As part of GDPR, companies based outside of Europe can be hit with huge fines if they track and analyze EU visitors to their website. In other words, say your company is located in New York, but this company has European visitors and customers or collects their data. If that’s the case, they could face tens of millions in fines if they don’t disclose data collection and obtain user consent.
Understandably, US companies want to avoid huge fines, which is why US users are seeing more and more of these permission boxes.
The boxes are designed to offer users more control over their data, as EU legislation has been introduced to protect all data belonging to EU citizens and residents. The confusion in the US market exists because the country does not have similar laws to protect the privacy of its citizens.
In February 2022 Saryu Nayyar wrote a piece for Forbes which asks if it’s time for a US version of the GDPR. Nayar wrote that the point of such a law would be to “obtain express consent for data collection and delete data if consent is withdrawn.” That sounds like a great idea, but after consulting Montuli, the privacy plot thickens.
Personally, I find it impossible to separate cookies and privacy online. I asked Montuli if it was true that everything on the Internet stays on the Internet.
“No,” he says. This is because information on the Internet is separated from your current online presence. The purpose of the cookie is to allow the website to know when the same browser returns. The cookie may contain additional information. “But its predominant use is to pass the ID to your browser as an identifier,” he says.
“So they can see that it’s the same browser that was here a few seconds ago or even a few months ago. But once the cookie is cleared, it’s no longer attached to you.”
The lack of transparency about how cookies work and who manages the data collected by them is a big part of the problem. When you visit a major website that has employed a third-party ad tracking network, your browser may receive a third-party cookie without your knowledge. “The lack of transparency means that another cookie from another website added embedded content without your knowledge.”
Montuli says that if you clear your browser’s cookies frequently, there are no more files attached to you and your personal data, at least for that first-party website. “When you return to this website after clearing your cookies, or even if you have a new set of cookies, there is no connection between your browser and the browser that connected to this site several months ago with this old cookie.”
To test the hypothesis, I tried managing and blocking cookies on random sites. I completely ignored the permission box of everyone who asked me to accept cookies. Most of these sites allowed me access anyway. Only a few sites blocked me because I ignored the permissions box. In these cases, the only decision I had to make was whether to trust the site. Since I didn’t really need to read content from these sites, I just moved on. After all, it doesn’t hurt to choose the cookies you want to accept and the ones you want to block. Just be prepared to do it every time you visit or every time you clear your cookies, which you should probably get used to doing regularly.
