When we visit a website, we often come across information about the collection of cookies and the question of whether we allow it or not. Despite many people not knowing what cookies are, they are invited to read the cookie policies of websites. Sometimes, accepting cookies is presented as a prerequisite for accessing certain services. So, how much do we know about cookies? What is the legal aspect of collecting cookies, and does rejecting cookies prevent the use of a website? In this article, we will define cookies, then discuss their types, functions, and control, and finally, we will examine cookies from a legal perspective.
What are Cookies?
Some argue that the term comes from Hansel and Gretel, who left bread crumbs on their way home, while others believe it comes from small text-filled cookies. However, the most widely accepted theory is that it originates from the "magic cookie" data packet used in the Unix operating system. As a result, we cannot provide a definitive answer to the question of what "cookies" mean in its original context. To maintain this ambiguity, the term is translated as "çerez" (cookie) in Turkish.
What are the types of cookies?
Cookies are primarily divided into two categories: session cookies and persistent cookies. Session cookies, also known as temporary cookies, are automatically deleted when you close the session without requiring any action. Thus, session cookies cannot be restored on the next visit to the page. On the other hand, persistent cookies are not automatically deleted when you close the website or browser. They remain on your computer until you delete them manually or until the expiration date set by your browser. Persistent cookies, such as language and theme preferences, allow the website to remember your choices for your next visit, so you do not have to make those choices again.
Another distinction regarding cookies is between necessary and non-necessary cookies. Necessary cookies are essential for the functioning of the website and are collected as a requirement for the website to function properly. For example, cookies that keep products in the shopping cart are necessary cookies for e-commerce websites. Non-necessary cookies, on the other hand, are not essential for the website's operation. This category includes cookies that remember usernames and passwords, advertising cookies, or cookies that collect statistical information.
What is the function of cookies?
The main purpose of cookies is to enhance the website's usability by remembering user preferences and providing personalized experiences, thus improving the services offered to visitors. For example, if a visitor permits the collection of cookies, they do not have to redo language and theme preferences when revisiting the website. Similarly, cookies that keep the session open allow users to stay logged in without having to log in again.
On the other hand, cookies may also be necessary for the proper functioning of the website. One of the most important examples is that cookies prevent products added to the shopping cart from disappearing on the payment page. Disabling or rejecting cookies may prevent the user from benefiting from the website.
It is not possible to say that all cookies are harmless. Some cookies can track your internet browsing activity. However, you can control cookies' specific actions or prevent certain websites from collecting cookies through your browser settings.
How to control and delete cookies?
Privacy is everyone's right. This right is protected in the Turkish Constitution and the European Convention on Human Rights. Therefore, you should be the one who determines when to share which information. In terms of cookies, there are two aspects: enabling cookies and clearing cookies.
You do not need to enable cookies in your default browser settings. When you visit a website, the website sends certain information to your browser, and your browser creates a text file and stores this information in the browser folder. Therefore, you can control cookies from the relevant folder or browser settings.
In addition, websites that place cookies place these cookies for certain periods. Session cookies can be deleted at the end of the session or automatically after a specific period. In this case, if you do not want to clear them before the set time, you do not need to do it manually.
Cookies Under Turkish Law
There is no specific legislation in Turkish law that regulates cookies. However, in the decision of the Personal Data Protection Authority ("Authority") regarding Amazon Turkey Retail Services Limited Company dated 27/02/2020 and numbered 2020/173, it is stated that "all actions falling within the scope of data processing (such as tracking, transferring, sharing, storing, etc.) with cookies ..." shall be considered within the scope of personal data. However, consent is not required for all collected cookies. This distinction depends on whether the collection of cookies is necessary. Consent is not required for cookies that are essential for the website's operation, while consent will be required for non-necessary cookies.
The final version of the "Guide on Cookie Applications" prepared by the Personal Data Protection Authority was published on 20.06.2022. On the guide good and bad practices about cookies are examined.
The consent to be obtained is explicit consent, defined in Article 3 of the Personal Data Protection Law ("PDPL") as "consent based on the information and expressed with free will regarding a specific subject matter." The requirement of free will means that consent cannot be made a prerequisite for the provision of a product or service or the use of a product or service. In other words, the "love it or leave it" approach cannot be applied here, refusing cookies cannot prevent access to the service, and the opposite behavior would impair the consent. In such a case, an appeal can be made to the Authority due to non-compliance with the PDPL.
1. European Data Protection Supervisor, "Guidelines on the protection of personal data processed through web services provided by EU institutions", 2016 Kasım.
2. European Commission, "Cookies policy", https://ec.europa.eu/info/cookies_en.
Originally published 20 May 2023
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.