Short Communication - (2025) Volume 12, Issue 1
Received: 18-Sep-2024, Manuscript No. IPBJR-24-21575; Editor assigned: 20-Sep-2025, Pre QC No. IPBJR-24-21575 (PQ); Reviewed: 04-Oct-2024, QC No. IPBJR-24-21575; Revised: 04-Jan-2025, Manuscript No. IPBJR-24-21575 (R); Published: 11-Jan-2025, DOI: 10.35841/2394-3718-12.2.130
Cookies which can also be described as “clever little helpers” given their efficacy in providing enhanced internet user experience are also of great benefit to services in terms of decluttering storage space on website’s servers and reducing server maintenance and storage cost.
This paper which is divided into three sub-heads will in the first part give an extensive description of web cookies and identify the various forms that exists. The second part highlights different purposes web cookies serve and also discusses the privacy issues–more or less the pitfall(s) involved in allowing certain cookies. In the third part, the relevance of the GDPR and the E-privacy directive to internet cookies will be addressed with reference to salient provisions of both legislations and decision of the Court of Justice of the European Union (CJEU) on the importance of user’s consent.
Description and the Various Types of Web Cookies
Web cookies also known as “internet cookies” are tiny data fragments in a text file saved on an internet user’s device by web servers as soon as the user accesses a webpage.
An illustration of web cookies functionality includes; dispensing with the need to impute login credentials on subsequent visit(s) to a website that had previously requested for the user’s login.
Generally, cookies can be classified in different ways either by
• The purpose they serve
• The duration they last or
• The provenance
Websites are able to improve users’ experience by using duration cookies, that is, either ‘session cookies’ purposed for only the duration of a visit on a site or ‘persistent cookies’ for repeated visits. Other types of cookies include.
Strictly necessary cookies otherwise known as essential cookies: These cookies are necessary to enable ease in navigating a website using its features such as; user login, adding items to a cart in an on-line store and general account management. They are ‘first-party’ and also ‘session cookies’. Whilst it may not be necessary to obtain the consent of an end-user on a website in other to apply the cookies, it is ideal to explain to users what they do and the reason it is necessary to apply them.
Functionality cookies: They are the opposite of essential cookies and are also known as preference cookies. They are not vital for easy navigation through a website but can help with recollection of details such as user’s preference on example; weather report of a region.
Analytics cookies for instance are non-essential cookies. The cookies collect information such as the pages accessed and links clicked on by visitor(s) of a website.
Third-party cookies: They are cookies placed on a web user’s device, not by the website the user had visited, but by a third party like an advertiser or an analytic system. Third-party cookies facilitate cross-site tracking and advertising. They enable advertisers to obtain information about a web user’s browsing habits, tailor ads to user’s interests and measure the effectiveness of the ads.
Marketing cookies are usually of third party provenance. They are persistent cookies that can share information with other organizations and advertisers.
Whilst there are several other types of cookies which may qualify for multiple classification, the afore-listed are the primary ones.
Uses of Cookies and the Privacy Concerns
Internet Cookies serves numerous purposes which may also be considered as the advantages. They include:
Website security provision: Cookies can help to enhance a website’s security by verifying user identities, detecting suspicious activities, and implementing measures such as captcha verification and two-factor authentication [1-3].
Simplifying web authentication process: As noted earlier, by storing user’s credentials, cookies enable websites recognize returning users and then log them in automatically. This in a way provides convenience of avoiding repeated entry of usernames and passwords.
Improved website functionality: When for instance, contents of a shopping cart are saved across sessions, preserving the progress of online forms and recalling navigation histories, cookies enhance websites’ functionality features and enable websites provide a better user friendly experience.
Web optimization: Website owners and developers are able to optimize their sites and identify areas of improvement based on insights provided by cookies about user behaviour including navigation patterns, preferences and other metrics.
Targeted advertisement: As noted in 1, advertisers are able to gather information about the browsing habit and preference of a web guest through cookies. With insight on user’s preferences, they direct ads which are more in tune with their audience preferences–making their experience more personalized. An instance would be the possibility for web users to view ads that are of interest to them as opposed to random ads.
Privacy issues about cookies
The privacy concerns regarding cookies are somewhat not new and are centred basically on third-party cookies due to their intrusive nature.
With third-party cookies, personal and sensitive information as; medical history, political affiliation etc. of a web user can be accessed by ads networks and they could go as far as linking such details to the real names of web users [4].
Other implications might entail tracking web user’s browsing history which could result in identity theft, cyber-stalking and online harassment by cyber-criminals.
Worthy of note is also the fact that some malware could disguise as cookies. They collect personal information about a web user including their browsing habits and they are difficult to get rid of [5].
The Relevance of the General Data Protection Regulation (GDPR) and the E-Privacy Directive to Internet Cookies
With regards to third-party data collection as well as privacy issues associated with cookies, two privacy legislations of the European Union sine-qua-non to this discourse are; the Eprivacy directive (otherwise referred to as the “cookie law”) and then the General Data Protection Regulation (GDPR).
Article of the directive is instructive on the manner of handling data already accessed and stored on a user’s or subscriber’s device. Recital on the other hand underscores the importance of protecting confidential information on a user’s equipment [6]. Hence, “the use of such device should be allowed only for legitimate purposes, with the knowledge of users concerned”.
In the same vein, recital of the directive emphasizes the importance of providing internet users with unambiguous and precise purpose of the cookies, ensuring that they understand the implication of their choice(s) whilst at the same time giving them the freedom or opportunity to refuse a cookie.
A CJEU’s decision on a case against Planet49 GmbH19 in reiterating the need to obtain user’s consent prior to apply cookies, gave elaborate insight on what it entails to secure a user’s active consent as required by the directive. The court of justice noted that pre-checked boxes does not validly indicate that a user gave his or her consent to the storage of cookies.
Explaining the conditions to be met in order to comply with the directive, the court of justice explained that information about the duration of the operation of cookies, as well as information as to whether third parties have access to the cookies and the identities of such third parties are essential to ensuring that internet users make informed decisions on either to grant or refuse consent [7].
Similarly, the GDPR in referring to “cookies identifiers” at recital 30 of the regulation recognizes cookies as personal data. Thus, processing of such data can only be lawful on the basis of obtaining prior consent of users or reason of legitimate interest as encapsulated in Article 6 and Recital 47-49 of the GDPR [8].
Cookies are not harmful, rather they are beneficial to both web users and service providers amidst the privacy issues surrounding it, particularly in relations to third-party cookies.
Citation: Mbaezue V (2025) “Allow/Accept Cookie” Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) and the E-privacy Directive 2002/58/EC (Amended in 2009) Stance on Web Cookies. Br J Res. 12:129.
Copyright: © 2025 Mbaezue V. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
