Cookies: How to protect our privacy
Advertising has always been a very valuable asset for all companies as it allows them to publicize and position their products to consumers. Like everything else, the way of advertising has also undergone changes in recent years, with cookies playing an increasingly important role.
Its relationship with data protection is very close, since cookies are a small file with data that is downloaded to the user’s computer each time he/she visits a web page, being one of the main objectives that the server of that page can remember and identify the equipment and other important data of the user, to offer more personalized experiences and content of interest the next time he/she enters the web, enhancing the consumer’s interest in certain products.
Cookies and Data Protection
As we well know, for data processing to be legal, it must comply with the General Data Protection Regulation (GDPR), and in the case of cookies, exactly the same applies. Since their use involves a disclosure of personal data, it is essential to comply with the principle of transparency, as well as to obtain the consent of users for those cookies that require it in order to legitimize the data processing involved in their use.
- Definition and generic function of cookies.
- Information on the type of cookies.
- Who uses them and if there are third parties, establishing the RGPD that information on third parties must be directly visible
- Information on how to accept, refuse or revoke consent.
- On international transfers.
- When profiling involves automated decision making.
- Retention period…
As for consent, Article 4 of the GDPR defines it as:
“any freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data concerning him/her”
The legal obligations of cookies are clear, but how can we protect ourselves from them?
How to protect ourselves from cookies?
Apart from the possibility of rejecting all cookies or only allowing those necessary for the operation of the website, there are other more technical measures that we can personally configure to prevent cookies from being so exhaustive.
In this regard, the Spanish supervisory authority has prepared a very detailed document on measures to minimize tracking on the Internet, from which we can highlight some very effective measures.
- We must inform ourselves about the level of privacy and security offered by the application, avoiding installing those that are not strictly necessary, as this way we will avoid risks from the beginning.
- We must check if our browser has advanced anti-tracking protection, to activate the “Do not track” option, thus expressing to the websites our desire not to be tracked.
- We can block third-party cookies, which are the most invasive, by configuring this option in the same way as the previous one.
- We can also choose to configure the browser in such a way that when it closes, cookies are deleted, however, we can also choose to delete them manually from time to time.
- We should also avoid keeping the session open indefinitely; regarding advertising, we can configure the device so that it does not use the advertising identifier to create profiles or show personalized ads based on our location.
- We must review and configure our social network profiles since, although it may seem a closer and more reliable context, it is the place where more exposure may come to have personal data.
The end of cookies
When we visit a website we not only access a single Internet site, but at the same time we are redirected to other third-party servers that are generally those that offer advertising services and analytical data from the main website, and it is this access to third parties that allows cookies to be installed by data controllers that do not manage the website to which we have voluntarily accessed, being in many cases unnecessary for the provision of the service explicitly requested by the user.
This invasion is the main reason why most measures are aimed at minimizing third-party cookies or avoiding them altogether, to the point that Google has launched an initiative called The Privacy Sandbox, which aims to phase out third-party cookies and limit covert tracking by creating new web standards that provide publishers with safer alternatives for personal data. This project is currently under development, with the last update in April 2022, and many of the proposals are under discussion or testing period, however, it will not be until the end of 2023 when Chrome will start the second transition period, where support for third-party cookies will be phased out.