Skip to content

What You Need to Know about Privacy Statements and Cookies


At times, online privacy statements are lengthy, convoluted texts of boring legal jargon. Yet, it seems like every app and every online purchase requires agreeing to them. We’ve all been guilty of scanning through and signing online privacy statements without reading the fine print. But if we do so on a less than credible website, or agree to sharing information that we’d prefer not to share, we open ourselves up to intrusive personal data collection.

Know what you’re signing

It’s vital you read the fine print in any privacy statements you sign, and that you comprehend the privacy policies of apps and websites when you first open them. Most privacy policies are in place to protect the consumer, and aren’t asking for your life-long allegiance or your firstborn child. However, some privacy statements may sell your information to a third-party or ask for access to your personal identifiers. You need to learn to distinguish the difference between the two.

Which brings us to cookies. Cookies deceptively sound like delicious internet morsels to bring us comfort. Internet cookies aren’t inherently bad–some may actually benefit us. Yet, if we blindly accept all cookies, we may allow unscrupulous companies to mine our data and use it nefariously. Should we accept all cookies, then? Or should we reject every cookie to come our way?

The short answer is, we should use wisdom when accepting cookies. Nevertheless, we shouldn’t reject all cookies either: Some cookies may bring us the same delight as Grandma’s chocolate chip goodness. Others could bring as much headache and disgust as if we ingest prune-sardine flavored cookies.

The internet security measures we need to educate ourselves on can overwhelm us at times. But if we know what to look for, we can save ourselves future pain and security breaches.

 We’re breaking down website privacy statements for you, and helping you to distinguish between amazing internet cookies and burnt, stale cookies to avoid. 

Why you should read a privacy statement

If you’re downloading an app, or signing up for a subscription or website access, you should always look for a privacy statement. Typically, prompted privacy statements appear during the sign-up process on a website or app. However, if you don’t receive a privacy prompt, a privacy statement link should appear on the bottom of a homepage.

In 2018, the European Union passed a regulation on internet privacy statements called  The General Data Protection Regulation. The regulation calls for privacy statements to use clear, plain language and to be easy to comprehend. Of course, not all companies follow this regulation and some use extremely small text, full of legal terms, to cram in an overwhelming amount of information.

If you don’t have the time to carefully read through a long privacy statement, you should still hold a basic understanding of what you’re signing. There are several key terms to watch for and to avoid — including vague language and heavy use of legal jargon. 

Avoid vague privacy statements with convoluted language

If a privacy statement isn’t transparent, you may want to avoid signing it. Although many companies active on the Internet collect and store our information, most do so to make our future use of the site or app more seamless. Even the most secure websites will often use algorithms to tailor their marketing campaigns based on our Internet activity.  However, companies like Google make their purposes and security obvious in their privacy statements — if we read through these statements we can clearly understand how our information is both stored and used. 

When privacy statements don’t explicitly state that they’re selling your data, but they  include language that sounds like third-parties may purchase your information, chances are your information is being sold. At times, using the websites of these organizations is unavoidable, but if you can avoid doing so, choose another route to find what you need. 

The data foundation Acxiom provides one example of a company with a poor user privacy policy — according to Go BankingRates, Acxiom’s database contains personal information for 68% of global internet users. This information may be sold to third parties.

Murky language can leave us wondering what aspects of our personal profile information are being stored, and if our information is being sold to marketers. If a website asks for your personal information and lacks a privacy statement, you should take that as a red flag and click away. 

A 2014 survey by Pew Research states that 91% of polled Americans believed we’d lost control over how our internet data is collected. This belief still rings true today, too.  Again, it’s impossible to completely avoid the storage of our personal data, but we can rest easier when we know this information upfront.  

Look for opt-outs on privacy policies

When we sign up to access a website or app, many companies will give us an option to opt out of newsletters or promotional advertisements. It’s as easy as unchecking boxes at the end of the sign-up process. This is a privacy amendment that’s used more and more — especially for popular, heavily-trafficked websites. 

For instance, after completing the sign-up for the CBS Sports app, we’re given the option to receive notifications, newsletters, marketing material, etc. By simply scrolling through and deleting the check mark in each option, we’ve opted out of using these app features. Sometimes these promotional offers include marketing from affiliate websites or applications. By opting out of this material, we can possibly keep our names off of affiliate marketing lists.

Secret socket layer encryption

When reading over privacy statements, look for any reference to Secret Socket Layer Encryption (SSL). This security protocol sounds like a cool futuristic gadget from a sci-fi film, but it’s used widely today as an internet security measure. Over ten million companies use a digital certificate (DigiCert) SSL for website encryption, including Samsung . It’s a great additional privacy layer used by some companies to protect any of the personal information we’ve shared with their databases. 

Typically, free websites and social media platforms will not use SSLs, but if you’re paying for membership, products, or services from the sites you’re accessing, SSLs can alleviate some of your stress over privacy.

Some cookies are magic: when accepting cookies can be beneficial

Internet cookies can help us; not all cookies are bad. Sometimes, accepting cookies will allow for a seamless Internet experience. When cookies are placed by first parties (ie. the actual websites we visit), they can keep track of our activity on the website, so we don’t have to start over again each time we revisit. On the other hand, third party cookies are often placed by advertisers. We don’t necessarily want “Geriatric Aids For You” to have access to our personal data or target us with spam emails.

The first cookies ever used on computers appeared with the dawn of the internet. Netscape, one of the earliest internet browsers, used cookies to enhance a web user’s experience. “Magic cookies” is a term from the ancient (20th century) world of information technology. They refer to the information packets sent when we log into computer database systems, and they allow those systems to recognize us each time we log in. Magic cookies don’t send our personal data to unknown third parties, but they help interfacing with AI, and improve our overall computer experiences. 

HTTP cookies were built off of the magic cookies as a way to track Internet activity for the individual user. They’ve since evolved into a lucrative industry for advertisers and data brokers alike. However, we must accept some of these cookies for our web experiences to work properly. 

The most innocent HTTP cookies — the cookies used on the internet today — allow websites to recognize you. By storing HTTP cookies on your smart device, you save yourself the hassle of filling out your information with each return visit to a website. Let’s look at some of the instances where you should accept HTTP cookies:

  • After filling an online shopping cart so that you may save your items
  • To allow for easier log-ins
  • To gain access to content on websites that require cookie acceptance
  • To find relevant content more easily

When accepting cookies could harm you

Unfortunately, some accepted cookies pose potential risk to you as well. If you think you may have accepted some of these cookies in error, here’s an easy way to clear the cookies on most operating systems. And, here are some of the red flags of malicious cookies that you should decline:

  • Websites asking you to accept cookies that also host a plethora of pop-up ads
  • Unencrypted websites: the websites without the “lock” in their http address. This means the site isn’t secure and can expose your information to hackers.
  • Cookies piggybacking on the host website. If the cookies come through the aforementioned popup ads or external links, you should refuse them. 
  • Any cookies your antivirus software warns you about. Typically, this will occur when you click on a website. A pop-up notification may alert you to the shady nature of these cookies. The antivirus program you run on your computer is there to help and not to hurt you. Heed its warnings. 
  • On any site that requires your personal information. If you’ve entered your bank account number or social security number, do not accept cookies when prompted, as this data could fall into the hands of hackers or other third parties.

It’s always a good idea to at least scan online privacy statements before signing anything or utilizing a website. If a privacy statement contains transparent, concise language, it’s probably a safe site for us to use.

 We shouldn’t blindly accept all cookies, but Internet cookies aren’t inherently bad either. Cookies can help better our web experiences. However, it’s important to look out for bad cookies, too.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
Security awareness is the first step towards better security.

Security Awareness: Understanding and Appreciating the Risks

All security is personal. The first step towards better personal security is better security awareness. But in…

[Read More]
Cyber security risks are always evolving.

Cyber Security Risks: An Ever-Evolving Challenge

Using any technology comes with risks. Understanding that risk and how it evolves as technology evolves is…

[Read More]
Corporate espionage is effective, but not as sophisticated as you might think.

The Secrets of Corporate Espionage

Corporate espionage is alive and well, and not nearly as sophisticated as you might think. Competitors are…

[Read More]

Technology from James Bond Movies that Exists Now

James Bond movies first hit the silver screen in 1962 with the release of Dr. No. Based…

[Read More]

The Dangerous Evolution of Ransomware

The phrase “ransomware” strikes terror into the figurative hearts of corporate heads and IT professionals. A dark,…

[Read More]

Is Your Boss Allowed to Track Your Internet Usage?

With so many people working from home now, one big question employees have started asking is: Can…

[Read More]