What about cookies?
You probably know “cookie banners” popping up when you call up a website and want you to accept the cookies policy. In the meantime, there are vast numbers of layout options and formulations—which might be a result of the legal-related uncertainty in terms of cookies.?But first, let us explain how a cookie works.
Nowadays, web pages are being transmitted via “hypertext transfer protocol” (HTTP). This protocol is a stateless one. In a stateless protocol, “HTTP requests” which a web browser sends to a server (i.e. to a computer on which the respective web page is stored) are always without reference to previous requests. The cookies should somehow overcome the “statelessness” of the given protocol.
Example: I want to buy shoe laces for my old pair of shoes in an online shop. To do so, I have to visit the website of the online shop. There I choose a pair of shoe laces and click on the button “Add to shopping basket”. The Internet browser needs to reload the website of the online shop. The website seems to be the same with a slight difference: next to the basket icon, there is a small “1” now. Afterwards, I take a look at other products, e.g. a shoe care kit and brushes, by clicking on several other web pages. On each of these, there is a small “1” at the shopping basket icon, too. As it seems, the web browser somehow “remembered” me adding shoe laces to the shopping basket. This is only possible because of cookies.
Cookies are small text files which the server stores within the web browser and represent it. When a web browser sends a request containing a cookie, the server identifies the web browser or the cookie again. As a result, the server “knows” that the shoe laces were already in the shopping basket and displays the given website with respective data.
Cookies are available in many forms:
- session cookies (stored by the end of the browser session)
- persistent cookies (stored for a specific period, sometimes lasting for several years)
- first-party cookies (set in the browser by the provider of the specific website)
- third-party cookies (originate from the advertising partners of the provider)
- tracking cookies (for analysing the user behaviour)
- simple cookies (to identify a user within a content management system).
Depending on the type of cookies, the server “learns” a lot about the user via the browser in short time.
What is the connection between the technical process described and the all-pervasive cookie banner?
In short, it is the uncertainty about the regulations on the data processing. Cookies are personal data which need a legal framework if they be processed. Well, there is the other side of the coin, too. According to the association of the federal supervisory authorities and of the L?nder (“Datenschutzkonferenz”), one must clearly give one’s consent to allow analysing and tracking by using particular types of cookies. Companies using cookie banners want to be sure to be given your consent. However, they usually fail to do so because, for example, they do not inform you sufficiently, the cookies are already stored before you click on the “Accept” button, or, if you stay on the web page without any clear action confirming your decision.
Currently, the University is using these cookies:
| Name | Purpose | Storage period |
| EGOTEC
? |
The content management system identifies a user (only for internal use of the CMS, technically necessary). The cookie contains the information on a randomly generated session ID. |
end of the web session ? |
|
MATOMO_SESSID ? |
Temporary cookie required to prevent CSRF attacks while the user wishes to opt out. |
end of the web session ? |
| matomo_ignore ? |
If set, the user is not being tracked. | 2?years |
| intranet | Cache behavior (technically necessary) | end of the web session |
| fsu-web | Ensuring the chat function (technically necessary) Ensuring the countdown function (technically necessary) |
7 days |
| rc-is-widget | When using live chat: temporary cookie for the functional purpose of operating the widget | end of the web session |
| rc-id | When using live chat: temporary cookie to identify a guest user at the end of a chat conversation | end of the web session |
| rc-room-type | When using live chat: temporary cookie to identify a room type? | end of the web session |
| rc-token | When using live chat: temporary cookie to identify a guest user at the end of a chat conversation | end of the web session |
| _rspkrLoadCore | is set as soon as the first reading process is started by ReadSpeaker (the “Read aloud” button or “Play icon” is pressed). | end of the web session |
| ReadSpeakerSettings | is set as soon as an individual setting is made (e.g., “Click and read aloud”). | 4 days |
As you can see, the website uses a persistent cookie for the purpose of analysis. In comparison to the association of the supervisory authorities (“Datenschutzkonferenz”), we are convinced that it is not necessary to be given consent as the data processing is justified by our interest in accordance with section?6 subsection?1(f) of GDPR, as described in “Why and how does the University process your data?”.
How do we justify our point of view?
The University hosts Matomo on its servers only so that users are identifiable only based on filtering log files. In addition, we give you the option to de-activate the tracking options.