, rather than the previously popular pre-ticked cookie box, or a notice-only banner which informed on cookie usage, without asking for consent. Websites operating in Ireland were given until October 2020 to get up to date with data protection laws in Ireland before they became liable to enforcement by the Data Protection Commission. So it’s really only been in the last year or two that we have seen the full force of the cookie.
Within this short timeframe, the average consumer has already begun to get frustrated with the seemingly relentless nature of the cookie notifications. Cookie banners have become such a central part of web pages that extensive thought is put in by marketing teams on how to make these relentless messages tie in with the brand and to keep the consumer as happy as possible as they sign away their data. However, if you’re feeling a bit irritated having to agree again and again to cookies, there is light at the end of the tunnel. The EU is currently in the process of regulating to cut down on the number of cookie banners users meet, hopefully allowing users to set general preferences to cover most sites and to remove cookie banners for non-intrusive cookies. Hopes for this lie in the replacement of the ePrivacy Directive with a newer ePrivacy regulation, which would become binding in all EU member states. However, it is taking quite a long time for the EU to approve this new regulation, which was first proposed in 2017. Therefore, it is still unclear when it will be passed. According to drafts of the regulation, once passed, the directive will have a 24 month transition period, so this will also slow any changes we see. So, needless to say, the onslaught of cookie banners won’t be letting up anytime soon. It may be best to just continue to grin and bear it for the time being.
