Why Do Some Websites Have Pop-Up Warnings About Cookies?

If you spend any time at all on the web, you’ve probably come across a fairly normal site that seems strangely concerned about cookie education. You’ll see a pop-up that warns you that yes, the site uses cookies…just like almost every other page on the web. If the warning seems redundant and ineffectual, you’re not the only one to think so. But some people think it’s necessary, and those very specific people are in the European Union.

What’s In a Name Cookie?

An Internet cookie is a tiny bundle of text in a file that a website stores on your computer via your browser. It isn’t malicious by nature, it’s merely a functional record of some of the data associated with your machine’s hardware and capabilities. It can also be used to let the site know that you’ve visited it recently, enabling handy features like keeping you logged into a website after you’ve navigated away, or storing your viewing preferences for a later visit.

But despite being benign in structure, some sites can use cookies in ways that are questionable in terms of privacy or safety. Cookies can generate and share long strings of information about which sites you’ve visited and what you’ve done there, and that data can be transmitted to other sites even without you being aware of it. Advertisers love that information: it allows them to build basic personal profiles about you, even if you’ve never logged into any site, and serve up relevant ads for things they think you’re likely to buy.

A cookie file from my browser. You can see the tracking tags from advertisers in the text.

This isn’t exactly an invasion of your privacy, in the strictest sense—cookies don’t contain things like your name or email address, unless a site is unwise enough to put them there—but the data is specific enough to make a lot of people uncomfortable.

Cookies are a little more complex than the above description. They’ve become ubiquitous on the web in their various forms—it’s possible to disable the use of cookies when you browse, but you’ll be limiting the functionality of a lot of websites if you do (and causing lots of annoyances, like being logged out and seeing the same popups every time you visit). If you’d like more technical information and some instructions on how to manually manage your cookies, check out this How-To Geek article.

The European Union’s Stance on Cookies

In 2002, the European Union codified the Directive on Privacy and Electronic Communications. Among many other guidelines, the directive stated that websites had to obtain users’ permission before storing information in a local cookie file, and inform users of what that data would be used for. Since cookies are used in so many different websites for a lot of different reasons, it meant that most of the major websites and services based in the member states of the European Union had to put up a “cookie warning” to continue their basic functions.

A typical cookie informational banner from UK gaming site Rock Paper Shotgun.

Through various amendments and addendums, that “explicit permission” has been changed to more general information. And now the more-or-less standard “cookie warning” reads something like: ” We’re legally obliged to tell you that we use cookies on this website. Here’s a link explaining what that means, and how we use the data we’re collecting. Here’s a link to hide this pop-up for this session.”

Most website managers and content creators seem to view the mandatory cookie warnings as a nuisance and a waste of time. It’s kind of like a security camera that has to blast “I’m watching your movements now!” on a loudspeaker every time you walk by. Yeah, cookies can be used to do some rather shady things with your information on the web, but they’re also a fairly fundamental part of how the web itself works now. Forcing users to see and acknowledge a warning on almost every site hosted in the European Union seems redundant and altogether unhelpful.

The End of Cookie Warnings Might Be Near

EU websites and users have had to deal with cookie warnings for over a decade now, and based on personal experience with those who have to handle the production side, nobody’s happy with the mildly annoying status quo. But there’s hope for a less-cluttered future for the European web. A newly-proposed update to the original law would make banners obsolete and unnecessary, by forcing websites to read and respect a browser setting that forbids cookie-based tracking. It would also force websites to get explicit consent before initiating cookie-based tracking, meaning the current “FYI” informational banners wouldn’t be necessary unless the website was looking to do specific tracking.

The proposal isn’t a shoo-in: technical changes would make it more difficult for websites to offer conveniences like remembering a login session or a shopping cart. Websites could also face a significant loss in relatively easy advertising revenue, something that lobbyists are sure to bring before the European Commission as the body considers the proposal. If the update were to be approved, it would take effect in May 2018, along with a host of other privacy laws.

Michael Crider has been covering technology on the web since 2011. His interests include folk music, football, science fiction, and salsa verde, in no particular order. He wrote a novel called Good Intentions: A Supervillain Story, and it's available on Amazon. You can follow him on Twitter if you want.