This page aims to give general information about cookies, to help you understand what they are, why your site may be using them, and why some people have concerns about their use.
We find that Safari [download] is one of the best browsers for quickly determining what cookies are being set, because it shows up any 'third-party' cookies your site is setting and you can keep the cookies window open while browsing to see them being set in real-time:
Although you should provide information about all your cookies, not all require consent. Some cookies which are essential for certain functions are exempt from requiring consent, and so you should consult with the ICO or an IT technician with knowledge of the law to determine whether or not in their view it is likely that you need consent for your cookies.
If your website is fairly simple, then the likelihood is that required modifications are likely to be similarly simple in nature and, so, becoming compliant will probably be inexpensive and hassle-free.
In other more complex cases, it may be necessary for code to be fundamentially re-written to prevent cookies which the law regards as non-essential from being set without permission.
We can provide a brief audit of your website for you free of charge, and we can also provide cost-effective solutions for most websites. In most cases we would anticipate this to be a low fixed fee, but will give you a formal quote or estimate prior to proceeding with any work.
A cookie is usually just a small text file that is saved in your computer's web browser. The web server (the machine that sends the web page to your computer's web browser) can read and access the cookies that it sets in your computer's web browser (but not the cookies that belong to other sites), and this makes the cookie useful to websites for many purposes. One of the most common uses of the cookie is to simply store a unique identifier in it (usually a randomly generated sequence of letters and numbers) that enables the web server to recognise that when you make a request (for example, clicking on a link) that it was you that did this rather than some other visitor. This can have multiple uses, both for the web server owner and you:
If you run spyware scans on your computer, you will be familiar with the term 'Tracking Cookie' that you'll no doubt have been prompted to remove. Not all (and possibly none) of these 'Tracking Cookies' are anything to be concerned about, but some may be and it is these particular tracking cookies that have primarily caused some people to be concerned about cookie use.
A 'Tracking Cookie', simply put, is a cookie that has the capability of tracking your actions. Possibly this will be limited to tracking non-identifable movements about a particular site, how people got there and at what point they left, to track trends. This use is common on websites, and are used for analytics purposes to help website owners improve their offer. For example, very helpful to a website owner is to know where most of their visitors come from. Similarly useful is to know if there is a particular page where lots of people leave. An online shop owner who finds out that a large number of their shoppers leave their store at the checkout stage will want to check that their checkout is working properly, and also that any checkout stage charges that are being applied (for example, postage costs) aren't too high. Google Analytics is one such example that websites often use to provide this sort of information.
Unfortunately, it has been perceived by some that some tracking cookies have been going much further than this, and this is why some people have concerns about these types of cookies.
A first party cookie is a cookie set directly by the site you are visiting. A third party cookie is a cookie set by another site when you visit the first site. Two examples of this are a) advertising. Many sites integrate adverts from third party sources into their sites. Although it appears these adverts are on the same page as the content of the site, actually they are being pulled from elsewhere. The cookies that these set can do things like try to target suitable adverts at the person browsing, or may be used to remember the site that the person clicked through from to ensure they get payment or commission, and b) if a site uses a third party plugin on their site that enables say a discussion forum or chat facility then that plugin may need to set a cookie to work properly. Because the plugin is being pulled into the site from elsewhere, any cookies that it sets will be from the place where the plugin comes from, not the site you are visiting.
The 'why' around third party cookies is simple: A website can only read and write cookies that it sets itself. This is an inherent part of the security of cookies. If XYZ website sets a cookie on your computer, ABC website cannot see it. As such, if part of a webpage is coming from a different location on the internet, then that part of the webpage can only set a cookie for the location that part of the webpage came from.