sneaky cookie consent

What do you actually gain by accepting the cookie consent? 

Cookies are small text files that websites place on your device while you are browsing. Cookies make this information available to websites when you visit them again, so that they can remember you and your preferences and thus adjust the page content for you based on this information.

Functional cookies

Functional cookies are technical cookies. These are necessary for the proper functioning of a website and are certainly also part of the cookie consent. In general, these cookies disappear automatically as soon as you leave the website. No permission is required for the use of these cookies. 

Analytical cookies

Websites use analytical cookies to, among other things, keep track of visitor statistics and are therefore part of the cookie consent. Website operators use the cookie consent to improve the website and in principle they do not store any personal data.

If the analytical cookies cannot be used to treat users differently, they have hardly any consequences for the privacy of the user and you do not have to ask for permission.   

tracking cookies

Parties can also use the so-called 'tracking cookies', also known as third-party cookies. First-party cookies are created and stored by the domain the user is directly visiting to improve the customer experience. These cookies allow the website to remember user preferences such as passwords or language, but they also help the website to better understand visitor behavior.

Third-party cookies, on the other hand, are created by domains that the user does not visit directly. In this way they can follow many users across multiple domains and thus build customer profiles to gain insight into their surfing behaviour. 

Malicious cookies?

Cookies themselves are harmless and cannot infect computers with viruses because the data in a cookie does not change as it travels back and forth. It does not affect how your computer works. So you would say: agreeing to a cookie consent is therefore best. However, there is a 'but' to it.

However, cookies can be used for malicious purposes and the cookie consent does not take this into account. Sensitive cookie data can be intercepted, for example, if an attacker or unauthorized person intervenes in the data transfer. 

What does the law say?

Recital 24 of the E-Privacy Directive states that cookies can be a legitimate and useful tool to investigate the effectiveness of website design and advertising and/or to determine identity.

Pursuant to Article 11.7a of the Telecommunications Act (Tw), you must inform the user of your website about placing and/or reading cookies on their device.

In addition, tracking cookies, in combination with other data collected about the website visit, are also the General Data Protection Regulation (GDPR) applicable. The user must unambiguously and with an active action (again: the cookie consent) give permission for the placement and reading of tracking cookies.

For example, pre-ticked boxes or a cookie wall with texts along the lines of 'if you continue on this website you agree' do not count as a valid way of asking for permission. 



Protecting your identity is very important. there are plenty of cases of identity theft. Criminals who make off with your passport, credit card or personal information have almost always started their search online. It is the right of every internet user to be and remain protected. That is why it is important as a user to be aware of the risks associated with accepting cookies.

Cookies are almost unavoidable and by disabling cookies you can block access to the most used sites on the internet such as Youtube, Gmail, etc. Even search settings require cookies for language settings.

What can you do next time when given the choice? 

  • Refuse

    Access to websites should not be dependent on your permission. They must always give you access, even if you refuse tracking cookies. The Dutch Data Protection Authority checks whether websites comply with these rules. So if you cannot visit a website without cookies, you can report this to the Dutch Data Protection Authority.

  • Actively manage

    Each browser gives you the option to manage or restrict third-party cookies and tracking cookies.

    If you are comfortable with cookies and you are the only person using your computer, you can also set expiry periods for storing your personal access data and browsing history.If you share access on your computer, it is possible to set your browser to delete private browsing data when you close the browser.

    This is not as secure as completely refusing cookies, but this way you will still be able to access the website. The sensitive data will be deleted after you end the browsing session.

  • Update your browser
    Set your browser to update automatically. This eliminates security vulnerabilities caused by outdated browsers. Many cookie-based exploits are based on exploiting the security flaws of older browsers. It is also important that you restart the browser, otherwise the update will not be applied.
  • Delete/Block
    Consent to cookies can also be withdrawn. You do this by deleting the cookies. This can be done in the browser with which you visit the website. 

This way you have the choice. You avoid being locked out online just because you are consciously concerned with your privacy.


IT Security
Lennert Hut

Don't turn a private password into a business threat

Private passwords are thrown around a bit too often and therefore also pose a business risk. A password manager offers convenience at home and at work. But above all: it prevents threats, because private passwords also meet business standards for IT Security.

Read more "