How a Cookie Audit Can Get You Up-To-Date in Today’s Digital Privacy Landscape

Published: July 8, 2019 Updated: July 15, 2019 Author Category Analytics, Data Privacy & Security

Cookies have played an important role in how websites and users interact since 1995. They were long ignored, except within tech-savvy circles, but in recent years they’ve become the focus of conversation.

Evolving from a simple document to improve website usability, cookies have become instrumental in how website users are tracked for advertisement purposes. While cookies have been used in advertising for quite some time, digital privacy has recently become a global issue of which cookies are a big part.

In this post we cover how first-party and third-party cookies work, as well as advertising cookies, the changing legal landscape and how to determine the status of cookies on your website and all others.

Cookies: a brief review

A cookie is a small text document that websites pass to your computer via your browser. Internet cookies have many functions like saving user input, login information, shopping carts, wish lists, analytics, advertising and more. They enhance and simplify the user experience when browsing a website.

Let’s look at the two most popular types of cookies:

  • First-Party Cookie: Cookies created by the website (first-party) you’re currently viewing. For example, you visit, and a cookie is saved on your computer from with all your preferences for viewing this website.
  • Third-Party Cookie: Cookies created by websites other than the one you’re visiting. For example, you visit, the cookie from is saved; again this is first-party. However, if has an advertising banner from, this banner will also save a cookie. This is a third-party cookie: it does not originate from (the website you’re visiting).

Read more about the differences between first and third-party cookies in this blog post:
First-Party vs Third-Party Cookies: Why First-Party Is the Way to Go

Most of the controversial buzz you hear around cookies is related to those used for advertising. Normally, a website saves a cookie to remember your user preferences. This cookie would be used by the website the next time you visit to optimize your experience. In this way, a cookie only benefits one user’s experience with one website.

Third-party cookies are different since they take information from a user who is visiting a different domain. Often this information is taken and shared without the user’s knowledge.

Controversial use of third-party cookies for advertising

Information sharing

Cookies used for advertising – almost always third-party – collect and share information via vast networks about users from millions of websites. To learn more details about advertisers sharing information, check out this post.

Think of it like this:

There are three rooms connected by a corridor. In each room there is one person (website).
These three people share the corridor, but there is no way for them to communicate with each other; they are essentially three information silos.

You enter room #1 and share some information. “Hello, my name is Peter”.

In room #2, you tell the person “I want to buy a BBQ grill”.

In a first-party type cookie relationship only room #1 knows your name, only room #2 knows that you want a BBQ grill, and room #3 doesn’t know anything because you haven’t been there yet. Each room (website) only knows what you have directly shared with them during your visit.

With first-party cookies, you would be greeted in room #3 by hearing “Hi, you’ve never been in my room before. How can I help you?” But in the third-party system you may be surprised when you enter room #3 and hear “Hello Peter, so what color would you like that grill in?” How do they get this information?

Among several other methods, advertising agencies use cookie synching to share data collected across the web from multiple websites. For simplicity’s sake, imagine it as a huge collaborative CRM where they dump all the info they gather about users.

Now let’s go back to our three rooms and the simplified CRM example. When you shared your name with room #1, it was automatically shared with rooms #2 and #3. And your interest in the BBQ Grill was passed to rooms #1 and #3.

People started feeling uneasy when websites they were visiting for the first time served them personalized advertisements. This spurred a movement for the public to get informed, and people started asking questions about the technology that was tracking and targeting them across the web.

The demand for privacy boosting tools such as ad blockers, VPNs and improved web browsers has led to the release of a plethora of cookie killing technology. Apple’s Intelligent Tracking Prevention is a notable example of the industry recognizing the need to step in and offer solutions for consumers concerned about privacy.

Almost every mainstream web browser has followed suit with Apple and now comes with an easy to use, sometimes automatic cookie management system that empowers users to take control of cookies out of the box. See what Google Chrome is doing about it.

It’s not just tech companies who have answered the call of the privacy-conscious public, there is extensive government legislation too…

Even if the General Data Protection Regulation and ePrivacy Directive haven’t caught your attention in the news you surely didn’t miss the slew of messages titled “Changes to our privacy policy” in your inbox.

The European Union’s efforts to regulate data privacy have left their mark and changed the landscape of the internet as we know it. But this isn’t happening only in Europe, and it’s not stopping.

You can see in the months following GDPR implementation third-party cookie use by European news websites dropped 22% on average. (Source)

There has been a drop in third-party cookie use throughout the EU, but as this report (The State of GDPR Consent) shows, many websites still fail to comply with GDPR.

There’s plenty of tools available to help organizations meet today’s privacy expectations. Nevertheless, so many organizations have failed to realize their use of third-party cookies without consent is illegal.

Consent management platforms, for example, which prompt website visitors to provide consent to set cookies, were unheard of before privacy regulations like GDPR came about.

Americans are feeling the pressure of privacy compliance domestically with the California Consumer Privacy Act and Vermont’s Act 171. The shockwaves of privacy reform can also be felt in South America, where Brazil has passed the General Data Protection Law (LGPD).

It’s clear that laws regulating the use of personal data are neither passing trends nor isolated incidents. Read more about privacy laws around the world in this post.

The legality behind how organizations handle individuals personal information is changing. It’s more important now than ever before to take stock and see where you stand both legally and ethically.

You’re responsible for handling the data you gather from people who visit your website. Cookies stack up as your website gets more advanced, and it becomes harder and harder to keep track of what they’re doing.

The first step to establishing where you stand is to find out what cookies you’re setting. The demand for cookie checker tools has been enhanced by privacy regulations and public outcry. Let’s look at how Piwik PRO’s Cookie Scanner works:

Enter the address of the website in question and the email address you want the report sent to. The tool will gather information about all the cookies being set on that website and send the report to you.

The report overview gives you a general idea of how many cookies the website is using and if any third-party cookies were found.

Important information about first-party and third-party cookies is included. Clicking on a specific key provides a detailed drop-down.

Test out our tool and get your free report today

Piwik PRO Cookie Scanner


Organizations are fighting a privacy battle on two fronts. On the one hand, the general public’s knowledge and expectations regarding privacy policies is at an unprecedented high. On the other, legal regulations addressing privacy online are constantly popping up all over the globe and show no signs of slowing.

We hope that using our cookie scanner tool will give you a better idea where you stand. Remember, at Piwik PRO we’re always willing to lend a helping hand when it comes to understanding and managing issues of privacy and compliance for your website.


Peter Curac-Dahl, Content Marketer

Dog petting Wikipedia peruser bound by the universal laws of coffee. Consumer of all info tech and business related. Producing useful insights with concise thought-provoking material.

See more posts of this author