A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago).
Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
How are they used?
What are the different types of cookies?
A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:
- session cookie which is erased when the user closes the browser or
- persistent cookie which remains on the user's computer/device for a pre-defined period of time.
As for the domain to which it belongs, there are either:
first-party cookies which are set by the web server of the visited page and share the same domain
Cookies for EU Residents
EUROPA websites must follow the Commission's guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily.
The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage or for access to information stored on a user's terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.
For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the individual's wishes.
However, some cookies are exempt from this requirement. Consent is not required if the cookie is:
used for the sole purpose of carrying out the transmission of a communication, and strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
Some Cookies are clearly exempt from consent according to the EU advisory body on data protection - WP29.
For more information about which cookies can be used in EUROPA and general guidelines please read the European Commission Page on Cookies.