The Weekly Breach Breakdown: What You Need to Know About Cookie Preferences

Accepting Cookies on New Websites You Visit? Here’s What to Consider

• Most people in the U.S. have visited a website and accepted cookies. Cookie preferences can be traced directly to the European Union’s three-year-old privacy law, the General Data Protection Regulation (GDPR).
• States are increasingly giving consumers the right to opt-out of data collection and use under new privacy laws. Also, some web browsers allow you to block most cookies, even if the website owner does not give you any cookie control.
• There are also good cookies, known as “essential” and “performance” cookies. They help ensure you have a good website experience.
• What makes a good cookie preference notice is one that starts with all cookies being turned off so you can choose to enable them.
• To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.
• For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

I Know It When I See It

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for July 2, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we talk about those annoying cookie preferences and notices that pop up when you visit a website.

In 1958, filmmaker Louis Malle released The Lovers, a movie so racy that it was banned in some states as “obscene.” That didn’t stop a theatre owner in Ohio from screening the film, leading to his arrest and ultimately what is believed to be the most quoted line from a U.S. Supreme Court ruling.

The question before the court was how to define “obscene”? That prompted Justice Potter Stewart to write in his opinion overturning the criminal conviction, and this is paraphrased, “I don’t know how to define pornography, but I know it when I see it.” That’s kind of how it is with cookie preferences and other privacy notices on websites these days. I don’t know how to describe what’s a good one, but I know one when I see one.

What Are Cookie Preferences on Websites?

Cookie preferences can be traced directly to the European Union’s (EU) three-year-old privacy law, the General Data Protection Regulation (GDPR). The GDPR requires knowing and informed consent before data can be collected about an EU resident by a company anywhere in the world.

That provision has doomed some kinds of cookies and data collection practices in the EU, such as web tracking cookies. It’s impractical to get permission from a website visitor every time a tracking cookie is ready to attach before the snippet of code is launched to collect your information.

For the remaining forms of allowable cookies, that’s where the cookie preference notice comes into play. You have to give your permission if you are in the EU or U.S. Many companies that have to be GDPR compliant give you the chance to set your own cookie preferences, even though it is not necessary.

Other companies in the U.S. try the old “negative selection” approach for non-EU visitors. That is to say, you will see a notice that says something to the effect of “if you continue to use our website, you agree to our policies including the use of cookies.”

Avoiding Cookie Preferences

That is not allowed under the GDPR for EU residents, but it’s fair game in the U.S., at least for now. Increasingly, states are giving consumers the right to opt-out of data collection and use under new privacy laws. Some web browsers – including Safari, Firefox, DuckDuckGo and Brave – allow you to block most cookies, too, even if the website owner does not give you any cookie control.

Good Cookie Preferences

Notice we said, “block most cookies.” Some cookies are beneficial and do not collect mass amounts of data about you and where you go on the web. They are known as “essential” and “performance” cookies. They help ensure you have a good website experience. When given the choice of allowing those kinds, you are fine accepting cookies.

The key here is consent and giving you the ability to decide for yourself if you want to load up on them; accepting cookies so you can see more ads about Nike Air Force One sneakers as you search the web. What makes a good cookie preference notice? One that starts with all cookies being turned off so you can choose to enable them. That makes it easy to know “it” when you see it.

Contact the ITRC

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org, where you’ll find helpful tips. You can also sign-up to receive our regular email updates on identity scams and compromises. Look out for our analysis of data breaches in the first half of 2021 that will be released on July 8.

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast, the Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.