What are cookies?

We know “cookies” primarily as data packets generated by web browsers and internet pages that store individual user data. Originally they were known as “Magic Cookies”: The term refers to all generic data packages that are exchanged between computer applications. On the internet, data packets were finally added in the form of HTTP cookies, which web applications use to collect personal data, for example to store login data, surfing behaviour, settings, and actions in web applications (such as the "shopping baskets" in online shops).

Definition

Cookies are data packets that are exchanged between computer programs. In general, HTTP cookies are used by websites to store user data locally and on the server side in order to make individual functions and web applications such as online shops, social networks, and forums more user-friendly.

A website recognises who is currently visiting by using cookies, and can therefore adapt to a user’s needs to a certain extent. The storage of data by cookies therefore has a noticeable effect on the user. In addition, cookies now also play an important role in online marketing.

What are cookies and what data do they collect?

Cookies are small text files that the web browser stores on the computer (either in the browser folder itself or under the program data). The first time you visit a page on the internet, a new cookie is created, which collects the information that can be accessed by the website operator. However, some browsers store all cookies in a single file. The information in this text file is in turn subdivided into attributes that are included individually. The most common attributes include:

  • A randomly generated and unique number that is used to recognise your computer. This makes web applications such as online shops and online banking possible: The website "remembers" you accordingly, so that, for example, the previously selected goods do not disappear from your shopping basket every time you call up a new page.
  • The domain name, i.e. the website to which the cookie refers. A website visit can also generate several cookies if, for example, image files are hosted on another server.
  • User settings such as language and special preferences. The website operator does not want to force the user to adjust the website according to their needs each time they visit it. Therefore, such settings are stored by cookies.
  • Time spent on the website or individual sub-pages. This data is collected for statistical evaluation.
  • Data entered by the user via web forms – such as e-mail address, name, or telephone number. This also includes search terms entered in search masks.
  • Visited sub-pages such as product pages in online shops. This data is highly relevant for online marketing.
  • Meta data such as the expiry date or time of a cookie, the path, and the security specifications (e.g. “HTTPS only”). While some cookies are deleted after leaving the website (which is particularly common in online banking), other cookies remain for years.

Who saves cookies and why?

Web cookies are stored primarily on the client side, but the server operator has the option of obtaining their own copy of these so-called first-party-cookies when the cookies are sent back by the browser. First and foremost, cookies ensure a more user-friendly web experience, which records the user and their surfing habits and adapts the visited websites and web functions to them without being asked.

However, the data stored in cookies is also very interesting for website operators, as they can derive statistics and draw conclusions about the surfing behaviour of visitors. Furthermore, server-side cookies enable the creation of user profiles. It is these user profiles that enable targeting – which is the basis for personalized advertising.

In this context, so-called third-party-cookies are particularly effective: they are usually set unnoticed by third parties and spy on the surfing behaviour of users, usually over a long time and on different servers. For example, if you visit health-related websites frequently, you are likely to see more advertisements for pharmaceuticals– even on websites that have nothing to do with the topic. Another user is likely to see different advertising on the same website because their user profile reveals interest in a different subject area. Data protectionists therefore see cookies as the main cause for “transparent users” whose traces on the internet are misused for marketing purposes such as behavioural targeting.

Some users probably hadn't even noticed the existence of cookies until the new EU Directive 2009/136/EC came into action, whereby website operators require their visitors to be informed about the storage of user-relevant data. Since then, when you visit European websites for the first time, you must accept the use of cookies. With one click or further use of the website you then agree that your data will be stored – both locally on your computer and on the server side.

Tip

On public and shared computers, you should be especially careful what data you leave on a website. The locally stored cookie is theoretically accessible by any subsequent computer user, so your personal data may fall into the wrong hands.

What options are there when dealing with cookies?

In common web browsers you have several possibilities to manage your cookies yourself. You can delete existing cookies, deactivate them and activate them again. How you handle your cookies naturally depends on your surfing behaviour and your interest in protecting your data.

Are cookies dangerous?

Web cookies are a double-edged sword: the debate about data protection still reveals disagreement about how cookies should be handled. Keep in mind that cookies primarily facilitate web browsing by making previously-visited web pages more user-friendly. We therefore advise against completely deactivating cookies at this point.

However, we do recommend that you review any website that wishes to store cookies. Most browsers allow partial blocking of cookies. Use it if you don't feel safe on a particular website. Basically, however, the most dangerous thing is the data you enter yourself. Cookies, for example, cannot uncover your e-mail address and other sensitive data unless you enter it yourself using a web form.

In addition, the recent EU-Cookie-directive calls for greater transparency in the handling of cookies by website operators. If you visit a website that does not inform you sufficiently about the use of cookies, you should be sceptical and deactivate the cookies for the site if necessary.

Tip

Some browsers allow persistent cookies to be blocked or generated only with permission. Only cookies that delete themselves after the session has ended are then permitted. This solves the problem that persistent cookies store your data locally and on the server side.