That’s the Way the Cookies Crumble

Privacy is a concept that has been fading away since social media and the internet arrived. We give away our personal information without even being conscious of what we are sharing. We don't know who has access to it or the use. The cookies policy is the best example. In Mexico, only 5 of 10 internet users know the use of the cookies policy. This means one thing: we are ready to consume no matter what we compromise along the way. We end up grateful for the privacy invasion.  

Cookies couldn't have a better name to describe their function. This is a reference to the crumbs we leave when we eat a cookie because we do the same when we navigate any website. There are different types of cookies, but the three most common are: those that help the site remember the information of the user, which are mostly used by  e-commerce sites to remember our data, the cart, and our preferences; the analytics and marketing cookies that, as the name implies, recollect data about our behavior on that website; and those that explore the way you navigate and collect information about us to show us ads that could interest us.  

At first sight, cookies appear to be helpful for us. We have access to ads of products or services that we want and which, most of the time, we are looking for on the web; however, how much private information we are sharing when we click “accept all cookies?” 

We are saying yes to sharing all of our internet use: what we look for, our interests, every move on the web. Maybe receiving ads about things we want is not that bad; however, these cookies can be “kidnapped” and your data could be used for a cyberattack. 

Even though Mexico is No. 1 in cyberattacks in the region and security is one of the main concerns among users when they buy from an e-commerce site, the users have no idea of the common practices that give away their data and are a real risk.  

Different countries have established regulations for the use of cookies, mainly forcing every website to ask permission to install cookies and give the option to set the configuration manually. The problem is that we ignore the use and when we look for something, we want it so fast that we don't pay attention or just say “yes” and accede to the provision of information in  the moment.  

Even when the average user has no idea of how their data is being  used with the help of cookies, the entities around the world that regulate cybersecurity are already looking for a future that is cookies-free. This is why Google has presented a new way to understand the user, without invading our privacy. Google has unveiled  Privacy Sandbox and Topics, the new proposal to learn about us, where the tool is only going to gather general information, not specific information. Through this, advertising will still be present and effective, but the amount of information about our digital print is going to be less invasive. Another important fact with this new proposal is that the small files that the website sends to track your behavior (cookies), are not going to leave your devices, but are going to be available to the website to remember you as a user.  

This sounds amazing to us, the user; however, big websites and enterprises have expressed their concerns about the financial impact of this new tracking mode. Why? They will only know what the user wants or needs to share.  

Cybersecurity is, without a doubt, an area of technology that's more important every day. We use the internet for everything, and new ways of violating rules are born daily. But the real problem is that we give away our data so easily. We choose to share our private life on social media, we consume the advertising we receive on the different websites we visit, and the concern about security becomes a secondary need so, how effective can the regulation of cookies to protect our data really be?

It should be noted that cookies are not regulated by the European General Data Protection Regulation or by the Organic Law on Data Protection and Guarantee of Digital Rights. In fact, the General Data Protection Regulation only refers to cookies in Recital 30, but does not deal specifically with its regulation.

The first regulation that arose to regulate cookies was Directive 2002/58/CE.

The initial objective of the so-called “cookies law” or ePrivacy Directive was to guarantee the privacy of users who could be the object of online monitoring practices with the aim of creating profiles.  As a result of this profiling, personalized online advertising campaigns are carried out, which, most of the time, are unwanted.

Subsequently, the so-called "cookies law" was modified with Directive 2009/136/EC, which  established that users should be informed in a clear, understandable and unequivocal way about the use of cookies on online pages. 

In addition to this information, explicit consent was required for the processing of your personal data, which implies the installation of cookies in the browser.