The Law on Cookies
Cookies are small pieces of programming code that are downloaded to your device’s internet browser when you visit a website.
Some cookies are only installed for as long as you visit the website and expire once you close your browser (“session cookies”), while others remain installed until you manually remove them (“persistent cookies”). Some cookies are installed by the website owner (“first-party cookies”) while other cookies are installed by third party applications that run on the website and may follow you around as you go from one website to another (“third-party cookies”).
You can see which cookies are currently installed on your device by opening your internet browser’s privacy settings.
Cookies are useful …
… because they provide website owners with user statistics that allow them to optimise the functionality of their website. They allow the website to recall the preferences users have selected, and allow advertisers to understand their markets, and to direct their messages at targeted audiences. All in all, cookies aim to make your internet browsing more convenient and personal.
cookies may also be used to collect personal information about you in efforts that attempt to manipulate your social, economic or political behaviour. At first sight, the information that is collected by cookies seems harmless, because it is on its own unable to identify individual people. But when linked to other personal identifiers, the information generated by cookies may actually make personal identification of individual people possible. This is known as “profiling” – tracking users across websites and devices by means of cookies, collecting all possible information and aggregating all this information into individual or categorised user profiles.
It is generally accepted that the European Union’s GDPR and ePrivacy Directive have set the international standard for data protection and privacy since 2018, and it is expected that the South African Regulator will follow the EU’s direction.
This would mean that cookies are allowed on South African websites, but only if the website has recorded specific consent (opt-in) before any cookies are activated (except for strictly necessary cookies).
Additionally, website owners must provide information about the data each cookie tracks and its purpose, allow users to access the website even if they refuse to consent to the use of certain cookies, and make it possible to withdraw consent at any time during the website usage.