Web Cookies 101

We previously highlighted the importance of consent in the collection and processing of personal data as a principle of data protection under the Data Protection Act, 2019 (the Act), whereby the consent is required to be “express, unequivocal, free, specific and an informed indication of the data subject's wishes”. As clear as this may be, there’s also the question on whether we are aware of what we are consenting to i.e. have you read the terms prior to giving your consent or have you merely consented to them just so that you may gain access to the site? Today we highlight one of the most overlooked terms and policies that we consent to, internet cookies, exploring their meaning and import as one of the widely used internet tracking technology. What are cookies? Cookies (more formally known as a HTTP cookie, a web cookie, an internet cookie or a browser cookie) are small pieces of data, such as your web ID, username and password among others, that websites send to your device which the sites then use to monitor and remember certain information about you. When the cookie is exchanged between your computer and the network server, the server reads the ID and knows what information to specifically serve to you. Cookies are commonly used to identify specific users and improve your web browsing experience, usually through relaying information that is specific and unique to you based on your browsing history. Generally, cookies are accepted into our devices and networks as a result of the consent we give to accept the cookies, whether or not we are aware of what accepting them entails. Most commonly, the website contains a pop-up notification requesting for your acceptance of the cookies, with some even stating that you may not be able to enjoy the full experience of the website without accepting them. The question however is whether we read through the pop-up cookie policy to know exactly what this means and if there may be anything we do not agree with. Are cookies dangerous? While internet cookies are fashioned to improve your web user experience, they may be maliciously used to track and spy on you and compromise your online privacy. Likewise, some can even be used to track you without your consent. Though cookies generated by websites that you are using are generally safe so long as the sites you visit are credible, third party cookies may be generated by other websites which are linked on the primary website you are visiting without you necessarily having to open them. This would mean that these third-party websites have access to your browsing information and can use it to curate an experience for you without your prompting or express permission and consent. This explains the advertisements and suggestions that show on your device without your prompting. Some specific cookies are even more dangerous as they permanently embed on your device. How can you protect yourself from harmful cookies? The Act recognises online IDs and location data as personal data that is subject to its provisions, meaning such information should be collected and processed in line with the principles of data protection. As a data subject, you have a right to have your data collected for a specified purpose (improve your web experience, as may be in the case of internet cookies) and not to be processed for any other purpose (spying and conducting analytics of consumer/user behaviors) without your express permission. To protect yourself, ensure that you visit and browse credible sites which have trustworthy data protection mechanisms and policies, including a website cookie policy, also take note of the terms and implications of accepting cookies when browsing a particular site to be able to steer clear of prejudicial terms that may allow for spying or misuse of your personal data. In addition, consider whether it is necessary to accept or decline cookies, if the visit to the particular site is merely a one-time thing. In line with your rights as a data subject you may elect to remove cookies and reset your browser tracking. Various tools are available online for removal of cookies. You may also browse anonymously on the internet by using a virtual private network (VPN) which is an encrypted network that prevents unauthorised persons from spying and tracking your web usage. Always prioritise your safety and privacy while browsing the internet and also be aware of the avenues of recourse under the Act. Whichever the case, always prioritise your safety and privacy while browsing the internet and when the same is violated, note that there are ample provisions in law for enforcement of your privacy rights and you are never without reprieve.