Cookie law conundrum: Do you know what your webmaster is busy baking?

Cookie policies range from the “buried deep within the privacy cookie jar” to the “flashing Kmart end of aisle cookie sale.”

Gary Goodwin

Karma. I may have been a scoundrel in a previous lifetime. As penance, I voluntarily reviewed 10 webpage privacy statements from five prestigious law firms, four somewhat intrusive social media organizations and one highly regarded national magazine for lawyers in Canada. Did I say well written? That, too.

Cookie policies range from the “buried deep within the privacy cookie jar” to the “flashing Kmart end of aisle cookie sale.” Cookies refer to the little crumbs of text file code that websites place on users’ browsers that land on the organization’s webpage. These cookies do not contain any coding themselves, so they cannot transfer any viruses or other types of malware. But like real cookie packaging, you must read to the bottom of the ingredient list to determine what your system ingests.

Cookies come in two major flavours. Session cookies store information about user page activities so that users can easily pick up where they left off. Think of them as celery cookies — light and non-fattening.

Compare these to persistent cookies that store user preferences. These websites allow the user to customize how information presents itself through site layouts or themes. These denser, chocolate-laden type of cookies adhere to the fatty midsection of your browser.

Cookies cannot be executed nor are they self-executing, but like real cookies, they can be insidious — or at least the information on them can be used maliciously. Similar to your personal profile, your browser history can show where you have been and what you have been consuming.

The cookie continuum provides a range of uses for various organizations. The responsible and ethical approach entails clear descriptions of how cookies are deployed on their site. The privacy policy for the various law firms are conservative and straightforward . . . for legally trained individuals at least.

Canadian cookies delight the user. Most websites track usage, but some of the Canadian sites merely indicate that they “may” attach cookies. This light approach appears more like a digestive biscuit cookie. Good for gumming and easy to absorb.  

Firms in the United States use Twinkie-like cookies that look innocent and light, but the fat and sugar consumed have persistent lasting effects. The cookie policy for one large law firm broadcasts the use of cookies similar to the exclusion clause you learned about in law school. Red ink with arrows. Here users see a banner ad at the base of the webpage warning about cookie usage. The banner clearly states that the individual consents to the use of cookies by using the website.

These persistent cookies act like the classic Pac-Man game and capture information such as your operating system, browser software, IP address and the full uniform resource locator. They do then load on the full-calorie cookie, which allows a number of features such as accessing secure areas of the website, analyzing information and tracking how you share content from the law firm website via social media or email, using sharing buttons provided by AddThis, for example. Cookies always extract a cost.

Although the cookie usage seems somewhat invasive, you may be asking what the Canada Anti-spam Law says about this? For certain types of programs, such as cookies, you are considered to have express consent without requesting it, so you can distribute (attach) cookies to users.

The Facebook cookie policy portrays a sense of permanence likened to real cookies laced with trans fat to extend shelf life. Here, cookies provide for authentication, security and advertising. The cookies allow Facebook to deliver ads to people who have previously visited a business’ website, purchased its products or used its apps. Fortunately, the cookies allow Facebook to limit the number of times you see a particular ad. You can innately appreciate the benefits of seeing ads in which you would be interested, but at some tipping point, the ads can come across as stalking. Do you want people looking over your shoulder to know what products or services you were researching the night before?

Cookies help businesses understand the kinds of people who like their Facebook page or use their apps so that they can provide more relevant content and develop features that are likely to be interesting to their customers. Ultimately, cookies help store preferences to provide customized content and experiences.

This “pull” type of marketing experience benefits a potential client interested in receiving certain advertisements for relevant products. Perhaps seeing a sale on litigation services would finally convince that reluctant client to file that civil lawsuit?

Law firms have room to move up the cookie continuum to provide a more individualized website experience. Admittedly, clients may prefer not to open up their browser in a coffee shop and receive updates on the developing law of criminal fraud, but those showing interests in mergers and acquisitions may prefer to see a website customized on that basis. Cookies with sprinkles could be the next big thing.