It has only been a month since the introduction of the PDPA (Personal Data Protection Act) in Thailand and already we are seeing many companies immediately adapting to the new requirements with a ‘click here’ or ‘accept’ button appearing on their website. By clicking on such a button, the user is usually being asked to accept the website company’s treatment of any personal data they collect. But when you press or click on such an icon and provide “Cookie Consent” …do you know what this does, and the nature of the cookie (tracker) it places on your computer or phone?
Don’t panic! When you click the accept button on most websites it only signifies your acceptance the standard values installed by the service provider. However, there are other service providers that customize such cookies and are able to turn them on and off.
Cookies can generally be categorized between first-party cookies and third-party cookies:
- First-Party Cookies
First-party cookies are stored on a website (domain) that a user has visited directly, and they record certain information about the user’s preferences i.e., such as a language preference. These cookies also collect analytical data and optimize website functionality. Often, the website of the service provider does not store client (user) data and so cookies are used to provide key information about a particular user as they use a tiny amount of memory to process.
- Third-Party Cookies
When a user visits some websites, they contain a small ‘java script’ which saves third-party cookies to a user’s computer or phone and these can be for the purpose of advertising tracking, statistical information collection or targeting by search engines.
Since first-party cookies and third-party cookies are both associated with tracking user actions, cookies may be further categorized under five headings depending on their functionality.
The five categories, and a brief description of each, are provided below:
- Strictly Necessary Cookies
These are essential for websites to provide simple functions such as assisting a user to log-in or sign-in or use a shopping cart in an online store.
- Performance Cookies
These collect data anonymously and use it to improve the website. Such cookies can count page visits, examine how much time a user has spent on a website, as well as analyze loading speeds. Google Analytics is a good example of this category of cookie.
- Functional Cookies
These are mostly used to enhance the performance of a website. The purpose of this type of cookie is to retain certain user information such as location, etc.
4. Advertising or Targeting Cookies
These help to attract customers with targeted adverts and share user data with other advertisers to improve the performance of adverts. Targeting cookies are always Third-Party Cookies.
5. Social Media cookies
These are a subset of the targeting cookies which specialize in social media activity. These cookies can identify you from your visit and collect information about your browsing habits.
Cookies are the reason why Mark Zuckerberg (Facebook / META) can provide interests and offers of interest to you or Amazon knows what you’ve just purchased or why YouTube and Google only provide adverts relevant to your interests.
Observations from PKF Thailand
PKF specializes in helping companies to be compliant with the requirements of the PDPA law, and this includes ensuring all cookies and the collection of personal data they make are also compliance.
The use of personal data by service providers has to be carefully monitored and we suggest that cookie settings should always be checked before a website is used, notably, the website owner should always be aware of the cookie consent policy and the cookie settings.