Cookie FAQs – Frequently Asked Questions
In this section of the site we aim to answer the most important questions that people ask about the new cookie law. If you have a question that is not on this cookie faqs list then please contact us and we can add it to this page.
What is a cookie?
A cookie is a small text file that is stored on a user’s web browser. The cookie is set by request by a web server to a web browser (e.g. Internet Explorer, Chrome). A cookie is entirely ‘passive’ and does not contain software programmes, a virus or spyware. A cookie is composed of two parts, its name and its content or value of the cookie. Technically, only the web server that sent the cookie can access it again when a user returns to a website associated with that web server.
What are the advantages of cookies?
A cookie contains information linked from a web browser (the user) to a specific web server (the website). If a web browser accesses that web server again, the web server can read from and react to that information. Cookies ensure a user-friendly experience and support safety efforts for many online offers and services, e.g. language preferences, privacy settings, shopping baskets of online shops or relevant adverts.
What information are stored in cookies?
Cookies store data in a small text file that allow a website to recognise a browser. The web server will recognise the web browser until a cookie expires or is deleted.Cookies store useful information that improve the internet experience, e.g. store language settings in order for a user to see the website in his / her language; allow a user to remain logged-in his webmail; secure online banking; ‘remember’ the items in a shopping basket.
How do cookies end up on my hard drive?
After a cookie is transmitted to your computer, it is stored in the memory of your browser. This way the information is quickly and readily available without re-transmission. It is possible for the lifetime of a cookie to greatly exceed the amount of time the browser will be open. In such cases, the browser must have a way of saving the cookie when you are not browsing, or when your computer is shut off. The only way the browser can do this is to move the cookies from memory into the hard drive. This way, when you start your browser a few days later, you still have the cookies you had previously. The browser is constantly performing maintenance on its cookies. Every time you open your browser, your cookies are read in from disk, and every time you close your browser, your cookies are re-saved to disk.
What businesses will have to show consent?
All UK businesses will have to ensure they meet the requirements of the UK legislation. The laws apply across the EU, although are implemented differently in each country. All businesses in the EU will therefore need to comply with the regulations, and will be bound by those in their own country. In theory, any business anywhere that has a website serving customers within the EU, is required to comply with the legislation with respect to those EU visitors. So a US website with UK visitors, ought to be asking for consent from those UK visitors according to the UK legislation. However enforcement of this is not exactly an easy task.
Are cookies spying on my computer?
No, cookies are not active programs. As a result, they cannot be spyware (that illegally intercepts data) and cannot carry a virus. They do not have access to the information on your hard drive.
When does cookie law start?
The cookie law actually came into effect in the UK on 26 May 2011. However websites have been given a year from that date to become compliant.
Do cookies pose a security or safety risk?
No, cookies do not pose any safety or security risks. They are not ‘active’, executable, software. They do not spy on data that is stored in the computer nor can they carry a virus.
Is my privacy protected?
Usually cookies contain only a generic browser recognition or are associated with anonymous data. When cookies are set, the user is informed about it (typically in the privacy section of a website or in the terms of use or other user contract). If websites use cookies to collect personal data, data protection laws require those websites to inform users about the collection of personal data and the purpose of such collection.
Can Cookies give my computer a virus?
No. cookies are not executable’s. For something to pass on a virus, you must first execute a program or applet. You can not get a virus from a text file. Just like you can’t get a cold from watching a winter scene on television!
Can I control cookies?
Yes, browsers offer cookie management setting tools. Browser settings can be set to require the user’s confirmation for each cookie that might be stored on his / her PC. You can also set the browser to accept cookies only from specific web sites (e.g. your favourite news site). Browsers can also enable users to delete specific cookies. It is even possible to set a browser to reject all cookies. Note that choosing to disable all cookies could significantly affect your web browsing experience because many Internet services rely on cookies.
Can I disable a cookie?
Yes, some browsers will let you block just third party cookies (these are cookies placed on your browser by an entity other than the particular website’s owner- e.g., an advertising partner) or will allow the use of settings to block only cookies that do not meet your privacy preferences. However, most Websites use cookies in order to enhance a user-friendly experience and the safety of their online offers, e.g. the shopping basket of an online shop or the display of a relevant advertisement. You can choose to disable all cookies but this could significantly affect your web browsing experience.
What is the lifespan of a cookie?
Cookies are managed by web servers. The lifespan of a cookie can vary significantly, depending on its purpose. Some cookies are used only during an online session (‘session cookies’) and are not retained once you leave a website, and some cookies are retained and used each time you visit a website (‘permanent cookies‘). However, cookies can be deleted by a user at any given time through the browser settings.
What kinds of cookies exist?
There are two types of cookies: ’session cookies‘, which are automatically deleted after each session and ‘permanent cookies‘, which have a longer life-span. Both kinds of cookies can be deleted at any given time by the user.
What are third party cookies?
Some content on a Website can be placed by a third party provider (e.g. a news box ticker, a video or an advertisement). Those third parties can also place cookies through a Website and they are called ‘third party’ cookies because they are not the Website owner. Third party providers must of course respect the applicable legislation and typically the policies of the Website owner. See also question “Can I control cookies?”
Do cookies fill up my hard disk?
No, cookies are small text files and require very little storage.
Who checks cookie compliance?
In the UK the Information Commissioner’s Office (ICO) is responsible for enforcement of the cookie law. Other EU states will have their own arrangements.
Who are the ICO?
The ICO are the Information Commissioners Office, a body funded by the UK government but operationally independent from it – a type of institution also known as a ‘quango’ (quasi-autonomous non-government agency) They describe their mission as:”to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We rule on eligible complaints, give guidance to individuals and organisations, and take appropriate action when the law is broken.” The ICO are responsible for enforcing the cookie law in the UK. The investigate complaints, and take action against offending organisations. They have the power to impose fines of up to £500,000 for breaches in the law.
Isn’t this just going to all be ignored?
The UK government has been at pains to point out that it does not wholly agree with the Eu directive, but has passed the law and set up an enforcement regime anyway. The EU itself, in the shape of Neelie Kroess, who is heading up the Digital Agenda, has already said it is not going to accept countries simply ignoring the rules. The ICO has also said the same thing. Whilst it may take until mid-2012 before we find out how tough enforcement is going to be, ignoring the cookie law is a high risk strategy. The safest approach is to take action now to become compliant.
Does it only affect websites hosted in the UK?
It’s not clear at the moment if websites outside the UK will be forced to adhere to this same law when users from within the UK use their websites. This could lead to a different user experience for people inside and outside the UK.
Where can I get some more information about cookies?
There’s a great article concerning cookies on Marshall Brain’s “How Stuff Works”. Worth a look! http://www.howstuffworks.com/cookie.htm
The World Wide Web Consortium has an excellent FAQ to answer the majority of Internet and Web-related questions. You can read their topic: “Do ‘Cookies’ Pose any Security Risks?”
http://www.w3.org/Security/Faq/wwwsf2.html#CLT-Q10
