Cookies – what are they and what do they mean for users?

ByKatarzyna Matyjanko

Cookies are small files stored on a user’s device that enable websites to function, analyze traffic, and personalize content. Some of them are necessary and do not require consent, while others – especially analytical and marketing cookies – may only be used after obtaining the user’s informed consent.

Let’s be honest. Who hasn’t sighed, clicked “accept all,” and moved on – just to get rid of that annoying banner and finally access the content?

Although cookies have been around for a long time, many people still don’t really know what they are. So what do they actually mean for us, as users?

On the one hand, cookies help websites create a more user-friendly experience. On the other, they are one of the tools that turn us into the product. Understanding how cookies work gives us more control over what we see online – and who gets a look at our digital plate.

What are cookies and how do they work?

Cookies are like a digital business card – left behind on every website we visit.

More formally: cookies are small text files stored on a user’s device by the website they visit. They typically contain the name of the website, how long they will be stored, and a unique identifier. They consist of strings of letters and numbers – unreadable to humans, but extremely valuable for systems.

Cookies can be set by the website owner (first-party cookies) or by partners (third-party cookies). Some disappear when you close your browser (session cookies), while others can stay on your device for days, months, or even years (persistent cookies).

What data can cookies collect?

Quite a lot actually.

Cookies may collect:

  • IP address (approximate location)
  • email address and login
  • preferred language
  • shopping currency
  • browsing and search history
  • time spent on a website
  • device and browser information
  • age, gender, family status
  • price preferences, interests, favorite brands – even preferred colors

Cookies act like a detective – they collect, analyze, and profile data.

What types of cookies are there?

When you take a closer look at cookie banners, you’ll notice different “jars” of cookies – grouped by purpose.

🍪 Technical (necessary)

Without them, a website simply wouldn’t work properly. They allow you to log in, keep items in your shopping cart, and protect the site from bots and attacks.

💡These are the only cookies that do not require consent – they are stored whether you like it or not.

🍪 Functional

They remember your preferences beyond a single visit – such as language, currency, or saved items.

💡Not essential, but they definitely make life easier.

🍪 Analytical

They collect statistical data:

  • how many people visit the site
  • which content is most popular
  • how long users stay

💡They help improve websites and fix issues. For users – better experience. For owners – a goldmine of data.

🍪 Marketing

Advertisers’ personal favourites!

They track your behavior to better match ads to your interests. They know what you like, when you’re ready to buy, and how to convince you to click “buy now.” At the same time, they help avoid showing you the same ads repeatedly or ads for products you already purchased.

💡 Helpful when you’re looking for something… but risky for your wallet!

💡 According to the law, cookies other than necessary ones should not be stored without prior user consent.

Note!
Not every website uses the same classification – categories, naming, and even interpretations of the law may differ. But still, understanding these groups gives you more control over your preferences. Information about specific cookies and their categories should always be available on the website – usually in the second layer of the cookie banner.

What rights do users have regarding cookies?

Cookies are regulated by several legal frameworks including GDPR, ePrivacy rules and national regulations (e.g. electronic communications law). As these regulations evolve, more companies are implementing clearer and more transparent cookie banners.

With that, depending on how a banner is designed, you can usually:

  1. Accept all cookies – one click and done
  2. Reject all (except necessary) – often one click, though sometimes hidden
  3. Customize preferences – more effort, but more control
  4. Do nothing – ignore the banner

In theory, all non-essential cookies should be disabled by default. In practice, You often have to click through the banner to make that happen. More and more websites now offer a “Reject all” button at the same level as “Accept all.” But if you want to allow only certain categories, manual selection is still required. “Accept all” remains the fastest and most prominent option.

No user action should not be treated as consent for non-essential cookies. In theory, this means that if you ignore the banner, only necessary cookies should be used – the same as if you clicked “reject all.”

💡 You can also manage cookies directly in your browser. However, blocking all cookies may limit some website functionalities.

Summary: a cookie for thought

Cookies are much more than a catchy name – they are a real technological tool. Some make life easier and improve user experience. Others tempt you into buying your tenth pair of shoes “on sale.”

That’s why it’s worth:

knowing what’s inside the cookie jars
✔ reading cookie banners,
setting your own preferences,
remembering that you decide what stays on your digital plate

Because the internet without reflection on what we “consume,” may lead to a moment when we don’t even notice when we become an edible cookie ourselves.

Katarzyna Matyjanko

This article refers to the Polish legal framework and is based on the legal status, case law, and practices applicable at the time of publication. The scope and methods of personal data processing in recruitment and employment may vary between countries depending on local laws.

Sources and further reading:

GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance))

DMA (Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act))

E-Privacy (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications))

PKE, Polish Electronic Communications Law (2024)),

WP29 Opinion 04/2012 on cookie consent exemptions, 00879/12/EN WP 194

The regulations listed above constitute the main legal framework governing the use of cookies. However, additional guidance can also be found in the opinions of the European Data Protection Board (an independent advisory body established within the EU for matters related to personal data protection, formerly known as the Article 29 Working Party (WP29)), as well as in the guidance issued by national data protection authorities (in Poland: the Personal Data Protection Office – UODO).