What is

cookie?
 It is a piece of data from a
website that is stored within a
web browser that the website
can retrieve at a later time
 History of
cookies
a piece of data from a website
that is stored within a web
browser that the website can
retrieve at a later time
derived from an earlier
programming term, "magic
cookie," which was a packet of
data programs that kept data
unchanged even after being sent
and received several time

What are the

benefits of
cookies?
Cookies are used to make the
user's web experience faster,
convenient and personalised.
 If I accept the
cookie is it
harmful or not
What are cookies?
Cookies are small text files placed on a user’s computer (or smartphone), which are commonly used to collect personal data.
Most website operators place cookies on the browser or hard drive of their user's computer. Cookies can gather information
about the use of a website or enable the website to recognise the user as an existing customer when they return to the website
at a later date. This file is neither a virus nor spyware. The law protects website users and lets them opt-out from the use of
cookies on their website browser.

What are the benefits of cookies?

Cookies are used to make the user's web experience faster, convenient and personalised. For example, you can select a
language to view a website the first time you visit it. When you visit the website again it will save your preference.

Types of cookies

Session cookies
Session cookies, also known as 'temporary cookies', help websites recognise users and the information provided when they
navigate through a website. Session cookies only retain information about a user's activities for as long as they are on the
website. Once the web browser is closed, the cookies are deleted. These are commonly used on shopping websites or e-
commerce websites.

Permanent cookies
Permanent cookies, also known as 'persistent cookies', remain in operation even after the web browser has closed. For example,
they can remember login details and passwords so web users don't need to re-enter them every time they use a site. The law
states that permanent cookies must be deleted after 12 months.

First-party cookies
First-party cookies are installed directly by the website (ie domain) the user is visiting (ie the URL shown in the browser's address
bar). These cookies enable website owners to collect analytics data, remember language settings, and perform other useful
functions that provide a good user experience.

Third-party cookies
Third-party cookies are installed by third parties with the aim of collecting certain information from web users to carry out
research into, for example, behaviour, demographics or spending habits. They are commonly used by advertisers who want to
ensure that products and services are marketed towards the right target audience.

Flash cookies
Flash cookies, also known as 'super cookies', are independent of the web browser. They are designed to be permanently stored
on a user's computer. These types of cookies remain on a user's device even after all cookies have been deleted from their web
browser.

Zombie cookies
Zombie cookies are a type of flash cookie that is automatically re-created after a user has deleted them. This means they are
difficult to detect or manage. They are often used in online games to prevent users from cheating but have also been used to
install malicious software onto a user's device.

Law on cookies
The basic rule around cookies is that websites must:

 tell people the cookies are there and what cookies are being used

 explain what the cookies are doing and why, and

 get the user's consent to store a cookie on their device

This can be set out and achieved in a Website privacy policy with an integrated cookie policy or a separate Cookie policy. For
more information, read Data privacy and cookies.

What counts as consent?

Consent must be freely given, specific and informed. It must involve some form of unambiguous positive action, for example
by ticking a box or clicking a link. The user must fully understand that they are giving consent.

Therefore, consent cannot be given if the information is only provided as part of a privacy policy that is hard to find, difficult to
understand, or rarely read.

Consent does not necessarily have to be explicit consent. However, consent must be given by a clear positive action. Users
must fully understand that their actions will result in specific cookies being set, and have taken a clear and deliberate action to
give consent. This must be more than simply continuing to use the website. To ensure that consent is freely given, users should
be able to disable cookies.

For further information, read the Information Commissioner's Office (ICO) guidance on Cookies and Consent.

Can cookies be erased or blocked?

Most cookies can be erased or blocked. To erase cookies you will need to find the folder or file where they are stored on your
device and delete them. Session cookies will automatically be deleted when you close your web browser.

You can also block a website's cookies. You can do this by configuring your browser settings.

You can also use specialist software that protects against malicious cookies. These applications can be customised to let you
change the content of the cookies you want to receive or allow being stored on your device.

Enforcement and penalties

The ICO is responsible for ensuring organisations comply with the law on cookies. They take a practical and proportionate
approach to enforcing the rules on cookies. Where a business fails or refuses to comply with the rules, the ICO can take specific
action as described below.

Information notices
The ICO can submit information notices which require organisations to provide the ICO with specific information within a certain
time period.

Undertakings
Undertakings force organisations to take a particular course of action in order to improve their compliance.

Enforcement notices
Enforcement notices compel an organisation to take action specified in the notice. For example, a notice may be served to
compel an organisation to start gaining consent for cookies. Failure to comply with an enforcement notice can be a criminal
offence.

Monetary penalty notice

A monetary penalty notice requires an organisation to pay a monetary penalty of an amount determined by the ICO, up to a
maximum of £500,000. This power can be used if any business or person has seriously contravened the law and if the breach is
likely to cause substantial damage or distress.