Cookies: What You Should Know Before You Click “Accept”

In today’s digital world, cookies are everywhere. These tiny files, stored on your device as you browse the web, might seem harmless at first glance. But did you know that in certain cases, they’re treated as personal data under European law? That’s right—when combined with other identifiers, cookies can reveal the identity of an individual. And with that comes a whole set of legal responsibilities.

Under Polish telecommunications law (Article 173), website owners cannot place or read cookies on your device without your explicit consent. Simply put: no cookies until you say “yes.”

But that’s just the beginning. Because some cookies help collect personal data, they also fall under the General Data Protection Regulation (GDPR). This means that any data processing based on cookies must have a clear legal basis—either your consent (Article 6(1)(a) of the GDPR) or a legitimate interest pursued by the website owner (Article 6(1)(f)).

So, what does proper consent actually look like?

Here’s the checklist:

  • Consent must come first: Cookies can only be placed after you’ve agreed to it.
  • You have to be informed: Before giving consent, users should get clear and comprehensive information—typically found in a site’s Cookie Policy or Privacy Policy. This includes:
    • What types of cookies are being used,
    • Why they’re being used,
    • And how you can change your cookie settings at any time.
  • Consent must be active: Passive agreement isn’t enough. You need to take an action—like clicking “I agree” or “Continue to site”—to make your choice clear.

To meet these requirements, many websites now use pop-up banners or consent bars that appear when you first visit.

And one more important thing: Website administrators are expected to keep a record of your consent, just in case they need to prove it later.

So next time you see that cookie banner, remember: it’s not just a formality. It’s your data, and your choice.

What are cookies and why are they sent to websites?

What are cookies?

Cookies are small text files that websites store on a user’s device (computer, smartphone, etc.) through the browser. They contain information about the user’s interaction with the website, such as settings, preferences, or session identifiers.

Why are cookies sent to websites?

  1. Personalization: Cookies allow websites to remember user preferences, such as language, region, theme, or interface settings, to enhance the user experience.
  2. Authentication: Cookies store login information, so users don’t need to re-enter their credentials each time they visit a site.
  3. Session Tracking: Cookies help websites track user actions within a single session, such as keeping items in an online shopping cart.
  4. Analytics: Websites use cookies to collect data on user behavior (e.g., visited pages, time spent on the site) to improve functionality and content.
  5. Advertising: Cookies enable targeted advertising by leveraging data about a user’s interests and online activity.
  6. Security: Cookies can be used to prevent fraud, such as verifying user authenticity.

Why are they necessary?

Sending cookies is essential for many website functions to work correctly. Without them, a site may not remember your settings, may require repeated logins, or may fail to provide personalized content. However, websites must handle cookies in compliance with data protection laws (e.g., GDPR in the EU), obtaining user consent and offering options to manage cookie preferences.

If you wish to limit cookie transmission, you can configure your browser to block certain types of cookies or use incognito mode, but this may affect the functionality of some websites.