Let’s snack on some cookie info and clear up some of the stigma associated with them by explaining what they are and how they’re used. Then you can make more of an educated decision about whether to accept or decline the cookie and choose how to handle them on your own website.
No, unfortunately I’m not talking about little sugary nuggets of baked goodness. The cookies in question are internet or web cookies. They are a type of message that’s given to a web browser by a web server allowing websites to store information on your machine. They were developed in 1994 by Netscape to make shopping carts for e-commerce stores possible.
There are different types of cookies. You could have a bottomless basket of cookies for example, those would be persistent cookies. These types stay valid until they reach an expiration date, like asking a site to remember your login information. There are also session cookies, these go away at the end of your session, or visit, on a website.
There are first party cookies and third party cookies. First party is for things like ecommerce allowing people do to things like buy multiple items at once (without cookies you’d be forced to buy each item separately)…Third party cookies are mainly used by advertisers to target advertising, like when you shop for rainboots on a website and then suddenly you see those boots on every site you visit, those are cookies in action.
Some cookies bring joy. In this way web cookies are a kin to their baked namesakes. They make websites better for users. They can customize a web page to your preferences by adjusting layouts, regional information and more. Cookies enable ecommerce, allowing you to add and keep items in your shopping cart even if you leave a site. Using cookies, you can save your login information on a specific computer so you don’t have to re-enter it every time you go to login to a frequently-visited site.
A website doesn’t necessarily need cookies to track what you’re doing on the site, but cookies make tracking easier and more accurate for sites that use them. Tracking user behavior through platforms like Google Analytics allows the website owner to better understand how people use their website. Using this information, they learn how to improve the website for users and gauge the success of their marketing endeavors. These are usually session cookies, meaning they’re only active while you’re on the site.
Those third party cookies, generally also persistent, stick around for a while and allow marketers to serve ads on other websites based on your interests. For example, you could show an ad to people on Facebook because they visited your website. This style of targeting varies based on the ad platform you use, it’s usually called remarketing or retargeting. It can be a pretty effective way to drive traffic back to your site because you’re talking to people who already found you on their own. It can be annoying, though, if the advertiser has their campaign set up aggressively. Some people object to the way ad platforms are utilizing the information gathered by this type of cookie, which I’ll discuss in just a bit.
Cookies are pretty safe. They don’t run code or deliver a virus. The nature of a cookie isn’t to access your personal information. They are limited to one website and one machine so they’re not available for consumption by others. For example, if you add things to your shopping cart on Old Navy, those items don’t show up in your Amazon cart. And if you save your login on Facebook on your laptop, you’re not automatically logged in on your desktop computer or mobile device.
Again, cookies don’t share your personal information with a website, you make that decision. Facebook knows who you are because you gave that information when you signed up. The same goes for other sites you frequent. That information isn’t stored in a cookie. It’s stored in a database attached to the website.
This is not the first time cookies have been under scrutiny. When they first came about, all browsers used them, without the ability to disable them. A debate sprung in 1996 that resulted in the Internet Engineering Task Force (IETF) creating requirements for users to opt-in to cookies. Unfortunately, not everyone followed those specifications, which is likely why it’s still being sorted through today.
As I’m writing this in January 2020, there are three initiatives pushing for opt-in cookie compliance (among other things). The EU, General Data Protection Regulation (GDPR), and E Privacy Regulation, as well as the California Consumer Privacy Act (CCPA) based in the state of California. All three classify web cookies as unique identifiers considered to be personal information. While a cookie doesn’t share your actual personal information, it does track how you use a website, which helps marketers and business owners place users into groups and identify common behavior patterns.
While most cookies are only site-specific, major ad platforms like DoubleClick, Google Search Network, and Facebook Audience Network have cookies on lots of websites. And because they serve ads all over the web they can track users behaviors across many sites. As they combine those user patterns they can develop very rich user profiles about visitors. Some folks are creeped out about this. I believe this could be a big push behind the recent privacy initiatives.
Before we completely freak out about the injustice of all this, I think we need to take a moment to put it in perspective. Advertisers have been doing this in one form or another for pretty much forever. When you place an ad in a magazine or newspaper they’re giving you access to their users. When you buy a mailing list, where do you think that information comes from? You guessed it, other businesses who are willing to sell the information. And let me tell you, if you donate to a non-profit who uses a telemarketing service, you will never shake those folks. Those telemarketers will relentlessly call you on behalf of other non-profits who subscribe to the same service. They call me like 4 times a day because I donated $20 over a year ago. (OMG, is this a scam? Someone tell me how to make it stop!!!)
Some of these traditional examples feel OK, just like some cookies feel OK, others are disruptive and downright stalkerish. And that’s the gray area we’re working with here. Do we know the terms of service for all those directory websites our businesses are listed in? What are they doing with the information they collect?
A cookie is a conversation between your browser and a server, right? Unfortunately, you don’t have any control over where the websites you visit are hosted (the server), but you can choose your own browser. Whichever you choose, make sure it’s up to date; older versions don’t offer the same cookie control!
It’s way easier than I thought it would be. Open an incognito window in Chrome (Ctrl + Shift + N for your shortcut lovers out there) and go to your website.
You’ll need to open up the developer tools (DevTools). Just hit Ctrl + Shift + I, press your F12 key, or navigate to the right and locate “More Tools” and then “Developer tools” in your browser menu.
Once developer tools are open, click on the Applications tab. Then, click the cookies link on the left — it will list the cookies used on your website.
The cookies with the domain listed as your own, in my example “.mayecreate.com”, are first party cookies. Those listed with other domains, such as “.doubleclick.net”, are third party cookies.
This is the one I found that didn’t require me to sign up for a free trial or give my email to get the results. It confirms the same cookies displayed on my browser developers tab but has a less techy and more user-friendly interface.
Any site receiving traffic from Europe or California is supposed to follow their rules. Which believe it or not, even though I’m nestled in the good ol’ Midwest US of A, every website I monitor has traffic from those locations. EVERY SITE. Don’t kid yourself by thinking because you’re located in Iowa, you’re all good. The World Wide Web really is world-wide, and people from all over find websites for the darndest reasons.
You could do nothing. Not sure how long that would fly, but for now, you can do nothing. It’s not going to comply with the GDPR, E privacy regulation, or CCPA, or Google. But maybe you just don’t care. Also, who knows how long it will be before search engines start penalizing people for not doing so? They could be doing it right now, and we just don’t know it… or it could be years.
You could disregard cookie notifications and just block traffic from Europe and California, ‘cause you don’t care about those folks anyway.
Or, just an idea, maybe a good place to start is by telling people. And when you’re explaining the cookies, do it in a way that anyone can understand, techno-babble is scary. Not the musical kind of techno. Not sure if that kind of techno-babble is scary…
Maybe use correct grammar on your notification, though… 😏
Gaining visitor agreement is all in the formatting. And there are sooo many ways to format. Here’s one way I think would result in less opt outs, because visitors have to click and go to another page to control their settings:
Here’s a robust example giving people an option right away:
This is a prime example of great user experience, but what about self preservation? I’m very torn on what’s ethical as far as how these notifications should be formatted. Fortunately, the decision isn’t up to me! It’s up to you. I’m just here to give you ideas with which you can make an educated decision that’s right for you.
Even if you choose an all-in-one solution service, you’ll still need to implement it. You don’t just sign up and have it magically appear on your site. Your site and the service have to talk to one another, and someone has to make that happen. The services are billed monthly or annually. I haven’t used any — I am a total DIY lady unless I can’t find a way to handle it myself, but I did come across these quite a few times in my searches:
DIY is always tricky at first, and you’ll need to make sure to set up and test each of these options diligently to make sure you meet compliance (EZIGDPR and CookieMetrix offer free scans). We use WordPress to power all of our websites, so we’ll handle the functionality through a plugin. The plugins we’re in the process of testing in particular order are:
Cookies are secure ways for browsers and servers to talk back and forth. They are used to adjust your user experience, track user behaviors, and target ads. Like any other baked treat, a little bit of cookie is super tasty, but too many cookies can make your tummy hurt.
You don’t have to be scared of the cookie pop-up anymore. The choice is in your hand, quite literally, with the click of a mouse. You can choose to accept cookies and go about business as you always have, or you can choose to decline them and use sites anonymously without the benefits (or shortcomings) cookies can offer. So grab a plate of chocolate chippers and enjoy.
Other great resources to research the topic yourself:
Monica is the creative force and founder of MayeCreate. She has a Bachelor of Science in Agriculture with an emphasis in Economics, Education and Plant Science from the University of Missouri. Monica possesses a rare combination of design savvy and technological know-how. Her clients know this quite well. Her passion for making friends and helping businesses grow gives her the skills she needs to make sure that each client, or friend, gets the attention and service he or she deserves.
© MayeCreate Design 2020 | 573-447-1836 | [email protected] | 700 Cherry St. Suite C, Columbia, MO 65201