Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

A Lot of Websites Ask You About Cookies. How Should You Answer?

Why so many sites ask for your permission, and what you need to know about granting it


spinner image cookies coming out of a laptop
Photo Collage: AARP; (Source: Getty Images (2), Alamy)

Those web banners that want your input on cookies use varying verbs — accept, agree, allow, confirm and continue, among others — to ask what’s often the same request: Please let us track your visit to our site.

“A lot of these consent dialogs look pretty familiar,” says Aaron Massey, technologist and senior policy analyst for advertising technologies and platforms at the Future of Privacy Forum think tank in Washington.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. Find out how much you could save in a year with a membership. Learn more.

Join Now

Why do sites keep asking this question?

These queries have become common for one shared reason: data privacy laws in other parts of the world. The European Union’s General Data Protection Regulation imposed privacy rules on companies doing business in the EU in 2018, and many sites haven’t looked the same since.

“GDPR was kind of the initial prompt for this,” says Angelina Eng, vice president of measurement and addressability at the New York-based Interactive Advertising Bureau industry group. “If there is anything from the EU coming to your website, then you need to be compliant.”

That’s why you may find some U.S. news sites are inaccessible while you are vacationing in Europe. Instead of complying with the EU’s regulation, those sites block all traffic from there.

More recently, the California Consumer Privacy Act has added rules, such as giving Californians the right to opt out of sales of their personal information.

As Massey puts it, these pop-up boxes aren’t a case of “the industry doing something just to make it more difficult for you.”

How your choices usually break down

The decisions that sites ask you to make about cookies — tiny text files saved in your browser — often involve picking from a menu of flavors. Some are necessary cookies that websites use for basic visit management, Massey says.

“These are first-party cookies used to maintain really basic details about the session, like whether somebody’s logged in [or] not,” he says. Other first-party cookies can save your choices for options like your preferred language. Still more allow a site’s operators to monitor how different parts perform.

The controversial cookies are third-party cookies that other sites, usually advertising networks and social platforms, set to track your habits across the web to determine your interests.

At some sites — the Future of Privacy Forum’s website is a good example — the dialog box of choices comes preset to block nonessential cookies. At other sites the choice is up to you.

When to click yes or no

“I don’t have any concerns accepting the dialog,” Eng says, explaining she’s seen members of her trade group use this data only to find broad groups of people. “They never specifically home in on a particular user. They use that data to create what we call cohorts in different marketing segments.”

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

See more Technology & Wireless offers >

But companies aspiring to reach customers this way should avoid being too creepy or leaving people feeling powerless, she says.

“I think we probably as an industry need to do better in terms of providing full transparency and control for consumers.”

Tip: You can see the profile Google has built of your interests at myadcenter.google.com.

Sites that offer rewards for clicking through to a shopping site, such as shopping portals that airlines maintain to help people build their miles balance, represent a special case for allowing those cookies.

Tiffany Funk, managing editor of the travel blog One Mile at a Time, says companies have been developing ways to track these click-through transactions without needing cookies. One example is the browser extensions many shopping portals offer.

But she’s not ready to rely on those workarounds, so she enables all cookies in those cases as a matter of self-interest.

“You’re benefiting from the transaction being tracked correctly between the publisher and the advertiser,” she says.

Massey concurs that this scenario represents a different bargain: “You, the consumer, by participating in this, can get some remuneration.”

Your browser can choose for you

Instead of clicking endlessly to deny third-party cookies, your browser can do that work for you automatically. Apple’s Safari, Microsoft’s Edge and Mozilla Firefox all block tracking and marketing cookies by default and will also report how many of these third-party cookies they blocked.

spinner image membership-card-w-shadow-192x134

LEARN MORE ABOUT AARP MEMBERSHIP.

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.

For instance, AARP’s website employs third-party cookies. Safari lists 15 as being “trackers prevented from profiling you.”

Meanwhile, Google’s Chrome allows third-party cookies by default. Google is planning changes to ensure that advertisers can still model the interests of large groups of people without using cookies, but it has repeatedly postponed those plans.

So making a non-Google browser your default can let you ignore the cookie questions at sites if you’re looking for more privacy across the web. It can also defend your privacy if a site tries to place tracking cookies even after you decline them.

But sites have other ways to track you

Researchers at the Swiss university ETH Zurich conducted an automated analysis that estimated 65 percent of sites studied likely did not honor cookie rejections. The team did not respond to questions about the research it plans to present at a security conference in August.

Massey warns that sites can use other techniques, such as “browser fingerprinting,” to track people who don’t use cookies. Your browser’s fingerprint includes such information as the device it’s on, installed extensions, keyboard layout, languages, operating system, time zone and version number. Alone, the information doesn’t mean much, but amassed it allows a website to figure out that you’re not your neighbor.

Apple has upgraded Safari’s defenses against those alternate sorts of tracking in recent releases.

Advertisers already collect less data because of the browser defaults and the limits that Apple and Google now place on mobile apps in iOS and on Android devices, says Eng of the Interactive Advertising Bureau.

“About 60 percent of data signals have been lost [in] the past five years,” she says.

Massey suggests that finding a post-cookie standard that expands people’s privacy and allows advertising to keep most sites free to read won’t be easy.

“It’s a hard problem to solve,” he says. “You still need to have some mechanism for a robust advertising ecosystem.”

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?