Information Security: Defining Cookies


A Cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognize a user’s device. Cookies are categorized in two ways, the extent of data they store and the website that places the cookie on the user's device.

A session cookie is one which is erased when the user closes the browser. Session cookies are considered to be less privacy intrusive than persistent cookies because they expire after a browser session so would not be stored longer term. For example, session cookies can be used for security when a user is accessing internet banking or to facilitate use of webmail.

Persistent cookies differs from a session cookies. A persistent cookie remains on the user's computer/device for a pre-defined period of time.

Persistent cookies are stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be stored.

Persistent cookies may be used for a variety of purposes including remembering users’ preferences and choices when using a site or to target advertising.

First-party cookies are set by the web server of the page the user visits (the website displayed in the URL window).

Second-party cookies are stored by a different domain than the visited page's domain. This can happen when the web-page references a file, such as JavaScript, located outside its domain.

Third party cookies are cookies that are set by a domain other than the one being visited by the user. A common example is an advertising service (ex: AdSense) which creates a third-party cookie in order to monitor which websites were visited by each user.

Common Terms

(f)   Terminal equipment-The device a cookie is placed on – usually a computer or mobile device

(g)  subscriber-This means a person who is a party to a contract with a provider of public electronic communications services for the supply of such services.

(h)   user-This means any individual using a public electronic communications service. In this context a user would be the person sat at a computer or using a mobile.

In another article on this blog, I will provide further details on cookies and privacy settings as well as cookies compliance under GDPR.

Comments

Post a Comment

all comments to this blog are moderated

Popular posts from this blog

Labcorp suffers a data breach

Data breaches are happening more frequently than most companies are willing to admit. Labcorp, one the nation’s largest medical diagnostic companies, released a statement yesterday stating that it is investigating a possible Data breach that may have occurred over the weekend. I applaud Labcorp for coming forth so early in the breach response process. What sets a company apart from pack is not only their efforts to prevent and breaches,  but how the structure their breach response polices. More than ever it is essential that effected parties are notified as soon as possible,  to prevent further harm to the party and further reputational harm to the company. You can read more about the Labcorp data breach clicking the hyperlinked text.
Read more

Meta (Facebook) is facing major data transfer hurdles

  By Victorianne Musonza, Privacy Counsel Meta was recently fined 400 Million Euros by the Irish Data Protection Commission for privacy violations, mainly because they failed to adhere to GDPR processing restrictions on personal data. According to Politico , Helen Dixon of the Irish DPC also seeks to prevent Meta from using standard contractual clauses (SCC) to facilitate personal data transfers from the EU to the US. Read more about this here .
Read more

ICO issues additional guidance on Privacy and Electronic Communications Regulations (PECR)

By Privacy Counsel What is PECR?  In February of this year, the Information Commissioner’s Office (ICO), or UK’s Data Protection Regulator, published additional guidance on the Privacy and Electronic Communications Regulations (PECR) , initially passed in 2003, on applying PECR to the DPA. How does PECR apply? There is frequently a lot of discussion around the e-Privacy Directive ( Directive 2009/136/EC ) and very little surrounding the UK. Although the UK is no longer part of the EU, it has adopted a GDPR national privacy law, The Data Protection Act (DPA). PECR applies in the context of UK residents specifically. The e-Privacy Directive applies to GDPR and EU residents. The chart below provides the similarities and distinctions between the two.    Differences from the E-Privacy Regulation PECR E-Privacy Directive Scope PECR applies to the transmission of unsolicited electronic messages to individuals in the UK. ePD applies to the processing of personal data and securit...
Read more