Information Security: Defining Cookies


A Cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognize a user’s device. Cookies are categorized in two ways, the extent of data they store and the website that places the cookie on the user's device.

A session cookie is one which is erased when the user closes the browser. Session cookies are considered to be less privacy intrusive than persistent cookies because they expire after a browser session so would not be stored longer term. For example, session cookies can be used for security when a user is accessing internet banking or to facilitate use of webmail.

Persistent cookies differs from a session cookies. A persistent cookie remains on the user's computer/device for a pre-defined period of time.

Persistent cookies are stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be stored.

Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.

First-party cookies
are set by the web server of the page the user visits (the website displayed in the URL window).

Second-party cookies are stored by a different domain than the visited page's domain. This can happen when the web-page references a file, such as JavaScript, located outside its domain.

Third party cookies are cookies that are set by a domain other than the one being visited by the user. A common example is an advertising service (ex: AdSense) which creates a third-party cookie in order to monitor which websites were visited by each user.

Common Terms

(f)   Terminal equipment-The device a cookie is placed on – usually a computer or mobile device

(g)  subscriber-This means a person who is a party to a contract with a provider of public electronic communications services for the supply of such services.

(h)   user-This means any individual using a public electronic communications service. In this context a user would be the person sat at a computer or using a mobile.

In another article on this blog, I will provide further details on cookies and privacy settings as well as cookies compliance under GDPR.

Comments

Popular posts from this blog

Sample Privacy Risk Assesment Example and Explanation

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design

Cross Border Transfer Mechanism: Model Clauses