A web user searching information online is likely to be prompted by a “cookie banner” to accept cookies on internet-based platforms.
An instance is a cookie banner on the website of Total Nigeria, bearing this message: “We use cookies to provide you with the services and features offered on our site and to improve the experience of our users. Cookies are data that are downloaded or stored on your computer or other device. By clicking on “OK, I accept”, you accept the use of cookies. For more information, please refer to the Personal Data Policy and Cookies section.”
On the face of it, cookie banners may seem like an unnecessary annoyance, and many web users tick the consent box without knowing the implications and the privacy risks, and this points to why governments globally are becoming more concerned about regulating online business activity.
What are these cookies, how do they impact website visitors’ privacy and what dangers do they pose to online information consumers?
Computer cookies not chocolate treats
A flat, sweet baked snack made of flour, sugar and oil may easily come to mind when the word “cookies” is mentioned, but ‘computy cookies’ have a different meaning.
There are several names for “cookie” in the context being used here: HTTP cookie, a web cookie, an Internet cookie, browser cookie, or even magic cookie.
A cookie is a small amount of data generated by a website and saved by a web browser. Its purpose is to remember information about you, similar to a preference file created by a software application.
It is important to note that cookies have been part of the internet since the dawn of the world wide web, but an office IT solution provider, Ophtek, posits that most internet users are unclear on what they are. Yet, concerns have been building about them for several years now. 2011 saw the European Union (EU) passing the Cookie Law which states that websites need to seek consent before exposing users to cookies.
Why cookies matter
The World Wide Web Foundation explains that cookies allow web servers to identify repeat visitors, preferences, and usage patterns. In terms of significance, as a necessary part of web browsing, cookies help web developers give website visitors more personal, convenient website visits, as well as let websites remember the visitors, website logins, shopping carts and more.
A repository of computing terminology, TechTerms, explains that while cookies serve many functions, their most common purpose is to store login information for a specific site. Some sites will save both your username and password in a cookie, while others will only save your username.
“Cookies are also used to store user preferences for a specific site. For example, a search engine may store your search settings in a cookie. A news website may use a cookie to save a custom text-size you select for viewing news articles. Financial websites sometimes use cookies to store recently viewed stock quotes,” TechTerm explains.
Note that if a website needs to store a lot of personal information, it may use a cookie to remember who you are, but will load the information from the web server when you create an account on a website.
Regulation of cookies in Nigeria
There are two fundamental legal bases for the regulation of the use of cookies in Nigeria: the National Information Technology Development Agency Act, 2007 and the Nigerian Data Protection Regulation, 2019.
In particular, the 2019 Regulation requires that use of “technical methods used to collect and store personal information,” such as cookies, be disclosed in a Privacy Policy. It follows that Nigerian law considers that cookies can constitute personal information.
The language around consent in the Regulation is similar to that of the European Union’s General Data Protection Regulation (GDPR). Consent is defined as: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by a clear affirmative action.”
This would suggest a strong “opt-in” or “express” model of consent. Therefore, it would appear that, as of January 2019, Nigeria does require consent for cookies. In the meantime, note that you have options on how to protect your privacy in respect to the use of cookies.
Cookies and privacy
However, cookies are a vulnerability to privacy given that they are a treasure trove of private information for criminals to spy on.
A tech security firm, Norton, believes that cookies can pose a privacy risk due to the amount of information they can hold as they record your personally identifiable information so they can help auto-fill forms on browsers.
“This information may include your name, address, account login credentials, and more. If you prefer to protect your privacy when it comes to cookies, you may want to delete them. But keep in mind, if you choose this method you will lose the convenience of stored passwords and other data,” Norton explains.
It is worth noting that while most cookies are perfectly safe, some can be used to track you without your consent. Worse, legitimate cookies can sometimes be spied upon if a criminal gets access.
Why you should think twice before ticking the consent box for cookies
There are several legislations that require online content providers to request consent of web users be sought for the purpose of the use of cookies.
However, the World Wide Web Foundation has expressed concern that when cookies are placed by a website in the device of the individual, the operator of the website hardly ever gives a detailed explanation of the purpose of the cookies. In addition, the information contained in the privacy policy is hardly ever clear and comprehensive enough for the individual to provide adequate consent, and thus a legitimate basis for processing personal information.
This is also the case when downloading an app, and consent is reduced to a tick box. Consent in cases where an app is downloaded should be granular, where consent must be asked for every type of information the app will access.
Another concern around the inadequacy of consent, according to the foundation, is where access to a particular online platform or content on websites and apps is denied unless the individual consents to be tracked by technologies like cookies, device fingerprinting, unique identifier injection, or other monitoring techniques.
How to protect your privacy
Guarding your privacy online can be overwhelming. Fortunately, even a basic understanding of cookies can help you keep unwanted eyes off your internet activity.
Significantly, while not allowing cookies in your browser may provide a higher level of privacy, experts do not recommend it since many websites require cookies to function properly. However, the best way to avoid privacy concerns over cookies is to always clean up your cookies.
On how to clean up your cookies, TechTerms explains that “Most web browsers save all cookies in a single file. This file is located in a different directory for each browser and is not meant to be opened manually. Fortunately, most browsers allow you to view your cookies in the browser preferences, typically within the Privacy or Security tab. Some browsers allow you to delete specific cookies or even prevent cookies from being created.”
In the same vein, a security-focused solution firm, Kaspersky, recommends anonymising your web use by using a virtual private network (VPN). These services tunnel your web connection to a remote server that poses as you. Cookies will be labeled for that remote server in another country, instead of your local computer.
In sum, the knowledge of cookies, their uses, risks, regulations, and how to protect privacy against their dangers are important media literacy skills for web users. This knowledge can help a media literate person avoid identity theft and other legions of cyber crimes.
The researcher produced this explainer under the auspices of the Dubawa 2020 Fellowship partnership with Daily Trust to facilitate the ethos of “truth” in journalism and enhance media literacy in the country.
