Have you ever searched for a product online, only to find that every website you visit afterwards pushes you to buy it? Did you feel it was almost like holding a grudge? That’s not magic; it’s cookies! And no, not the kind you dunk in milk. Cookies are small data files that websites store on your device to track your online activity. The big question is, are they beneficial or plain intrusive?

What’s the deal with cookies?

When you visit a website, small data files, aka cookies, may get stored on your device. Think of it like the site leaving a note for itself to remember what you prefer. Every time you go back to that site, the cookie quietly reminds the server about what you like. This helps the website tailor your experience, like showing ads for products you might be interested in.

While having ads appear more relevant may seem exciting, it gets creepy when you realise how much of your information these cookies collect. They track where you click, the time you spend on a particular page, what you put into the shopping cart, and how frequently you return. Chills, right?

Are cookies helpful, or just a stalker?

The primary objective of cookies is to make your web browsing experience as easy as possible. They remember your shopping preferences, help you stay signed in, and assist in shopping by recalling the contents of your shopping cart. For example, imagine shopping online; whenever you open a new product page, the website forgets what you want to buy. Frustrating, right? That is where cookies come in handy.

While cookies make browsing easier, they also track your every move from one site to another. These are third-party cookies, allowing advertisers to construct a remarkably detailed picture of your internet usage. Hence, one will find an advert for something they googled a couple of days ago on a website without connection with the search result. However, is this convenience worth it for the invasion of privacy?

What do the legal provisions say?

In India, the legal provisions for cookies, particularly, are still in their early days. However, laws exist to some extent when it comes to data privacy. While no specific provisions explicitly deal with cookies, some provisions under the Information Technology Act, 2000 provide general guidelines. For instance, Section 43A deals with compensation for failure to protect data. It states that any organisation dealing with personal information must adhere to reasonable security practices. The ambit of personal information here can include cookies that capture consumers’ data and website use.

While there is little clarity on what exactly is “reasonable” in reasonable security practices, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, provide some guidance. Sub-rule (2) of Rule 8 specifies ISO 27001 as an example to demonstrate the implementation of reasonable security practices. Moreover, other rules require organisations to inform individuals when their personal data is being processed and why. This is why when you open a site, you see a pop-up asking you to accept cookie data collection. Such banners are one of the ways sites ask for consent from the users to collect their data. These consent notices are often crafted to nudge individuals to accept cookies without fully comprehending what they agree to. In practice, this shifts the onus on the users to look after their privacy when, in fact, it should be on companies to come up with transparent practices.

While this is the current status, India’s data protection law, the Digital Personal Data Protection Act, 2023, received Presidential assent on August 11, 2023. While the implementation date and subsequent rules and regulations are yet to come out, I hope these regulatory changes will bring more clarity to this issue.

Should you lose sleep over cookies?

People fail to realise that the problem is not in cookies as a concept. They are just tools. However, how sites use them is what counts. In fact, if websites declare what they are tracking and for what purpose and seek your permission, cookies make one’s internet life easier without invading privacy. However, if they are taking more data than you would be comfortable with or if the collected data is being used for something more than what you accepted, it then steps into the creepy category.

The biggest problem? Unfortunately, most people have no idea about the extent of tracking happening. We agree on those cookie prompts without thinking twice about closing the notification because we want to jump straight into the content we are after. But every time you click the “accept” option, you allow these sites to monitor your movements, preferences, and, at times, location.

A guide to protecting yourself online (Without logging off)

Let’s face it, we will not relinquish the Internet over a tracking issue. But if you want to avoid those cookies, there are numerous ways not to go entirely off the grid. First things first, check your privacy settings. It is usually pretty easy because most browsers have integrated tools that allow you to block or limit cookies. If you are concerned about it, I suggest you disable third-party cookies because they track your journeys around different websites. These are the cookies that help advertisers give you those notorious personalised ads. Yes, the ones that appear after you have searched for something, maybe once last week, and now you see them almost everywhere.

Secondly, develop a regular habit of clearing cookies. This will most likely erase what is stored in your cart and your logged-in sessions. A minor problem, right? At the same time, it also eradicates what websites have been collecting about you. It is like spring cleaning of your house, but virtually. Many browsers even offer an option to automatically clear cookies whenever you close the browser. This is a great way to prevent long-term tracking without remembering to do it manually. Also, this makes it very difficult for websites to monitor your continued browsing behaviour, which is good if you seek to minimise your digital footprint.

For a slightly paranoid internet user, using incognito mode can help. It does not make you invisible but prevents your browser from storing cookies whenever you close your window. This limits websites’ ability to track your activity. That being said, let me clarify one thing. Incognito mode does not eliminate tracking altogether, especially by your internet service provider. It is usually a “less is more” sort of approach. We have discussed myths about incognito browsing here.

Most importantly, always remember to read the fine print. I know that cookie pop-ups are irritating, and the desire to simply click on “accept” without putting much thought into it is strong. Next time, stop and breathe for a second. In fact, some websites actually provide the option of allowing the types of cookies that are acceptable to you. It is not necessary to allow them to run amok with your data. Adjust those cookie settings to your preferences because your data is your choice.

Conclusion

Ultimately, are cookies those little helpers that make your online experience easier and breezier, or are they silent perverts who follow you from one website to another? Honestly, it’s both. Cookies are generally helpful as they make your browsing less of a hassle. But like everything else, they also feature some major privacy concerns. Currently, it is in your hands how much of your digital footprint you are willing to reveal. So, ask yourself the next time you get hit with a cookie pop-up. Is this cookie worth it? Then, maybe, enjoy an actual cookie after you have made the best choice for yourself.