Cookies for beginners: everything you need to know

Cookies for beginners: everything you need to know

Can you write an article about cookies,” my boss ordered me over the Monday morning coffee. I looked at him desperately and replied, “I am a copywriter. I don’t understand anything about cookies.” To which he said, “That’s why you are so perfect for the job. Nobody understands cookies. If you, as a layman, research it, you may succeed in making this matter understandable.”

He then sipped his coffee again, nodded affirmatively (not at me but at himself), and returned to his office with a satisfied expression.

And I? I murmured to the coffee machine, “But I really don’t know anything about cookies.”

What are cookies? (If you ask me)

What do I already know about this? These are the things that come to mind:

  1. Cookies are invisible files that are installed on your computer when you visit a website.
  2. These files ensure that your experience on the site is better. For example, your details are already entered in a contact form, and you see advertisements for products you like.
  3. Cookies also ensure that the website owner can earn more money from you. Not only because the advertisements, as mentioned earlier, are more targeted, but also because it can bombard you with re-marketing at later times. (Not familiar with the term re-marketing? Suppose you visit the website Purely hypothetical, huh. For another week, ads from will appear on numerous unrelated sites. That is re-marketing.)
  4. Quite a few European laws surround cookies.

Aah, not bad. 

Apparently, I know something about it. However, I am sure my more tech-savvy colleagues can add depth to the topic—time to ask around.

What are cookies? (If you ask a whizzkid)

First of all, I went to my colleague Hana, a programmer with a brain that thinks in binary numbers. This is her answer to the question of what a cookie is according to her:

“Cookies are the storage of or access to information in the peripheral equipment of a user via an electronic communication network.

“Hana, you sound like a law book,” I said. As if I were the greatest fool in the world, she replied, “That’s the law book’s text.”

I asked her what is meant by ‘peripherals’. I was under the impression that cookies only apply to computers. Is there more? She said with a sigh:

 “Other devices with similar functionality, such as smart TVs, telephones, tablets, and game consoles, also use cookies or files similar to them.”

Ah. So so.

I thanked Hana for the explanation and turned to my colleague Raf, a front-end developer. Maybe he talks more like a, um … human.

This is what Raf says:

What is funny is that cookies do not work optimally on mobile devices. Apps on smartphones technically work differently from web browsers. The Mobile advertising ID is the most commonly used alternative on GSM. However, the purpose is the same as with traditional cookies. That is why they are placed under the general heading of cookies.

My response: “Funny indeed.” Before continuing with his work that I don’t understand, Raf said: “I’ll email you a list of all types of cookies. Maybe that will benefit you.”

A list of all types? Chocolate chip, macaron, shortbread, candies?


What types of cookies are there?

It may not need to be said, but Raf’s list was a geek’s wet dream. In other words: I didn’t understand anything about it.

But my mission has settled in my head: I want to understand cookies. With a lot of research, I have deciphered the list. I am proud to present the result to you.

  • Necessary cookies

This is essential for the proper functioning of the website. This category only includes cookies that guarantee essential functions and security features of the website. These cookies do not store any personal information. That’s nice.

  1. Analytical cookies

Analytical cookies ensure that the website owner’s visit to the website is made transparent by analyzing visitors’ behavior and their origin. They are used to measure and optimize the performance of a website. The site owner can find out which information visitors find useful or unnecessary.

Analytical cookies, for example, keep track of how often a website is visited or how often a blog article is read. They can also keep track of which region the website visitors mainly come from and whether the website’s mobile version is more popular than the desktop version.

  • Functional cookies

Functional cookies ensure an optimal user experience of the website. They are used, among other things, for the automated filling of forms and for the proper functioning of the chat function and the shopping cart. They remember that you are logged in as a user or that you have placed items in the shopping cart. With a multilingual website, the language preference or country preference of the visitor can be remembered.

  • Tracking Cookies

Tracking cookies create a profile of the website visitor. For example, a modified version of the website can be displayed. These cookies follow the visitor’s surfing behavior so that he can receive personalized offers or advertisements even while surfing other websites. For example, he may see a previously viewed webshop item (or catalog bride) reappear on other websites.


Some of these cookies are placed by the website you are visiting, while others are placed by external parties (advertisers, news feeds, plugins). In the first case, we talk about first-party cookies, in the second about third-party cookies.

Incidentally, I was wrong with my assumption that cookies are always small files installed on the user’s computer. It was indeed twenty years ago, but the term ‘cookie’ has now been broadened. The law speaks of:

… Store or access information in a user’s peripheral equipment via an electronic communications network.

Interesting fact: there are even cookies that ensure that you can consent to the use or not of cookies.

Should we be afraid of cookies?

It depends on who you ask. On the internet, I meet loads of anxious people who say that cookies violate our privacy. That they belong in a cookie box, not on a computer. But is this fear justified?

I admit: if you allow cookies that aim to store your personal preferences, you can indeed speak of an invasion of privacy. You may indeed reason: it is no one’s business that I prefer Nike sneakers, flying holidays to Tunisia and Eastern European women called Natascha and Tatiana.

If it is indeed a problem for you that a website gathers this information, then that is completely OK. Simply do not permit to place such cookies in the cookie preferences. However, I also know people (I’m thinking of my lovely girlfriend) who love it when a website shows ads with products they actually like.

Do I personally see cookies as an invasion of my privacy? No. But I also do not always agree with all cookies. It depends on how much I feel like being bombarded with advertisements related to the website I just visited for the rest of the week. Also, consider the following:

Cookies can only be read by the website that places the cookie.

A cookie from Nike, for example, cannot also be used by five hundred other sports brands. I find that reassuring.

As a company, how do you ensure that you are safe?

At the beginning of this article, I mentioned a fine that was handed out to a Belgian site for not having their cookie statement in order. The site has had to pay $15,000. (Ironically, this site provides legal advice.)

However, as a website owner, you don’t want to pay a fine, so you need to make sure your site is in order. You do this as follows.

  • Check whether your site uses cookies.

Not every website uses them, so not every site is required to list its cookies.

However, there is a very good chance that your site does use cookies. Ask your website builder to make an inventory. Or ask another wiz kid. My colleague Hana told me that she scans WordPress websites with the cookie scan plugin ‘GDPR Cookie Consent’.

Low budget tip: you can, of course, also purchase this plugin yourself and run the scan personally.

  • Ask explicitly for permission.

Does your site use cookies that fall outside the ‘necessary cookies’ category? Then the visitor must explicitly ask for permission when entering the site. In principle, this permission only needs to be requested once, unless the user deletes his cookies or your website or webshop changes its cookie policy.

I consciously say explicit permission, because (be careful!) Implicit permission is not enough. Implicit consent means that you assume that the user automatically consents to use the site. The user should have the opportunity to click on an ‘OK’ button or ‘Agree’ button. The user must also have the option to give permission per cookie type.

This cookie notice is an example of what not to do :

This cookie notice is an example of how to do it :

Do you see the difference?

  • Provide your site with a cookie policy

You must not only explicitly request permission: you must also provide a link to your cookie policy in the notification. In this policy, you explain which cookies your site uses and what they are for. Create a separate page for this policy, to which you also link from the website scooter.

The following must be stated in the cookie policy:

  • Who is responsible for this cookie policy. Your site visitors should be able to contact you for more information. Therefore, state your organization’s exact name, the full address, the VAT number, and the telephone number or email address. Also, describe how you process the data. Tell us whether you process them inside or outside your own organizations and whether you do so anonymously. State that you are taking steps to protect confidentiality.
  • What are cookies, what types are there, and what are they for? Briefly explain what cookies are and what they mean for the site visitor. Then tell us which cookie types there are and what the benefits are for the user. Start by clarifying the distinction between first-party cookies and third-party cookies. Then split these into necessary, analytical, functional, and tracking cookies. You know, that list we discussed earlier.
  • Which cookies do you use, what purpose do they have, and how long are they stored? We are not talking about cookie categories now, but a summary of all the individual cookies that your site may place on the visitor’s device.
  • Please explain how the user can delete his cookies. This can be done, for example, by consulting the help function of your browser.
  • Indicate when your policy was last changed. If you change your policy, you must also request permission from all visitors again.

Many companies choose to include their cookie policy in their general disclaimer and privacy page. (We have also done this.) This way, all information about rights, responsibilities, and privacy are clearly arranged on one page.

Everything summarized

  • Originally, cookies are small files that are stored on the device of the person who visits a website or webshop. Still, the term now encompasses all forms of ‘storing or gaining access to information in a user’s peripheral equipment via an electronic communication network’.
  • They ensure that the site provides better user experience, and they enable the site owner to run a more efficient (and thus more commercially stronger) site.
  • A website must explicitly ask for permission from the visitor when they first visit it (although this only applies when the site uses cookies that are not essential for the site’s normal operation).
  • A website must offer transparency through a cookie policy: what are cookies, which types are there, what are they for, which ones does the site collect, why you do this and how long you keep them. You also explain how the visitor can delete, disable, or adjust his cookies, and when you last changed your policy.

My assignment has been completed: I have made cookies transparent. Or yes, that’s my hope.

Is this all there is to say about cookies? No. During my search, I came across pages of other interesting (and relevant) information. However, a person has to make choices in life, and I did.

Now I’m going to the store to buy a box of cookies. I got hungry.