Website Cookies

by | Dec 8, 2021 | 0 comments

I’m sure you will have come across websites asking you if you accept cookies. This is because a range of laws across the globe that are designed to protect your privacy. 

But what are cookies, how they do they work and what are the regulations that website operators are accountable to.

Read on to learn more..

What are Cookies?

Cookies are small pieces of data that are stored as text files through your and other users’ browsers. 

There are two main types of cookies:

  • Persistent cookies, which expire on a set date (some times years after being served)
  • Session cookies, which expire once you leave the website.

Websites create cookies for the purpose of storing browsing information, which can later be accessed and used to customise webpages based on what is stored.

Most cookies are automatic, convenient and assist users. Examples of these cookies are when the browser

  • Stores your username so that you don’t have to remember it upon returning to the website,
  • Keeps items in a virtual shopping cart for you or
  • Remembers your location when you visit sites for things like movies and weather.

Other cookies that track browser search history and online activity to deliver targeted adverts could be more controversial.


Various data regulations and laws outline the way in which websites can use cookies, such as cookies being acceptable if informed users actively decide to allow them.

The General Data Protection Regulation (GDPR)

The GDPR works with data protection and considers cookies whenever they retrieve identifiable information about users. Explicit consent (by clicking or closing a pop-up) must be given on part of the user, in keeping with the regulation. The GDPR applies if

  • the website,
  • the visitor to the website or
  • the collection of personal data 

is in a European Union country. It therefore possesses legal power in all member countries – unlike the ePrivacy Directive (discussed below).

The European Union ePrivacy Directive

The European Union ePrivacy Directive is a set of principles that countries, in their own capacity, incorporate in their domestic laws. The key principle is that websites within the EU can’t place cookies on users’ browsers without obtaining prior consent. This doesn’t, however, apply when cookies are required to maintain websites’ functioning. Websites can insist on users accepting these necessary cookies. An example of a necessary cookie would be the virtual shopping cart of an online retail store.

The other types of cookies (persistent, session, tracking, marketing and analytic) are grouped as optional cookies.

When websites display messages, either as a pop-up or on their page informing you of the cookie usage, they are adhering to the ePrivacy Directive. These messages may warn users to stop using the site should the cookies not be accepted by them or detail how users can block the cookies.

South Africa – Website Cookie Policy

The POPI regulations do not specifically mention cookies however the PPI (Protection of Personal Information) act does apply to South African website cookies in the fact that a cookie is a text file that could contain personal identification information.

South Africa follows a similar line to the EU ePrivacy Directive. However, for most websites, they simply need to notify website users that their website serves cookies and what they intend to do with them in a written statement – commonly a privacy policy

Third-Party Cookies

Third-party cookies are created and placed on browsers by random users from different domains (websites) – not the operators of the sites that you are visiting. Third-party cookies can be accessed on other sites. First-party cookies, on the other hand, are placed by the domain that you are visiting and are only accessible to the domain that created them.

An example of a third-party cookie is when a host of adverts (filtered to your preference, according to your cookies) feature on a website. This is able to happen because the third-party cookie is on your browser and accessed whenever you visit websites that show adverts from the advertising network.

Third-party cookies assist the network by informing advertisers how often the average user has seen the same advert. They can also be used to ensure that users view a series of adverts from the same campaign in a particular order or that they don’t continuously see the same advert.

The more controversial cookies, tracking cookies, record the kind of websites you visit and deliver more targeted advertising. Tracking cookies might be obvious. For instance, you may notice adverts for a product on websites that you visit after you have viewed the product’s webpage.

Users’ demand for privacy however, means that most major browsers like Google Chrome aim to phase out third-party cookies by next year. User browser settings that either globally accept third-party cookies or accept/decline individual cookies may then be effected.


When a user allows/agrees to cookies, it is an issue of privacy. You may appreciate the convenience of receiving targeted adverts or you may be concerned that the cookies track your online activity to deliver said adverts. Although it is not a safety issue, as the cookies can’t intercept data transactions nor access files on your computer.

It is important to keep in mind that cookies should not identify you personally. Tracking cookies assist in constructing an overall picture of your browsing activity – not you – in order to determine the adverts that you will receive. 

Cookies & Personal Data

Cookies are not personal data, but 

  • they may contain personal data. For example, a cookie wherein you insert your email might remember it and automatically fill in the remainder of it the next time you type it on the page.
  • they can be a part of personal data. For example, a website operator utilises other sources of personal and identifiable information about a user (such as a product you’re interested in) in correlation with the cookies.

Opting Out

Users will frequently be given choices to opt-out of cookies. These choices will present themselves in one of two ways. Either, there’ll be different types of cookies for the user to select or there’ll be an ‘all or nothing’ option.

Again, the options depend on the regulations in place. Under the GDPR for instance, website operators aren’t allowed to make accepting optional cookies a condition that users must meet in order to access the website.

Related Posts

Related Posts