• Platform
    • Data Privacy Platform

      The simple, all-in-one data privacy platform

    • header__icon-1
      Cookie Consent

      Manage consent for data privacy laws in 50+ countries

    • user-square
      Subject Rights Management

      Streamline the DSAR workflow

    • data mapping primary 200
      Data Mapping

      Automate and visualize data store discovery and classification

    • shield-tick
      Vendor Privacy Risk Management

      Ensure your customers’ data is in good hands

    • Assessments
    • Privacy Templates
    • GDPR Representative
    • Consult Privacy Team
    • Regulatory Guidance
    • Integrations
    G2 - CMP - Spring 2023 (1)
  • Solutions
    • By Regulation
    • CPRA

      Discover how Osano supports CPRA compliance

    • CCPA

      Learn about the CCPA and how Osano can help

    • GDPR

      Achieve compliance with one of the world’s most comprehensive data privacy laws

    • By Organization Type
    • Icon (10)
      Start-Up

      Don’t let data privacy compliance get in the way of growth

    • Icon (11)
      Mid-Sized

      Preserve your competitive edge

    • Icon (12)
      Enterprise

      Manage data privacy at scale

    • By Use Case
    • Path
      Consent Management

      Manage consent without the complexity

    • Icon (14)
      DSAR Automation

      Never miss a DSAR deadline again

    • Icon (15)
      Vendor Risk Management

      Regain insight and control over your customers’ data

    • Icon (16)
      Privacy Program Management

      Build and grow an end-to-end privacy program

  • Resources
    • View All Resources
    • book-open-01
      Articles

      Expert insights on all things privacy

    • Icon (25)
      Resource Center

      Key resources to further your data privacy education

    • globe icon primary 200
      U.S. Data Privacy Laws

      A guide to data privacy in the U.S.

    • Icon (17)
      Topics

      Research the most essential privacy topics

    • envelope icon primary 200
      Newsletter

      Subscribe and become a Privacy Insider

    • Icon (20)
      Our Pledge

      No fines, no penalties

    • Icon (21)
      Product Updates

      What’s the latest with Osano?

    • Icon (22)
      System Status

      What’s the status of account management systems, the platform, and support systems?

    Latest Blog post

    Announcing The Privacy Insider Book

    For decades, unchecked data collection and processing was the...

    Read Now
  • Company
    • Vector
      About Us

      The Osano story

    • Icon (25)
      Careers

      Become an Osanian and help us build the future of privacy!

    • Icon (26)
      Contact

      We’re eager to hear from you

    • 
      Our Pledge

      No fines, no penalties

    • Icon (27)
      Data Licensing

      Add Osano data privacy ratings and recommendations to your application

    • Icon (28)
      Osano Swag Store

      Increase Trust. Stay Compliant. Get Cool Swag.

    • Icon (29)
      Press & Media

      Inquiries and Osano in the news

    • Icon (30)
      Partners & Resellers

      Interested in partnering with us?

  • Pricing
  • Sign In Book a Demo
Cookie Management

What Are Cookies & How to Manage Them?

What are browser cookies, and why are they important when it comes to today’s data privacy practices? How can managing them ensure you’re building trust with your potential customers? Find the answers to questions like these and more below.

intro to cookies - first party vs third-party
Cookies 101

Start With the Basics

What Are Cookies? 

A browser or internet cookie is like a tiny piece of glitter that attaches itself to you when you visit a website. It helps the website remember who you are and what you did there, such as what items you added to your shopping cart or what preferences you set.  

Like real glitter, though, it can get messy and hard to get rid of, almost like it’s multiplying. And while some cookies are harmless and useful, others can track your online behavior and share it with third parties.

intro to cookies - what are cookies

Types of Cookies

There are several different ways to categorize cookies, but there are three primary types that are pertinent to data privacy laws:

Session vs Persistent

A session cookie is temporary — it’s “destroyed” as soon as you leave a webpage or close a browser. These types of cookies allow a website to remember a visitor as they move between pages in a website. For example, adding an item to a cart while you’re on the website. Clicking away from the cart doesn’t completely empty the cart, which wouldn’t be possible without a session cookie.  

A persistent cookie, on the other hand, is a “stored” cookie. It’s stored on your computer even after you’ve closed your browser, keeping track of your preferences and other information. When you log in to a website and check the button to “Remember this computer,” you’re permitting a persistent cookie so you don’t have to type your username every single time you log in.   

intro to cookies - Session vs persistent cookies

Necessary vs Non-essential

Necessary, or essential, cookies might sound self-explanatory, but they’re essentially cookies that are needed for the website to operate its most basic functions. They include logging in, adding items to a cart, billing, etc.  

Non-essential cookies, sometimes called “effective” cookies, are those that are not needed for the website to function. These break down into further categories, such as analytics (used to collect data that measures behaviors en masse) and marketing or targeting (used to enable advertisers to show relevant ads to visitors).  

intro to cookies. - necessary vs non-essential cookies

First-Party Cookies vs Third-Party Cookies

A first-party cookie is exactly what it sounds like “first-party.” The cookie is created by the website you’re currently visiting, saving your preferences for that same website. The best example is saving your shopping cart so that when you come back, you remember what you were attempting to buy.  

Third-party cookies are created by different websites than the one you’re currently visiting. The biggest examples here are ads — a brand wants to advertise its product, so it adds a code from an ad network to its website. That code then plops a cookie onto your browser from the brand’s website. The cookie, although on the brand’s website, is coming from a third-party.  

intro to cookies - First Party vs Third Party
Resources

These resources will help you get started on your cookie journey.

How Cookies Work, and How to Conduct a Cookie Audit

A great spot to start if you were today years old when you realized we're not talking about the kind with chocolate chips.

Learn more

5 Ways to Identify Cookies and Scripts

You'll need to know which cookies and scripts are tracking what data in order to maintain compliance under most data privacy laws.

Learn more

The Ultimate Guide to Understanding Cookie Laws

How cookies are used, which cookie laws are important to follow and how organizations like yours are managing cookie compliance.

Learn more
Cookies 102: Where Privacy Comes In

Defining the Relationship Between Cookies & Privacy

How Data Privacy Impacts Cookies 

When we talk about data privacy in the context of cookies, we’re typically talking about third-party cookies. First-party cookies usually aren’t an issue because they’re used by the website to improve the user experience.  

Third-party cookies, especially in the context of targeting and, to an extent, analytics, is the biggest topic at hand. It all stems from consent: Is it okay to collect someone’s data and share it with others if you don’t have their okay?  

Most data privacy laws, like the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA), say “No.” These laws, among many others, require some form of consent, whether that’s opt in or opt out.  

2

Opt-In vs Opt-Out Consent

Opt-in consent is consent that requires users to take an action that grants businesses permission to collect and use their data. The action could be clicking a button, checking a box, or something else that is a proactive step. In other words, websites cannot collect or use someone’s data without them agreeing to it first.  

Opt-out consent is when a user must clearly say “No” to data collection in order for a business to stop collecting and using data. This means that businesses can assume consent until they receive notice from a consumer otherwise. Businesses, however, are required to clearly inform consumers about data collection, which is why websites that use an opt-out model for consent have cookie notices on their sites. And opting out must be easy to do for consumers.  

intro to cookies - Cookies Opt in vs Opt Out

Tracking It All With Consent Management

Without some form of consent management, there would be no way to track a users’ opt-in or opt-out response or even if or when they change their response. Consent management is the practice of requesting, recording, and acting upon a user’s preferences when it comes to collecting their data.  

Whether and what types of cookies users consent to must be recorded, and your company must act upon their response. You also need to do it in a way that ensures you’re compliant with that person’s local regulations and stores it for verifiable proof of consent. Plus, with Global Privacy Controls, consent management must also take into consideration browser-based consent so that you’re not tracking someone’s data when they’ve already opted out of data collection via their browser.  

Consent Management - map
Resources

These blogs dive a little deeper into data privacy and cookie compliance.

Cookies, Pixels, and Tags: The Data Privacy Implications of Each

You may be familiar with the terms, but are you aware of their function within the context of data privacy and compliance?

Learn more

What is Privacy-First Marketing?

Find an approach to collecting and working with data that respects consumers' right to privacy.

Learn more

What is Cookie Compliance & How to Become Compliant

Cookie compliance is often the first target for data privacy regulators. Here's an overview on what you need to do to become compliant.

Learn more
Cookie Compliance

The Biggest Concepts in Cookie Compliance

Cookie Banners

Cookie Banners are pop-ups that show the first time you visit a website, letting you know about the website’s use of cookies, asking for your consent, or both. These banners are a core concept in consent management, and they typically take the form of a notice that can either go away on its own or goes away once you take an action, such as either accepting or rejecting cookies.  

Cookie banners will have different language and terms depending on the applicable law (which is based on the jurisdiction of the user, typically depending on their geolocation). Some may ask a user to select which cookies they consent to, and some may include a link to a cookie notice. 

Consent - toggles 3 - image

Consent Optimization

Before diving into cookie notices, it’s important to take a moment to address consent optimization. Consent optimization is a tricky subject — it would be easy to attempt to design your cookie banners in such a way that a user wants to click yes. This would include making your “accept” button stand out more than your “reject” button, pre-ticking boxes, and requiring multiple steps so it’s harder for users to deny consent.  

But all these approaches are known as “Dark Patterns,” which are design choices that are meant to manipulate users to provide consent, which is often unlawful and could cost you the trust of your users. If you must optimize anything, focus on making your language clear, transparent, and in plain language.   

intro to cookies - What Are Cookies

Cookie Notices

Cookie notices inform users about the usage and storage of cookies on their browsers and computers. Notices will usually explain that the company or website uses cookies to improve its site experience, implement personalization, remember user preferences, and more.  

Cookie notices might also include options for visitors to accept or deny all cookies, reject non-essential cookies, or customize their preferences based on a list of cookie categories provided. It may also link out to the company’s cookie policy or privacy policy, which will further break down the cookie types, functions, and data retention policy.  

intro to cookies - cookie notice
Resources

Cookie Banner Examples for the GDPR, CPRA, and More

Ensure your cookie banner aligns with regulatory requirements.

Learn more

The Right Way to Approach Consent Optimization

Asking for consent doesn't mean you have to lose out on valuable marketing data.

Learn more

What is a Cookie Notice, and Why Do You Need One?

The what and why of cookie notices and how you can use yours to increase user experience and trust.

Learn more
Next steps

Cookie Governance: How to Continuously Improve Your Cookie Management

When it comes to managing the cookies that are currently being tracked on your website or introducing new ones, it’s important to implement a cookie governance process so you always know what is being tracked and who is doing the tracking. Here are our recommended steps:

Expert insights

Key Resources on All Things Privacy

Discover actionable compliance tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.

Data Privacy Laws (1)

Data Privacy Laws: What You Need to Know in 2024

Read Now
US Data Privacy Checklist hero

2024 U.S. Data Privacy Checklist

Download Now
Mailgun_email

Why Mailgun switched to Osano

Read Now

Simplify Data Privacy Compliance

With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.

Next Steps

Need Help Getting There?

Book a Demo With Our Team

1. Evaluate vendors.

Evaluate vendors. When your business wants to add a new cookie, you need to evaluate the vendor the cookie is associated with. Is this a reputable vendor you want to have on your website? A product like Vendor Privacy Risk Management can help give you insights into potential vendors. During this time, you can also create a Privacy Impact Assessment (PIA).

2. Confirm functionality.

Once you’re ready for the new cookie, or while you’re evaluating your existing cookies during ongoing maintenance, you need to confirm the cookie type, business purpose, retention policy (how long will this cookie retain data?), and what data is or will be processed. During this time, you can add the cookie or script to a staging environment.

3. Add the cookie to your website or CMP.

After confirming functionality, add the cookie or script to your production environment and add any classification work to your consent management platform.

4. Update disclosures and policies.

Once your users are being tracked by the new cookie or script, it’s important to update your cookie notices and disclosures and your privacy policies.

5. Implement ongoing maintenance.

Monitor and address any data concerns stemming from the data collected with annual vendor relationship evaluations and real-time monitoring of security concerns. 


These five repeatable steps will help you keep track of the cookies that are currently on your site, ensuring your organization is compliant while building trust with your customers and prospects over time.   

But cookie governance is just one part of the privacy program journey. To build a program dedicated to operational excellence without losing track of your progress with cookie governance, download the Osano Privacy Program Maturity Model. 

Discover How Consent Management Can Bring You Peace of Mind

Go beyond Cookies 101 with Consent Management built for your company.