“A good but forgotten past”: the 1997 cookie specification already met the GDPR

3 min


We tell you who developed the document and how it resembles the European data protection regulations. We’ll also talk about tools that help solve the problem with setting cookies.


Photo – sheri silver – Unsplash

Cookies and privacy issues

The technology of cookies has created a problem related to the privacy of personal data. They have been talking about her since at least 1996. Then the Financial Times magazine even published article with title “This Bug in Your PC is a Smart Cookie”. Its authors wanted to draw public attention to the fact that advertising firms use cookies to track user movements on sites.

Today, issues related to the security of personal data are dealt with at the legislative level. For example, in Europe getting ready to accept ePrivacy Regulation bill, and since 2018, the General Data Protection Regulation (GDPR) has been in force in the region. They have strict cookie requirements. But interestingly, even the very first cookie specification, released in 1997, fully complies with the GDPR requirements and largely duplicates European law.

What is this specification

It was composed by engineers from Netscape Communications. The same company developed the browser of the same name and introduced cookies technology in 1994. Document and issued in the form RFC 2109 and contains a list of basic recommendations for site owners.

In particular, the document did not allow Internet resources to set third-party cookies or at least activate them by default. In turn, Article No. 30 The GDPR requires sites to notify visitors of the installation of cookies and to obtain consent. RFC 2109 also says that users should have full control over their data and be able to revoke permission to set cookies. A similar requirement is in the European regulation.

How to block unwanted cookies

Despite fines on GDPR – which can reach 20 million euros – many sites continue to set optional cookies. Therefore, there are tools for counteraction.


Photo – Kari shea – Unsplash

Browsers offer extensions that block unwanted and tracking cookies. For example, the FireFox utility prohibits installation social media trackers, cross-site tracking cookies, and fingerprint collectors. Other browsers have similar solutions – Safari and Brave. At the beginning of the year Google announcedthat Chrome will also start blocking third-party and advertising cookies. However, new functionality will be introduced gradually – over two years.

A number of organizations are developing standards that should simplify the use of cookies for users. One of these standards could be a framework. Do not track (DNT) from the W3C consortium. Although initially they was engaged US Federal Trade Commission. His idea was to add a function to browsers that tells sites whether the user has allowed cookies to be set or not.

But unfortunately, the first studies of Forrester analysts showThat the new standard does not work. Popular resources ignore the framework and act in accordance with internal security policies. And in January 2019, the W3C working group turned my job. However, there remains hope that in the future a new project will appear that will continue the work of the consortium and finally bring it to its logical conclusion.


Posts from the blog 1cloud.ru:

Situation: Do AdTech companies violate GDPR?
Potential attacks on HTTPS and how to defend against them
What tools will help meet GDPR
Why mainstream browser developers again refused to display the subdomain



0 Comments

Leave a Reply