Beware of 3rd Party Cookies for E-commerce sites
What’s A “Cookie” Anyway?
A cookie is a message given to a Web browser by a Web server. The browser stores the message in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server.
Information acquired with cookies helps the Web server track such things as user preferences and data that the user might submit while browsing the site. For instance, a cookie might include data about the purchases that the user makes (if the Web site is an ecommerce site), or the cookie might “remember” the user’s contact information so the user won’t have to re-key it on future site visits.
1st Party and 3rd Party Cookies Distinguished
There’s an important difference between 1st party and 3rd party cookies. If you use 1st party cookies, they’re passed to a visitor by your site, and the data generated remains with your site. But then, if you hire an independent company (such as Google with its Google Analytics program) to pass the cookie, that cookie is called a 3rd party cookie.
Privacy Concerns With 3rd Party Cookies
Privacy concerns rise from the fact that the data generated with 3rd party cookies resides on the servers of the 3rd party — not your server. The fact that you don’t control these 3rd party sites and their use of this data has raised concerns among many users. For example, users have questioned whether these 3rd party sites aggregate the data among several sites and report ecommerce trends to the media, or whether the 3rd party sites use the data for purposes of cross-website profiling and ad targeting.
And what is your legal obligation to expose the use of 3rd party cookies? In the European Union, it’s illegal to pass cookies without informing users that you do, what they’re utilised for, and how they can be avoided, and it’s generally believed that the failure to adequately disclose the details of the use of 3rd party cookies is a violation of EU law.
In the US, there’s an evolving debate regarding the same issues, and the answers are less certain.
Conclusion
It’s suggested that if you use 3rd party cookies, you clearly disclose in your privacy policy the distinction between 3rd and 1st party cookies, and how they’re used and avoided.
