Photo – sheri silver – Unsplash
Cookies and privacy issues
Today, issues related to the security of personal data are dealt with at the legislative level. For example, in Europe getting ready to accept ePrivacy Regulation bill, and since 2018, the General Data Protection Regulation (GDPR) has been in force in the region. They have strict cookie requirements. But interestingly, even the very first cookie specification, released in 1997, fully complies with the GDPR requirements and largely duplicates European law.
What is this specification
It was composed by engineers from Netscape Communications. The same company developed the browser of the same name and introduced cookies technology in 1994. Document and issued in the form RFC 2109 and contains a list of basic recommendations for site owners.
In particular, the document did not allow Internet resources to set third-party cookies or at least activate them by default. In turn, Article No. 30 The GDPR requires sites to notify visitors of the installation of cookies and to obtain consent. RFC 2109 also says that users should have full control over their data and be able to revoke permission to set cookies. A similar requirement is in the European regulation.
How to block unwanted cookies
Despite fines on GDPR – which can reach 20 million euros – many sites continue to set optional cookies. Therefore, there are tools for counteraction.
Photo – Kari shea – Unsplash
Browsers offer extensions that block unwanted and tracking cookies. For example, the FireFox utility prohibits installation social media trackers, cross-site tracking cookies, and fingerprint collectors. Other browsers have similar solutions – Safari and Brave. At the beginning of the year Google announcedthat Chrome will also start blocking third-party and advertising cookies. However, new functionality will be introduced gradually – over two years.
But unfortunately, the first studies of Forrester analysts showThat the new standard does not work. Popular resources ignore the framework and act in accordance with internal security policies. And in January 2019, the W3C working group turned my job. However, there remains hope that in the future a new project will appear that will continue the work of the consortium and finally bring it to its logical conclusion.
Posts from the blog 1cloud.ru:
Situation: Do AdTech companies violate GDPR?
Potential attacks on HTTPS and how to defend against them
What tools will help meet GDPR
Why mainstream browser developers again refused to display the subdomain