What is a Persistent Cookie?
Persistent cookies refer to any cookie that gets stored on a user’s browser and remains there until it expires. These cookies run in contrast to session-based cookies that self-delete when the user closes his/her browsing session. Persistent cookies are generally used to create more convenient browsing sessions for users, saving details like login information, preferences and settings.
Per the GDPR ePrivacy Directive, persistent cookies should last no longer than 12 months, at which point new consent must be gained from the user.
Why Use Persistent Cookies?
Persistent cookies make it easier for website owners to deliver functional, high-quality user experiences across browsing sessions. For example, websites that offer a “remember me” option for logins will use a persistent cookie to authenticate users every time they visit.
Broadly, persistent cookies enable many core website functions that today’s users expect, from saving login details to remembering basic layout preferences. For the user, these quality-of-life improvements save time and allow for seamless browsing. For the website owner, these cookies make it easier to create appealing experiences that reduce effort required from users.
Examples of Persistent Cookies
- Authentication cookies that save login details across sessions
- Advertising cookies that track behavior and analytics across websites
- Ecommerce cookies that store shopping card or preferred payment options
- Preference cookies that set a website’s language, font size, and preferred style
Staying Compliant with Persistent Cookies
Persistent cookies are a top area of focus for consent management. By nature, persistent cookies follow users and keep tabs on their behavior, creating concerns around user privacy and what information is being shared. Many types of persistent cookies fall under the “strictly necessary” exemption for consent collection, but others (like advertising cookies) are considered non-essential, and businesses must obtain explicit consent before using them.
On top of that, persistent cookies that store sensitive personal information—like logins or credit card information—may pose security risks to users. As such, persistent cookie policies are scrutinized heavily by privacy regulators.
- Provide clear direction to users on your company’s cookie policies, how cookies are used, and which ones are retained over time in your website cookie consent banner.
- Provide an easy way for users to opt-out of non-essential cookies for tracking or advertising.
- Use secure cookies when possible to add an extra layer of encryption security to your cookie inventory.
- Ensure that all persistent cookies are set to expire within a year of consent collection, at the latest.
- Update your cookie consent policies over time to ensure that you’re always up-to-date with changing regulations and ePrivacy directives set by GDPR, CCPA, COPPA, and others.