• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Digital ID
  • Privacy Concerns On Cookies Storing Personal Information

Privacy Concerns On Cookies Storing Personal Information

Pierluigi Paganini May 20, 2021

Which are privacy concerns on the way organizations collect personal information through the use of cookies?

Data is constantly being tracked, stored and processed right under our noses, and it is quite frightening to know just how much data a company might have on you. They may not have your deepest darkest secrets (or maybe they do), but they have a track of your interests and behaviour, so much so that in this day and age, organizations have enough information about you that they can replicate a digital version of you. The question remains, where are they getting this data from?

There are several avenues through which organizations can collect personal data but one of the main drivers is cookies. When a user logs on to a website for the first time, the server assigns them a user-specific identity that is distinctive. This identity is stored on the mobile or computer on which the browser is running. In case the user enters the website again, the browser sends a cookie to the server, allowing the website to remember the user. In other words, cookies function as a kind of memory of the internet running through protocols that provide data flow. As sneaky as they can be, they were not created with malicious intent in mind. Quite the contrary, in 1994, when a company called Netscape Communications was developing an e-commerce application, a computer programmer Lou Montulli was thinking of the great value to the e-commerce of remembering the information in the user’s shopping cart and used cookies for the first time.

Cookies could be a privacy threat

Before we can dive into why cookies may be a privacy threat, we need to look into the purposes of cookie consent. There are two main types of cookies that can be found on any website. These are the following:

  • Session cookies:

As the name suggests, a session cookie is stored in temporary memory and is not retained after the browser is closed. An example of this would be, the cookies that keep your information until the session is closed on the websites providing online banking services are session cookies.

  • Persistent Cookies:

These are the opposite of session cookies, as they remain in the system even after the browser is closed and can only be removed either manually or until the cookies expire. Persistent cookies are used for provision of customized content and collection of statistical data about user’s website activity.

First-party cookies

These are the cookies which are usually in effect when visiting a website, but neither one of them is dangerous to your privacy. These are  considered First-party cookies that are stored under the same domain you are currently visiting. So, if you are on a website all cookies stored under this domain are considered first-party cookies. Privacy concerns arise when there are third-party cookies involved.

Third-party cookies

Third-party cookies (cookies that are stored under a different domain than you are currently visiting) are created and placed on your mobile or computer by different internet subjects on the website you are visiting. The different kinds of advertisements that we may observe on websites are provided with these cookies. In other words, ad servers track user behavior to serve customized advertising on another website. These third party cookies may be found on several websites and are considered as the most undesirable types of cookies. This is because of the concern that it may cause privacy and security risks creating a behavioral profile based on your browsing history and the content visited.

Where does consent come into play?

Most global privacy laws such as the GDPR require organizations to obtain the user’s consent before the use of cookies. Such consent must be freely given, specific, informed, and unambiguous indication of the data subject’s wishes. These laws will help consumers feel safe and organizations will have to be much more careful with their data. Obtaining these cookies will although be easy, it will still need consumer’s consent if it has to be processed.

Given the increased frequency and severity of enforcement around consent violations, it is wise for organizations to invest in automation at an early stage of the compliance process and prepare your organization for all data privacy regulations around the world – not just the existing ones but also those that are upcoming.

Conclusion

Cookies may be deemed as a privacy threat, but global privacy regulations ensure that none of personal data can be processed without their consumers’ permission. This will protect the users privacy and also give incentive to organizations to use a first-party approach in order to extract data. That being said, automation is necessary, now more than ever, for any organization that is hoping to comply with privacy regulations in a scalable way.

About the Author: Anas Baig

With a passion for working on disruptive products, Anas Baig is currently working as a Product Lead at the Silicon Valley based company – SECURITI.ai. He holds a degree of Computer Science from Iqra University and specializes in Information Security & Data Privacy.


facebook linkedin twitter

cookies Cybersecurity cybersecurity news Hacking hacking news information security news Pierluigi Paganini privacy Security Affairs Security News

you might also like

Pierluigi Paganini July 04, 2025
Critical Sudo bugs expose major Linux distros to local Root exploits
Read more
Pierluigi Paganini July 04, 2025
Google fined $314M for misusing idle Android users' data
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

    Malware / July 05, 2025

    Critical Sudo bugs expose major Linux distros to local Root exploits

    Security / July 04, 2025

    Google fined $314M for misusing idle Android users' data

    Laws and regulations / July 04, 2025

    A flaw in Catwatchful spyware exposed logins of +62,000 users

    Malware / July 04, 2025

    China-linked group Houken hit French organizations using zero-days

    APT / July 03, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT