5 times you shouldn't accept cookies

We all encounter cookie consent pop-ups each time we visit a new website. Their adoption by websites has become global, especially since the advent of GDPR, which requires websites to obtain users’ consent to the use of cookies. The banners inform users about the purposes of cookies and provide them with choices and control over the selection of cookies. Users’ consent to the types of cookies permits websites and third-party partners to collect and use their data for remembering user preferences, personalizing content, and targeting advertising purposes.

Cookie banners usually pop up in rectangular boxes at the top or bottom of a website page, with messages displayed in the form of “The website uses cookies to improve your experience. Do you agree?” Some websites design these banners to lure users into easily accepting cookies and also disguise the refusing choices. While many of us, uninformed and hastily, consent to the cookie choices without understanding the privacy repercussions, we may inadvertently expose ourselves to third parties or be subject to targeted advertising.

The risks to privacy posed by cookies beg the question: Should we readily accept cookies? If not, why and when should we avoid accepting cookies or rely on cookie management tools? Let’s start with the basics.

Why websites ask you to accept cookies

Websites ask you to accept cookies primarily to abide by data protection laws that govern online data tracking and transparency. The opt-in provision under GDPR requires websites to obtain explicit consent from users before placing cookies on their devices.

Third-party cookies, which once pioneered the digital advertising space, are now seen as a violation of privacy regulations. To avoid conflict with data protection laws and respect the privacy of users, websites make use of cookie banners to notify users about their use of cookies and give users the option to accept, reject, or manage preferences.

Classification of cookies to clarify selection

Cookies are typically of two types: first-party cookies and third-party cookies.

• First-party cookies are essential for improving the user experience. These cookies remember users’ preferences and login information, which helps in accessing the website each time without the need for re-entering usernames and passwords or managing preferences such as font, language, theme, etc. They also provide insights into user traffic, bounce rates, page load times, etc. that help optimize the website’s performance. These cookies are exempt from the requirement of obtaining user consent.
• Third-party cookies are created by domains other than the websites the user visits. These are used for tracking user behavior across multiple websites, which helps website owners serve relevant advertisements to the users’ needs and interests. These cookies are considered privacy-invasive and are infamous for their use in profiling users. These are categorized as non-essential cookies. Under the GDPR and other data protection laws, websites are required to obtain user consent for the use of third-party cookies.

Impact of accepting or declining cookies

Cookies can remember user preferences. Accepting them results in a personalized browsing experience for users. Login credentials—usernames and passwords—for multiple websites are forgetful. Cookies help users save login credentials and browse the internet uninterrupted.

Session cookies keep users logged into their accounts while they navigate the website and are deleted when the user closes the browser. Persistent cookies remain on users’ devices for a longer time and help users browse websites across multiple sessions without having to repeatedly enter their username and password.

If a user chooses not to accept cookies, websites may not be able to remember their preferences and login credentials, causing an inconvenient and inefficient browsing experience. Let’s take the example of online shopping. Cookies enable sites to track and save all items in a cart as the user continues to browse through a website. If cookies are disabled, every time the user clicks on a new link within a site, all the items in their cart will vanish. It would render online shopping virtually impossible and browsing the site completely impractical.

To cope with this challenge, some websites, by default, choose to exempt essential cookies from the requirement of obtaining user consent for reasons like processing data on the basis of legitimate interests (which ensures the performance of websites) and technical necessity (which ensures the normal functioning of websites).

Five times you shouldn’t accept cookies

1. When using private information

If you’re new to a site that requires sensitive private information like your social security number, financial details, protected health information, or other personal information that you don’t want stored, refuse the cookies right away. Accepting cookies on such sites exposes your personal information to cybercriminals, who can use stolen data for identity theft and other notorious crimes.

2. Third-party cookies

Third-party cookies raise privacy and security concerns. The issue with accepting third-party cookies is that users don’t get to choose the parties with which the website owner may share the data. Users are advised not to grant consent to third-party cookies, as then they willingly grant the permission to sell their data, leaving themselves vulnerable to receiving solicitations.

3. Non-secure websites

Supercookies, a code inserted into HTTP header, can uniquely identify devices on the website and track users across the internet. Such cookies, because of their persistent nature, are hard to wipe out of the system. Users should be cautious of websites using HTTP protocol instead of HTTPs and block third-party cookies by default or use cookie management tools to benefit from features such as automated cookie deletion, cookie blocking, cookie notification, etc.

4. Flagged cookies

Antivirus software flags cookies for several reasons, like malware detection, a website’s history of malicious activity, unauthorized access or attempts to access sensitive data, etc. If your antivirus software flags suspicious cookies, you should avoid accepting them (or immediately delete them if they’re stored on your devices).

5. When disc space is limited

Although cookies by design are lightweight, amassing a lot of them can take up considerable space on your devices. Accumulating a lot of them or if the cookies are particularly complex or resource-intensive can potentially slow down your device’s performance. Third-party cookies increase the number of requests and connections made to external websites, which can affect the browsing experience, especially with a slow or unstable internet connection.

Cookies are double-edged swords. On the positive side, they improve website experience for users, but on the negative side, they pose serious security and privacy risks. The best way to deal with cookies is to take control of them by understanding the difference between good and bad cookies. Ultimately, users’ actions in accepting or rejecting cookies decide the trust in websites. Incorporating trust development as a key differentiator, website owners should encourage the use of compliance-friendly cookie banners that help users make informed decisions in relation to their selection of cookies.

Choose Cassie’s Cookie Management Platform for full compliance and new insight

Cassie’s cookie management platform enables your visitors’ cookie consent preferences to be matched back to a data subject, giving you a holistic and auditable view of your consent relationship.

Build a relationship with a person, not a device, and see your ROI increase with Cassie.

Choose Cassie for:

Complete control over your cookie banner

Any modifications made to Cassie’s first-party data are instantly applied without requiring manual changes, regardless of the number of web domains you have. This is because the data is stored in an AWS S3 bucket.

Cross-device identification

By utilizing a customer identifier (unique to each customer), Cassie is able to match visitors who use multiple devices. This means that once a customer logs into your site or app, their identity can be recognized, and their consent can be transferred, whether they are using a desktop or mobile device.

Cross consent between multiple subdomains

The Cassie platform allows for the display of multiple banners on a single domain, with the added capability of passing consent down to your subdomains.

Extensive APIs

Our platform supports the display of numerous banners on a single domain, and consent can be propagated to your subdomains.

Flexible for global operations

Cassie’s multi-lingual and jurisdictional cookie module will ensure you always align with the various regulations.