I´ve been reflecting on cookies policy and how it may affect privacy or the way we use and do social media. An HTTP cookie [1] “is a small piece of data sent from a website and stored in the user’s web browser while the user is browsing”. In simple terms, cookies basically have two functions: remember stateful information previously entered by users (e.g. name, password, address, credit card number, a shopping cart, etc) or their sites preferences, and record the user’s browser activity (e.g. which pages are visited, each time and how often buttons are clicked, etc). These functions allow social media companies to personalize users’s experience and custom audiences for business goals. I will address Facebook as an example to explore the pros and cons of social media cookies policy. Facebook new Cookies Policy was officially introduced in late May 2016, since then, an information note at the top of the page (such as the screenshot below) would be available to users every time they access Facebook.

Facebook informative note on new Cookies Policy (screenshot, 29 May 2016).

Advertising is a key word here as well as data control (no doubt!), however, after reading Facebook Cookies Policy main statement – “Cookies help us provide, protect and improve the Facebook Services, such as by personalizing content, tailoring and measuring ads, and providing a safer experience”, I immediately turned my concerns to three simple questions: i) To whom exactly do cookies help to provide the Facebook Services? ii) From what do cookies help to protect the Facebook Services? iii) Cookies help to improve the Facebook Services, to whom (precisely) and at what cost? To have a proper response, I not only had to read Cookies Policy, but also some reading on the Help Centre (The Facebook CompaniesFacebook Ads, online interest-based advertising), Browser Cookies, Advertiser Help Centre, and my Facebook settings. All this effort could be softened, however when it comes to platform policy or social data management, Facebook does not provide complete information; it is required lots of reading to be fully informed. The more you read, the more you realise that some statements (or arguments) are poor and superficial; they are usually too general. For instance, the explanation of why using cookies (below): “to provide you with the best experience possible”.

Facebook Cookies Policy , section: Why do we use cookies? Items: Performance, Analytics and Research (screenshot, 20 September 2016).

In short terms, Facebook Cookies Policy provide users with all basic function and security cookies can provide, but, on the other hand, it also contemplates intrusive ads cookies that track people with or without a Facebook account. In this way, we kick off the debate with the following questions: what cookies Facebook first store in a user browser? And what are their specific purposes? I removed all cookies from my computer, then I logged Facebook using Google Chrome, and after that I cross information registered on my browser settings with Facebook’s browser cookies list. In total, I found  13 cookies (figure below, on the left) stored in my computer. The table below also brings these cookies categories, names, expiration time, contents and purpose (in the middle). No doubt they accomplish the standards of security and convenience to Facebook users.

However, with time, more cookies will certainly be installed (on the right), such as a11y (performance) and x-referer (analytics and research), and curiously, concrete details about these latter are not available in the Facebook’s browser cookies list. The concerns here relate to “miscellaneous log in information”, “miscellaneous other data”, and unspecified characteristics. At this point,  the Facebook cookies policy became problematic, therefore, the next question is: how cookies are placed in computers or devices? For instance, every time you use or visit the Facebook Services; or services provided by the Facebook Companies (e.g. WhatsApp, Instagram, Masquerade – MSQRD, Atlas); or companies that use the FB’s advertising services into their websites and apps. The main preoccupation is the improvement of the Facebook Services to business and other organizations. “Cookies allow us to help deliver ads to people who have previously visited a business’s website, purchased its products or used its apps”, this is the first statement in the section ‘Advertising, insights and measurement’ of Facebook Cookies Policy. The assumption here is that users want to receive advertising. To make matters worse, cookies also quantify ads (e.g. number of times they are shown or how often they are clicked and viewed by users) and control ads to not ‘bother’ you, for instance, in seeing the same ad over and over. Last but not least, cookies help Facebook to put your profile and actions inside different types of boxes, in so doing these boxes are purchased as custom content or custom audience. In other words, cookies store users preferences and create relevant content to business companies or third parties sites.

Within this background, we move to another important question: How ads work on Facebook? It is quite simple really: by following users activity whether they are logged or not. Every time you like pages, visit websites or use apps, your activity is being tracked, moreover your profile information (e.g. age, gender, location, the devices used to access Facebook) and all information advertisers and Facebook marketing partners have access to is also shared. This latter process is what Facebook calls ‘online interest-based advertising’ as justification for showing users ads “they care about”. Once again, who says a user wants to receive advertising? Or who wants to be an expert in managing ads preferences or cookies? The fact is that by logging in to your social media profile, you are giving permission (or consent) social media platforms to freely access your browsing activity, moreover you are empowering the business model of these platforms.

The truth is that we can control how Facebook use our data,  but we will never stop seeing ads or be targeted by cookies. Once you have a Facebook account, you consent to be tracked or when you visit the most varied types of websites; cookies will always be there. Somehow, we must be prepared to manage our cookies and ads preferences. In some cases, platforms warn users about cookies (below), but, according to The Cookie Law, websites or social platforms should get consent from users (or visitors) to store or retrieve information on their computer or device. In practice, we are sometimes warned but not given the choice to allow (or not) cookies.

This slideshow requires JavaScript.

What options do users have to avoid cookies or to manage ads they see? Option one: using your browser to delete cookies or choose those ones you need to be set up. Option two: opting out of seeing online interest-based ads through Digital Advertising Alliance of USCanada, or Europe, for instance. Option three: if you have a Facebook account (below), in settings, you can opt out from seeing online interest-based adverts based on your Facebook activities; or, edit advert preferences; and also, hide all ads from an particular adviser. By adopting one or all these previous options you cannot get rid off ads or cookies, but to mitigate them.

Basically, using Facebook is the same as saying you provide consent or agree [2] with its data policy. My concern is the lack of knowledge about this whole process; users seem to just navigate on social media platforms, entertained themselves and exposed themselves. I presented some examples on how cookies work and how users can fight them. Now, let´s revisit the questions that have guided this post, thus, no answers will be given. i) To whom exactly do cookies help to provide the Facebook Services? ii) From what do cookies help to protect Facebook Services? iii) Cookies help to improve the Facebook Services to whom and at what cost?

To end this debate, I would like to draw attention to the importance of grasping the platforms ‘ways of being’ by acknowledging how social media platforms control information or knowing what is stated in the Terms of Use and Policies (data, cookies, privacy, etc). Cookies are constitutive parts of the social platforms with great power in  terms of storing and retrieving massive social data.


[1] https://en.wikipedia.org/wiki/HTTP_cookie [Accessed 12 September 2016]

[2] Which is what Anja Bechmann (2014) calls «non-informed consent cultures».