Cookies, or what your broser is not telling you
Your browser keeps a secret. We'll reveal it to you and tell you about cookies at the same time.
A typical situation: you read your favorite Internet resources, "scroll" the news feed in social networks, choose clothes or products in online stores (marketplaces). As you "consume" content, the results of your activity accumulate in cookies. You become subject to surveillance. To find out if cookies are something to be wary of, here's a longread.
1
Cookies: What it is

The definition of coocies cannot be found in Russian legislation. The only reference to them is in Order No. 73-p of the Federal State Unitary Enterprise "Russian Post" from 21.02.2019.


Cookies in the above Act refer to small fragments of text sent to the browser from the site visited by the user. These fragments contain information about the user's "clicks", language preferences, settings. The definition given seems to be not entirely accurate, so we propose to deal with it a little closer

Cookies
A small piece of data requested by a website from the browser used on a user's computer or mobile device
Purpose of Cookies
Cookies reflect a user's preferences and are collected for the following purposes:
  • Collection of statistics;
  • Authenticating the user;
  • Tracking the status of the user's access session.
  • To optimize service and improve quality of service.
Storing Cookies

Cookies are stored locally on the computer or mobile device so that the user can delete stored cookies in the browser settings if desired. Some cookies, called “zombie cookies”, are harder to delete.

From our review of websites, we found that most websites integrate one of four types of cookies:
  • Session cookies - Cookies that are saved in the user's browser only for the duration of a session in the browser, that is, until the end of the work with a particular site.
  • Persistent Cookies - Cookies that are saved in the browser for a set period of time after the browser session is over. Generally, these files are saved on the hard drive of the device through which the user accessed the site, and can be independently deleted by the user by changing the browser settings, or they disappear after a certain period of time.
  • Major - Cookies, that are set on the user's device through the site, whose domain name is shown in the address bar of the browser.[1]
  • External - Cookies that are installed indirectly, for example, by a marketplace or analytics system (Google Analytics, Calltouch, Yandex.Metrika, etc.).

[1] Cookie policy // PWC: Academy [Electronic resource]. URL: https://training.pwc.ru/policy/cookie/ (accessed 18.04.2022).

Classification of cookies according to the intended use

There are also categories of Cookies, qualified by the targeted use of such files:

  • Strictly mandatory - Cookies necessary to view the content of the site and access its functionality, such as the marketplace shopping basket, which retains the user's selected items even when the user ends the session. Such files often belong to the main type. Without them it is impossible to use the information resource. Therefore, subject to notification, consent to their use is not required.
  • Functional - Cookies, focused on adapting the site to user preferences. These files remember your language, username, and password, as well as other parameters that increase the effectiveness of user interaction with the information resource.
  • Statistical - Cookies used exclusively for statistical purposes. Thus, developers can adjust the site, focusing on the indicators of "period of user activity", "traffic sources", etc., to improve its functionality.
  • Marketing - cookies that read the user's activity on the information resource to generate advertising content. Such files are, in the vast majority of cases, third-party and persistent. Their use is not only limited to the owner of the site - they can be transferred to advertisers, social networks, etc.

All marketing, statistical and functional cookies are considered to be set on the user's device only with the user's consent.
2

Cookies as personal data

A broad approach to the interpretation of personal data has led to the inclusion of cookies. Let us remind you that personal data is any information that directly or indirectly relates to a specific or identified individual.
What information is contained in cookies?
Information contained in a cookie can potentially contain personal information, such as an IP address, a username, an email address, but it can also contain non-personal information, such as the language setting or the operating system of a device. At the same time, the use of additional information can turn such data into personal data - for example, information about the language of the user together with the IP-address of the device allows you to distinguish the person from other visitors to the site.

A similar approach has been adopted in European law, aided by the findings of the Data Protection Working Party 29. They state that information such as gender and age, preferences and interests can be deduced based on what web pages a user visits and what links a user «clicks». Following Europe, Cookies are now considered personal data under Article 24 of the California Consumer Privacy Protection Act.
3
Cookies in the case law
The most famous case on the subject at hand was the court dispute Vidal-Hall v. Google (2015). Using cookies, Google collected information about users' Internet traffic. The plaintiffs, being unaware of the defendant's illegal practices, they insisted that the defendant be held liable for violating the use of cookies, personal data that allows users to be identified.


The court took the position of the plaintiffs and answered positively the question of classifying cookies as personal data, since they "without naming the subject directly ... allow to distinguish him from the crowd of users, therefore, they meet the identification criterion".

The French regulatory authority for the protection of personal data (CNIL) strictly regulates the use of cookies. In 2020, the CNIL fined Google 100 million euros for using cookies without user consent. In 2021, the corporation was fined another 150 million, for not making it easy for users to decline the use of cookies. After that, Google added a "reject all cookies" button to YouTube and its search engine.

Conclusions
Now you know that your activity on websites is personal data collected in the cookies stored in the browser of your smart device. Such a convenient configuration of marketplace sites and other information resources is largely due to the integration of files that track your "clicks. At the same time, as long as cookies relate to personal data, you should not forget about the risks of invading your privacy. Leveling them out is simple enough.

We'll give you some practical advice:
  • Review notifications from websites about the use of cookies.
  • Choose strictly mandatory cookies, excluding the use of all other types of cookies.
  • Delete Cookies in your browser settings as needed.
Congratulations to you! You're one step closer to mastering the basics of "digital literacy." To fill in the "gaps" in your knowledge, check out our other longreads.