|
GDPR: Should You Accept or Reject Cookies?
The Problem
You’ve probably seen some version of this question on various websites:
“Accept or reject cookies?”
It may have various qualifiers (personalizing content and ads, etc.), and may have a third choice that gives you the option to “manage your cookie preferences.”
Some sites also give you the option to dismiss the question without answering it, usually by including a little “x” in its corner that you can click. However, other sites force you to answer that question by having it stay on the screen no matter what you do, preventing you from using the site in any reasonable way.
How should you answer that 2- or 3-way question? What does it mean?
The quick and practical answer
A minimalist approach would be:
- Always choose “reject.”
- If you then find that the site doesn’t work properly, you can change your preference later. Look for a “Cookie preferences” or “Manage privacy” link, probably at the bottom of each page.
Why? “Reject” does not tell the site to use no cookies at all, but instead to use only “essential cookies,” i.e., cookies that the site needs to operate properly or for security, like keeping track of the items you add to your shopping cart, which language or currency you use, etc.
However:
- If you’re familiar with the website, you’re comfortable using it, and visit it often,
- or it’s a website on which you want to try to avoid any problems that might prevent it from working properly
Then I recommend choosing “accept” or exploring the options they give you under "manage."
“Nonessential cookies” go beyond what’s necessary for the site to function, storing additional information about your behavior or that supports marketing, e.g., which products you look at, which promotions or ads you respond to, how often you visit the site, etc.
In other words, you’re choosing between “rejecting nonessential cookies” and “accepting nonessential cookies.” Ironically, each site probably stores your “accept or reject” choice in a cookie.
Read on to dig deeper into the issues behind this apparently simple (but odd) question.
GDPR
Websites that ask those cookie-related questions are probably trying to comply with the GDPR.
The General Data Protection Regulation is a law enacted in the European Union (EU) in 2018 that applies to anyone (regardless of where they’re located):
- Who makes products or services available to EU residents
- and who may collect any personal data.
Anyone who does both of those things is required to follow specific rules about how they gather and use that data, how they disclose their practices, how they obtain consent for that use, and more. For many websites, that involves the use of cookies.
What are cookies?
When you visit a website, that website may create one or more small files on your computer (stored in your web browser) to remember information about you, track your activity, or personalize what you experience on their site. Such a file is called an “HTTP cookie,” or “cookie” for short.
Here are some common uses of cookies:
- When you click “Remember me” as you’re signing in to your account on a website, the next time you sign in, it will fill in your username (not your password) for you. (This is separate from your browser’s ability to store your username and password for websites you sign in to.)
- When you click “Stay signed in” as you’re signing in to a website, the next time you visit that site (within a reasonable amount of time), you will probably not have to sign in again.
- Many websites use cookies to remember the products that you’ve put in your “shopping cart.”
Note that cookies are stored in each web browser separately, i.e., the cookies stored in Firefox on a given computer are completely separate from the ones in Chrome.
Cookies are part of the GDPR context because they can store personal data, including names, email addresses, preferences, and other information about you, which is personal data.
Lack of compliance
Unfortunately, some websites don’t comply properly with GDPR. For example:
- They may not clearly disclose what they do with your personal information.
- The may fail to explain which cookies they use.
- Their website may not present a clear “reject” button.
- They might still use nonessential cookies even after you’ve clicked “reject.”
This makes it difficult to be sure whether any website respects your choices and is disclosing what they are actually doing with your information.
Where to go from here
As always, if any of my advice seems too difficult to follow, I recommend that you find someone you know and trust who can help you.
| 
