Article 29 Working Party means the body made up of representatives of all 27 of the EU data protection authorities. It is tasked, amongst other things, with clarifying the interpretation of the EU Data Protection Directive, the national implementing legislation and to contributing to uniform application of the EU Data Protection Directive across the EU. Its opinions and recommendations are not binding but are usually followed by national data protection regulators in framing their own guidance on national legislation.
Cookies - cookies are small text files that are deposited in a user’s browser directory when the user visits a website and which can be programmed to collect information accessible through that browser. The text file with the information is then sent back to the website publisher each time the user returns to the website.
Session Cookies - session cookies collect information about the user relevant to that visit to the website and are active only during that session. Without a session cookie, user log in information and the contents of online shopping carts would need to be re-keyed whenever a user moved to a different webpage. The session cookie allows the user to be recognised as the user moves through that website session.
Persistent Cookies - persistent cookies collect information about the user from previous visits to a website and make that information available to the website publisher when the user returns. This information can allow the website to authenticate the user more easily and to serve up web pages set to the preferences the user selected in previous sessions (e.g. language of site or other preferences).
First Party Cookies - cookies that are set and read by the website publisher.
Third Party Cookies and Online Behavioural Advertising - it is not only the website publisher who can place a cookie in a user’s browser directory when the user visits a site. The website publisher can permit third parties to deposit cookies and most websites that carry third party advertising do permit third parties, known as Advertising Network Providers, to place and read persistent cookies at the same time as serving their advertisement with the webpage.
The diagram below sets out how online behavioural advertising works. The Advertising Network Provider contracts with advertisers to place advertisements on websites that will be most relevant to the user and likely to generate sales for the advertiser’s products. The Advertising Network Provider also contracts with website publishers to serve the advertiser’s advertisements on the website publisher’s website and to allow the provider to place a cookie on the website to collect information about the preferences of the user of the website. The user of the website is generally only identifiable by reference to the IP address from which the user is accessing the website. The persistent cookie for that user can be read by the Advertising Network Provider at each website visited by the user that it places advertisements on. Ubiquitous Advertising Network Providers are therefore able to build up valuable profile information about the user which allows them to place more relevant advertisements.
Advertising that selects advertisements using this process is known as Online Behavioural Advertising.