Understanding Cookies and How to Protect Your Privacy – A Basic Guide

Imagine that you want to go to this newly open restaurant in your neighborhood and want to find the reviews of those who have been there. You found a website that have the reviews you want, and you can see that the photos of the food look so appetizing. However, before you can read anything, a pop-up box appears. It says “Our site use cookies. By continuing to browse the site, you agree to its uses. To learn more, please see our Cookies policy.” Inside of this box, there is also little box for you that says “Accept Cookies” and also a clickable word that says “Cookie Settings”.

There are usually 3 types of people when this happens.

  • The first group is those who know what it is, they also know the effects of it on their data and privacy.
  • The second one is those who perceive cookies like a villain of the Internet world. According to them, cookies is bad and very bothering like the Big Bad Wolf. (Well, that’s half true). If they are allowed to look at the content without accepting cookies, likely that they will gladly jump into it. If they are not allowed and they think they can find the information they want somewhere else, it’s likely that they will opt out from the website rather than accepting the Cookies. What about those websites that do not have anything about cookies show up at all? Well, it’s likely that they will think “Great, I’m safe. This one has no cookies bothering me.”
  • The third group is the group that do not care at all since they want to see the content. Accepting Cookies? Fine with me. What can go wrong with it?

You do not have to say it out loud or raise your hand up high on which group you belong to. Instead, we want to show you how to handle cookies and have correct understanding about these little files that you encounter in your daily digital life if you already do not have understandings about it. You might have questions of why should you care about this? You should care because Cookies directly links with your personal data and privacy. Understanding Cookies will help preventing your data and privacy being exploited. We promise you this will be helpful.

What Is It?

 Cookie is a small text file that are created when users use an Internet browser to visit a website that use Cookies. Cookies are commonly used by websites; especially those that have huge databases, need logins, or have customization themes. In this case, it means that even though you do not see a cookies pop-up box when you visit a website, it does not mean that it does not use cookies. It simply means that it uses cookies, but you cannot directly disable them.

“No pop-up that bother you, does not mean it does not use cookies”

Three Common Types of Cookies

The good news is that not all the cookies are bad since there are many types of it. However, there are these three common types that are important for you to know due to their roles. These three main types of cookies are (1) Persistent Cookies (2) Session Cookies and (3) Tracking Cookies. To make it easy to remember, imagine they are three friends working together in the same company. Let’s call them Mary, Peter, and Laura.

Persistent Cookies

Persistent cookies or first-party cookies work by remembering your website preferences such as login information, language selections, and menu preferences.. If you personalize the website to fit your preferences, these persistent cookies will remember and implement those preferences the next time you visit the site again. These cookies are store in your hard disk for some period of time and usually expire in one to two years. Once the date is reached, the cookie will be deleted, along with everything that is customized. It got the name as a first-party cookies because these cookies created by the website that you visit.

Imagine that you have a meeting at this company that Mary, Peter, and Laura works for. You enter the door for the first time and is greeted by Mary who asks you “Would you like some coffee?” and you tell her that that you would like “double shot” espresso. Mary also asks whether you would like to sit in the outdoor meeting area or you prefer a meeting room, and you said that you always prefer a meeting room because you do not like hot weather. When you visit the company the next time, she manages to have “double shot” espresso ready for you and the meeting room has been prepared ahead of your visit. She might remember your preferences until you are not seeing her for a while. As you see her again, she has to ask “I have not seen you for a while, would you like some coffee?” In this case, Mary is the Persistent Cookies, and the company is the website you are visiting.

Session Cookies

Websites usually use session cookies to ensure that users are recognized when they move from page to page within the same website, and any information that they have entered is remembered. The most common example is when a person purchase something online, the session cookies remember the items that are selected and added into a shopping cart which will be ready to check out. The online purchase cannot be successful without the session cookies. The items placed inside a shopping cart will disappear at the time of the checkout as the checkout page does not recognize your past activities. Session cookies are temporary and usually cleared after the purchase is done or when the website is closed.

Here is the example. You finally meet Peter at the company. This company actually sells coffee beans from various sources around the world, and the meeting is actually about you and the company making a trade deal. You are presented with various kind of coffee beans including the Indonesia coffee beans that the double shot espresso you are sipping is made from. You found the taste to be pretty good, so you place an order of 1,000 kilograms of it. Peter is the person who take care of your order deal in every process including payment. He makes sure that it goes smoothly before he calls the logistics department to delivery your order. In this case, you can see that Peter is the session cookies. After the order was placed, he moves on.

Tracking Cookies

Tracking cookies is also known as third-party cookies or targeting cookies. It collects data based on your online behavior. These cookies are created by other websites not the one you are visiting. They collect personal data such age, gender, and location as well as information about website visits and time spent on that page before passing the information on or sold to advertisers. One big company can have tracking cookies in various websites. When the data is collected, an individual user profile can be created and leads to customized advertising.  When you see ads that appear on websites you visit, it is usually a result of the tracking cookies as the company thinks it is relevant to your interests.

The example of it is Laura, the last character we have not talked about yet. When you were making a deal, Laura was there too, except that Laura was not from the coffee beans company. Instead, she’s from a partner company that sells tea. You are introduced to Laura and she explains to you whether you would be comfortable or not if she can sit there as well to observe the conversation and takes note. The note will be shared with her company to see whether you would be interested in their products later.

In the real world, this would be really awkward. However, this is how the digital world breaks from the analog world. Often, in the digital world as you are making a deal, it can go even worse as Laura would just sit there without any introduction taking notes of everything you say and does.

Sometimes, cookies are categorized into four types according to the UK International Chamber of Commerce (ICC) system which are (1) strictly necessary cookies (generally similar to the session cookies) (2) performance cookies (3) functionality cookies (generally similar to persistent cookies), and (4) targeting or advertising cookies (generally similar to tracking cookies). According to the ICC, the Performance Cookies is a type of cookie that collect information about how visitors use a website. For example, which pages that visitors visit the most. The information that these cookies collect is identified as anonymous. It is only used to improve the website only and does not affect your data privacy.

Cookies and Privacy

As said earlier, Laura will pass on all the information about you to her company or even sell them to the others. You usually do not know how far the data travels, and this is how tricky it is in the digital world. Also, if you ever wonder whether this is legal, the truth is that there is no law in any country in Southeast Asia that specifically address how cookies should be used in line to the right to privacy yet. However, your correct understanding about cookies can be helpful for you to protect yourself.

You cannot completely avoid cookies”

You should know now that it is not practical to completely avoid cookies. The correct information is that some cookies are fine and some cookies are not. Session cookies is necessary for websites to function, and it is not harmful. Persistent cookies remember your preferences. Without them, you will have to fill in the login information like usernames and passwords every single time you visit a website. This might not be convenient but it is good for security reasons. Imagine if your devices are stolen or taken from you involuntarily, the person who has it can easily log in to your Facebook or email simply because the username and password are already there. In terms of tracking cookies, we recommend you to learn how to block it or avoid it with various methods that we will talk about in the later session.

How to Protect Your Own Data and Privacy from Cookies?

Cookies Setting and Policy

The pop-ups that you see when you visit a website is a notification about the website’s cookie policy. Good cookie policy that conforms with the human rights standards is the one that ask for your consent.  

 “It has to ask for your consent”

In order to gain consent, we recommend website owners should set up cookies policies according to the standards set by the General Data Protection Regulation (GDPR), a regulation on data and privacy protection of citizens of the European Union (EU) and European Economic Area (EEA). Here are the recommendations;

  • The pop-up must be shown before any personal data being processed. It should link to both cookies settings and cookies policy.
  • The pop up cannot just says “By browsing this site, you agree to its use of cookies” without providing options for users to “accept” or “reject” cookies.
  • The cookies settings clearly explain the purposes and uses of each cookies. After users make a choice in the cookie settings, it must be possible for them to easily return to the settings in case they have changed their mind.
  • The cookies policy must be transparent and in understandable language. Each cookies is clearly explain in details as well as the duration cookies keep the information.
  • The policy must include the right to be forgotten and clearly explain to those who wish to exercise that right.

Here are some examples;

THAI’s website explains each type of cookies used in its cookies setting. Users can choose whether they would allow their data to be shared with third parties in which the website lists third parties that it shares information with.

Part of the cookies policy from the website of Garuda Indonesia shows cookies names, purposes, types of cookies, and duration that cookies keep the information of users.

Blocking and Clearing Cookies

It is recommended that the third-party cookies are blocked and not just deleted to protect your personal data and privacy. Regarding other types of cookies, clearing can be done as you wish. It is impossible to block session cookies since a website will need them to function. Persistent cookies, performance, and functional cookies can be cleared without disturbing users’ experiences. Here are some instructions on how to do it on both desktop and mobile devices.

Other Methods of Protection

  • Use a secure browser that is known for not tracking user’s information
  • Use web browsers in private mode
  • Installing and ad-blocker or similar adds-on such as the Electronic Frontier Foundation (EFF)’s Privacy Badger
  • Use Virtual Private Network (VPN)
  • Keep yourself up-to-date with regulations related to data and privacy protections.

When you see a pop-up of cookies next time you browse a website, make sure that you take it as an opportunity to protect yourself. Look where the settings is and read the purposes of each cookies. The restaurant reviews and those photos can be fascinating but so does your data and privacy protection.

This article is published under Creative Commons license CC-BY-NC-ND 4.0.

Latest Updates

May 29, 2020
Checking Myths and Facts: COVID-19 Contact Tracing Apps
As tracing apps have become a hype in many countries, governments have been urging people to use them. However, due to privacy concerns, the rate of […]
September 23, 2019
Joint Press Release: The Governments Should Hold Lion Air Responsible over Recent Data Breach Affecting Millions Customers
For Immediate Release: 23/09/2019 Joint Press Release The Governments Should Hold Lion Air Responsible over Recent Data Breach Affecting Millions Customers DigitalReach and Southeast Asia Freedom […]
June 30, 2020
Press Release: Indonesia Government must protect people’s privacy during Its COVID-19 contact tracing efforts
 PRESS RELEASE For Immediate Release: 30/06/2020 Indonesia Government Must Protect People’s Privacy during Its COVID-19 Contact Tracing Efforts Bangkok/Jakarta – In an open letter to the […]