*Free-use image generously provided by Pixabay
Let’s face it, whenever you hear a discussion begin with “Well, the GDPR/CCPA states that…” you either promptly leave the room or endure long enough to invariably be drawn into a conversation about cookies. What are they? Why are there so many on my website? Will they ever be good for my health? The topic of cookies generally provokes more questions than answers, and we are left wondering why there still doesn’t seem to be a definitive recipe for building transparent web applications. The truth is that even though these data regulations are established, we’re also in rapidly changing times and murky waters as a lot of companies are attempting to step into compliance all at once.
In spite of that, I strongly believe that by having a basic understanding of cookies and how they are currently handled by websites and browsers we can better navigate a lot of the general confusion, and demonstrate commitment to our B Corp beliefs.
The Cookie
Ah yes, the illustrious cookie, a term synonymous with both desserts and digital blocks of data. First, let’s take a quick gander at what a cookie is exactly. Here’s what Wikipedia states:
“HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session.”
Not too bad, right? Cookies are essentially just blocks of data that are temporarily stored on your browser and perform all sorts of neat tasks. Let’s take a closer look at some examples of those tasks:
Session management:
- Logins, shopping carts, game scores, that one blog you’re working on
Personalization:
- User preferences, themes and other settings
Tracking:
- Recording and analyzing user behavior
As we can see, cookies are incredibly important to the general function of most things online, but they’ve also gathered quite the reputation.
Rise and Fall of the Third-Party Cookie
*Free-use image of “Vincenzo Camuccini, The Death of Caesar, 1798” generously provided by Wikimedia via public domain regulations in its country of origin.
When we talk about unscrupulous cookies, generally we are referring to the abuse of tracking cookies. The traditional tracking cookie serves a valuable purpose in that website and application owners can collect insightful user behavior (for example, which design feature on their website is assisting users, or highlighting how many views a blog post has gotten), all without collecting a user’s private information. Unfortunately we’ve seen the intrusiveness of many of these cookies develop far beyond what one could consider both reasonable and ethical which is why we have such a need for regulation today.
In discussing tracking cookies it’s also important to note there are two main types: first and third-party cookies. A first-party cookie comes from the domain or website you are currently viewing and will be dropped as soon as you navigate to another domain. Third-party cookies are set from domains other than the one you are currently on, and can track your browser session across multiple sites. It’s these cookies that have been allowed to run rampant for the last two decades and have become the leading topic in the privacy debate as governments, companies and end-users crack down on their behavior.
At time of writing, currently Mozilla’s Firefox and Apple’s Safari browsers block all third-party cookies in an effort to protect end-users from having their sessions unknowingly tracked across multiple sites by unethical parties. By default these are not blocked in Chrome—however do note there is a setting to block them (which we highly recommend enabling):
Google has revealed they intend to finally do away with third-party cookies by the end of 2023 and implement their own solution, called Topics API. While such a move might be good news for users, unfortunately companies are already finding loopholes to replace third-party cookies using things like pixel trackers and localized storage. Even with these developing loopholes, it’s important to stay the course and learn how you can continually improve on your own site’s tracking and transparency.
B Corp Values and Trust Through Transparency
Let’s say for a moment that you are in a similar position to us where you want to stay true to your B Corp values while still providing transparency and a valuable service to your clients.
Can modern analytics truly hang on as we close the loopholes on the historical abuse of personal data? We think so, with an enthusiastic and resounding “Yes!” Because realistically it all comes down to intent, especially when small businesses, nonprofits and corporations want to do the best they can but can’t afford to hire legal teams to sort out multiple countries’ and states’ privacy regulations¹. You can quickly audit the cookies present on your site using a variety of free tools, or even from the tools in your very own browser. Let’s take a quick look at the cookies on our company website using Firefox’s developer tools:
As you can see, that is a decent-sized chunk of chips requiring a bit of investigation into what each cookie does, where it comes from and whether it should be considered “essential.” That in itself is a fair amount of work, but it’s an appreciable start to informing our users about the relevant cookies they might encounter on our website. It’s also foundational to the modern-day “cookie banner/pop-up” that is ubiquitous now. While developing your site’s cookie banner and privacy policy, keep in mind that cookies can change by device, browser, location and more. This is due to different services’ scripts (such as Google Analytics) being able to swap these cookies out, so it’s important to refer to these companies’ websites in your privacy policy in order to encompass what cookies could also be present if you aren’t able to audit them all yourself. Regardless of whether a user chooses to accept cookies, we can still make informed decisions about our own website while having the best intentions for our user’s privacy, which we view as critical to being an ethical B Corp.
Here at Intellitonic, analytics is our lifeblood and we strongly believe that understanding trends in tracking technologies, engaging in transparency dialogue and abiding by all data rules and regulations are critical to both our ethics and the success of our work and go hand-in-hand with the modern-day gathering of metrics.
