Are Cookies Considered Personal Data Under GDPR?

Cookies are not considered personal data under the General Data Protection Regulation (GDPR) because they do not directly identify a user. Cookies are small pieces of text that are stored on a user’s computer by a website. They are used to track a user’s activity on the website and to store information about the user’s preferences, but they cannot be used to identify a specific person.

Which Cookies Do Not Process Personal Data?

Not all cookies process personal data. In fact, there are a few different types of cookies that don’t collect any information whatsoever about users.

One such type of cookie is the session cookie. This cookie is used to track user activity during a single browsing session. It expires when the user closes their browser window or logs out of their account. Because it doesn’t store any personal information, the session cookie is perfect for keeping track of things like pageviews and clicks.

For more info, take a look at Understanding GDPR and Cookie Consent in E-Commerce.

Are Cookies That Process Personal Data GDPR Compliant?

Which cookies that do process personal data compliant?

Cookies that process and store personal data need to be compliant with GDPR. The regulation calls for more transparency from companies when it comes to data collection and use. This means that cookies need to be clear about what information they’re collecting and how it will be used.

If you wish to read more about GDPR compliance, read through our e-commerce privacy policy guide and our confidential and sensitive information post.