What are Cookies?

We know “cookies” primarily as data packets generated by web browsers and internet pages that store in­di­vidu­al user data. Ori­gin­ally they were known as “Magic Cookies”: The term refers to all generic data packages that are exchanged between computer ap­plic­a­tions. On the internet, data packets were finally added in the form of HTTP cookies, which web ap­plic­a­tions use to collect personal data, for example to store login data, surfing behaviour, settings, and actions in web ap­plic­a­tions (such as the "shopping baskets" in online shops).

A website re­cog­nises who is currently visiting by using cookies, and can therefore adapt to a user’s needs to a certain extent. The storage of data by cookies therefore has a no­tice­able effect on the user. In addition, cookies now also play an important role in online marketing.

Cookies are small text files that the web browser stores on the computer (either in the browser folder itself or under the program data). The first time you visit a page on the internet, a new cookie is created, which collects the in­form­a­tion that can be accessed by the website operator. However, some browsers store all cookies in a single file. The in­form­a­tion in this text file is in turn sub­divided into at­trib­utes that are included in­di­vidu­ally. The most common at­trib­utes include:

• A randomly generated and unique number that is used to recognise your computer. This makes web ap­plic­a­tions such as online shops and online banking possible: The website "remembers" you ac­cord­ingly, so that, for example, the pre­vi­ously selected goods do not disappear from your shopping basket every time you call up a new page.
• The domain name, i.e. the website to which the cookie refers. A website visit can also generate several cookies if, for example, image files are hosted on another server.
• User settings such as language and special pref­er­ences. The website operator does not want to force the user to adjust the website according to their needs each time they visit it. Therefore, such settings are stored by cookies.
• Time spent on the website or in­di­vidu­al sub-pages. This data is collected for stat­ist­ic­al eval­u­ation.
• Data entered by the user via web forms – such as e-mail address, name, or telephone number. This also includes search terms entered in search masks.
• Visited sub-pages such as product pages in online shops. This data is highly relevant for online marketing.
• Meta data such as the expiry date or time of a cookie, the path, and the security spe­cific­a­tions (e.g. “HTTPS only”). While some cookies are deleted after leaving the website (which is par­tic­u­larly common in online banking), other cookies remain for years.

Web cookies are stored primarily on the client side, but the server operator has the option of obtaining their own copy of these so-called first-party-cookies when the cookies are sent back by the browser. First and foremost, cookies ensure a more user-friendly web ex­per­i­ence, which records the user and their surfing habits and adapts the visited websites and web functions to them without being asked.

However, the data stored in cookies is also very in­ter­est­ing for website operators, as they can derive stat­ist­ics and draw con­clu­sions about the surfing behaviour of visitors. Fur­ther­more, server-side cookies enable the creation of user profiles. It is these user profiles that enable targeting – which is the basis for per­son­al­ized ad­vert­ising.

In this context, so-called third-party-cookies are par­tic­u­larly effective: they are usually set unnoticed by third parties and spy on the surfing behaviour of users, usually over a long time and on different servers. For example, if you visit health-related websites fre­quently, you are likely to see more ad­vert­ise­ments for phar­ma­ceut­ic­als– even on websites that have nothing to do with the topic. Another user is likely to see different ad­vert­ising on the same website because their user profile reveals interest in a different subject area. Data pro­tec­tion­ists therefore see cookies as the main cause for “trans­par­ent users” whose traces on the internet are misused for marketing purposes such as be­ha­vi­our­al targeting.

Some users probably hadn't even noticed the existence of cookies until the new EU Directive 2009/136/EC came into action, whereby website operators require their visitors to be informed about the storage of user-relevant data. Since then, when you visit European websites for the first time, you must accept the use of cookies. With one click or further use of the website you then agree that your data will be stored – both locally on your computer and on the server side.

In common web browsers you have several pos­sib­il­it­ies to manage your cookies yourself. You can delete existing cookies, de­ac­tiv­ate them and activate them again. How you handle your cookies naturally depends on your surfing behaviour and your interest in pro­tect­ing your data.

Web cookies are a double-edged sword: the debate about data pro­tec­tion still reveals dis­agree­ment about how cookies should be handled. Keep in mind that cookies primarily fa­cil­it­ate web browsing by making pre­vi­ously-visited web pages more user-friendly. We therefore advise against com­pletely de­ac­tiv­at­ing cookies at this point.

However, we do recommend that you review any website that wishes to store cookies. Most browsers allow partial blocking of cookies. Use it if you don't feel safe on a par­tic­u­lar website. Basically, however, the most dangerous thing is the data you enter yourself. Cookies, for example, cannot uncover your e-mail address and other sensitive data unless you enter it yourself using a web form.

In addition, the recent EU-Cookie-directive calls for greater trans­par­ency in the handling of cookies by website operators. If you visit a website that does not inform you suf­fi­ciently about the use of cookies, you should be sceptical and de­ac­tiv­ate the cookies for the site if necessary.

In the following videos, you can see how to delete cookies in the Chrome or Firefox browser: