The Recipe for Cookies : A studies about cookies & the GDPR-law

Abstract: The term cookie regarding IT is still a relatively new term. It is rarely discussed among internet users. The name cookie is fairly known but the concept not as much. Cookies are well established by different companies and organizations that in some way offer online services. Today visitors of the internet meet cookies almost every time they go online. For the users who choose not to accept cookies the online experience becomes highly limited. Cookies store information of the visitors in order to improve their experience but also to help the organization. The majority of webpages online that uses electronic commerce or in any way can benefit from storing the customers information uses cookies. Cookies can be sold or exchanged between organizations to increase their profit and range. In 2011 a provision regarding all organizations using cookies were implemented. Every internet user visiting these pages had to be notified about their use of cookies immediately. New laws are established in order to control or regulate the exertion of other people’s personal information at the same pace as cookies are further developed. The next law to be established is GDPR, General Data Protection Regulation, which will be focused on in this thesis. The purpose of this study is to explore the phenomenon of cookie-use and how it affects internet users and organizations in synergy with the GDPR-law. To achieve the desired result a mixed method has been applied involving both interviews and a survey. The interviews consisted of pre-determined questions and dynamic follow-up questions. Three different organizations participated in the interviews, an university, an organization using e-business and a media agency. The survey consisted of a few mandatory closed questions. The distribution of the survey led to right above 130 respondents. The gained results from the use of a quantitative methods hinted that barely half of the respondents knew what a cookie actually was. Several of the participants were curious about learning more about the phenomenon while a lower percentage did not consider it important. Knowledge or ignorance regarding cookies turned out to have a great impact on the respondent’s comfortableness and behavior online. The results from the qualitative method showed that the organizations working with cookies will be affected by GDPR. Following thesis will contribute to the field of informatics by consequently process the empiric data collected with support from theoretic competences. It will contribute as a source of information regarding cookies within information technology.