28 Jan Cookies and Data Privacy
That’s the Way the [Computer] Cookie Crumbles: Computer Cookies and How it Affects Data Privacy
If one does not consent, the pop-up will remain, and the user may not be able to access the website. Most of the time, users will mindlessly give their consent in order to immediately access the website, without really understanding the consequences of such act.
Cookies are text files used by a website which are saved on a user’s computer they store the website’s name and an ID that would identify the user. Cookies can also store other information such as traffic data (i.e., the amount of time spent on a website) and content data (i.e., links clicked while using the website, the settings set on the website, the accounts logged into). These cause concern for private individuals and consumers.
There are several types of cookies, some of which are session cookie, persistent cookie, and third-party cookie. Session cookies are present only while a user is navigating a website and disappears when the user closes the web browser. This allows a website to remember a user when they navigate from one page to another within the website. These are typically used in online shopping.
Persistent cookies, also known as permanent cookies, are saved on a user’s computer until its expiration. It stores the information and settings of a website frequently visited and allows the website to remember the user and their preferences during his or her subsequent visits. These are used in remembering one’s preferences and login details in their web browsers. This is also why users see advertisements regarding products or services they have recently or frequently search.
Third-party cookies are those installed by third parties, such as advertising companies that manage the banner ads on websites, which collect certain data for research purposes such as consumer behavior, demographics, and the like.
When cookies stored in a device are able to uniquely identify a user through the device or combined with unique identifiers or other information received by the servers such as IP addresses, it is considered as personal information. This causes concern for those who value their privacy. This is where GDPR steps in and helps regulate the collecting and processing of such information.
The GDPR was enacted to balance the privacy rights of individuals with the rights of organizations and governments to collect and use data for business and administrative purposes by emphasizing on transparency, security, and accountability from data controllers such as the websites, which collect and process information on its users.
The Philippines, while not a signatory to the GDPR, provides for an extraterritoriality effect when personal information of users who are part of the EU are being processed when users’ behavior within the EU are being monitored by a controller or processor who is not part of EU.