We have grouped cookies depending on who manages them, the length of their activity, and the purpose they are used for, although there might be other ways of classification, for its use is very extended:
1. Depending on who manages them:
- First-party cookies: these are sent from a domain, which provides any demanded service and that is managed by an editor, directly to the user´s terminal.
- Third-party cookies: these ones are sent from a domain, which is not managed by the editor, but by another entity that handles all data obtained through cookies, to the user´s terminal. In case that the information collected by cookies is not managed by the editor, even though those cookies are managed by that editor, these cannot be considered as first-party cookies, but as third-party ones.
2. Depending on how long a cookie is active:
- Session cookies: these cookies are designed to collect and store data while user accesses a website. They are usually used to store certain information needed just to render a demanded service during the session in course (i.e.: a list of ordered products).
- Persistent cookies: this kind of cookies is stored in the user terminal and can be accessed and used during a limited period of time – which can go from a few minutes to several years.
3. Depending on their purpose:
- Technical cookies: they are the cookies that allow navigation through a webpage, platform or application, as well as the use of the different options and services contained in it, like, for example, the control of data traffic and communication, the identification of sessions, the access to restricted sections, the storage of a list of items to order, the possibility of making effective the payment of an order, the validation of a subscription request, the use of security components during navigation, the storage of contents for media diffusion, or the possibility of sharing content through social network.
- Personalization cookies: these allow users to access web service counting with some predetermined general characteristics depending on some information obtained from the user´s terminal, such as user´s regional and language settings, which browser is used to access, etc.
- Analysis cookies: using these cookies, their responsible is able to track and analyze users´ behaviour while using those websites the cookies in question are linked to. The information summoned through them is used to measure the activity of websites, applications, and platforms, so as to build up the profiles of those users who access them. By this, websites, applications and platforms can improve their service depending on the collected data of users and their activity.
4. Depending on their purpose:
In regard to the treatment of collected data through analysis cookies, the working group on the article 29 has manifested that, being bound by law to ask for users´ consent, it is unlikely that these cookies represent a threat to user´s privacy as long as they are first-party cookies that manage information only for statistic purposes. They must also provide any information about its use and must offer the possibility for the user to refuse consent.
- Advertising cookies: these cookies permit the management, on the most efficient way, of advertising spaces which might be included by the editor in a webpage, application or platform from which a demanded service is given. Such management is based on, for example, the edited content or the frequency with which the ads are shown.
- Behavioral advertising cookies: these cookies permit the management, on the most efficient way, of advertising spaces which might be included by the editor in a webpage, application or platform from which a demanded service is given. They store behavioral information of users obtained by tracking their navigation habits, and this warrant the creation and development of a specific user profile which the publicity is adapted to.
Cookies play a very important role in users´ privacy and anonymity. Although they are sent just to their defining server or to another server located in the same domain, a web page can include images or components stored in servers located in other domains. Every cookie created during a request of any of these components in external servers is called ‘third-party cookie’.
Publicity agencies use third-party cookies to track users throughout the course of their activity. In fact, an agency can monitor a specific user through all the pages where any of its advertisements or web bugs is shown. The recording of a user´s activity allows this kind of companies to select and distribute their advertisements depending on the possible user´s preferences.
The creation of such user profile has been considered a potential threat to privacy, even in those cases in which the tracking is limited to a single domain. It is especially serious when this tracking is carried out through multiple domains, by making use of third-party cookies and not informing the user on a proper way.
Since cookies are created and managed by webs, applications and services which we connect to they can be used for any purpose, and if their information belongs to an encrypted storage it will be truly difficult, for a beginner user, to know what information is being stored in each cookie.
The EU administration on telecoms and data protection dictates rules on cookies usage. In particular, the article 5, paragraph 3, stipulates that data storage (like cookies) in users´ devices can only be done if:
- The user has been informed about how that data will be used.
- The user has the possibility to reject consent.
In spite of it, this article also establishes that data storage will be exceptionally permitted if that data is needed for any technical reason.
Cookies can be totally blocked, cleared every time our browser is closed, admitted or blocked for specific websites or enabled for every visited website.
In your browser, and by accessing its privacy settings, any of these modifications can be introduced. Most of modern browsers support cookies allowing us to choose and customize the acceptance of cookies. Normally, the user is given these options; Disable cookies for specific domains, Disable third-party cookies, Disable support for persistent cookies (they will be cleared every time your browser is closed), Enable cookies setting for a different domain. In addition, the user can be also given the option of seeing and deleting cookies individually.
There are also plug-ins thought for the purpose of managing cookies in a more specific way and even to enable only those cookies which we want to share our information with.
Finally, we suggest users not to introduce personal data in any website, but in those where it is absolutely indispensible for the functioning of the webpage.