Strategie mit Wurzeln. Wachstum mit Wirkung.
HomeLexiconCookie

Cookie

Cookies are text files that websites store on the device to enable sessions, settings, and tracking. A distinction is made between first- and third-party. In the EU, only necessary cookies are allowed without opt-in.

In the internet industry and online marketing, a cookie is not understood as a biscuit, but as a text file. It stores data and information about websites accessed by the user during an internet session. The server places it on the user's computer. This can be done in a single file on the computer's hard drive or in individual files. This can vary depending on the web browser. Usually, information about the visited website, the content, and the time is stored—respectively until when the cookie is valid. The file may only be archived for a specific period. Some cookies are programmed to delete themselves after a certain duration.

This technology was developed by the American programmer Lou Montulli. In 1994, he was looking for a solution to make his computer "remember" websites he had already visited. He initially called his development a "persistent client state object," which was supposed to be a kind of "memory of the internet." He referred to the text file as a cookie because programmers had previously called programs used to identify accessed pages "magic cookie."

First-party tracking and third-party tracking cookies

One distinguishes between two types of these text files. The first-party tracking cookies are created and stored by Google and other search engines, the currently used browser, or the current website. Third-party tracking files, on the other hand, are used by third parties. This occurs, for example, in retargeting: A visitor to a website is marked. Based on their interests, targeted advertising is later displayed on another page.

Use and criticism

In the spirit of programmer Montulli, cookies are meant to make interacting with websites easier. They are intended to save users time, for example during new sign-ups on websites, as they store personal settings. Additionally, the files are helpful in the event of server connection interruptions if data entry has just taken place. This way, users don't have to re-enter all the information. Online shops can also provide an advantage to their users by saving a session ID via cookies that assigns the respective shopping cart. Moreover, there are other reasons why websites want to set a cookie - including to trace users' search behavior. Other websites require the acceptance of cookies to use, which leads to criticism of the text files: the visitor can only use the website if they reveal information about themselves. Informational self-determination and data protection are therefore not possible. Critics fear too much intrusion into privacy. The only alternative: Don't use the website!

Manipulative methods: undesirable!

By uniquely identifying the client (user's computer), websites can perform tracking and consequently send targeted advertising or similar. The visit to multiple websites can thus also be clearly assigned to a user. As part of manipulative methods, websites can set cookies even without the visitor's actions. This is called cookie dropping, where a click on, for example, an advertisement is artificially generated. Among other reasons, this led to the adoption of the so-called "Cookie" Directive (2009/136/EC) by the European Union in 2009, known as the ePrivacy Directive.

GDPR and co.: the current legislation

The ePrivacy Directive was one of the efforts by the European Union to ensure privacy and data protection on the World Wide Web. Another was the GDPR. In this context, many regulations regarding sensitive user data have changed across Europe. For example, the new regulation states that only technically necessary cookies are allowed without consent. For all others, consent is required through an opt-in procedure. In other words, the user must be informed about the cookies and actively give their permission by clicking a checkbox.

On this basis, in 2020 the Federal Court of Justice (BGH) decided that the use of cookies is only legitimate if users actively consent. On December 1, 2021, the Telecommunications and Telemedia Data Protection Act (TTDSG) came into effect, which legally mandated this opt-in requirement.

Google and cookies – what does the future look like?

Although the search engine has often hinted at ending third-party cookies, it is now expected to happen in 2024. Then the Chrome browser will phase out these well-known text files. As an alternative technology, API Topics come into play, which are still controversial among consumers and data protectionists. It can be assumed that this technology will also be subject to legal rulings and thus relevant for shop creation.