Bittersweet Cookies: Some Security and Privacy Considerations

Citation
ENISA, Bittersweet Cookies: Some Security and Privacy Considerations (2011) (full-text).

Overview
This paper takes into consideration the new types of cookies now being deployed in the online environment; these new cookies do not have enough exposure to demonstrate how they are being used and, as such, their security and privacy implications are not easily quantifiable. Studies are required to identify to what extent the new cookies can be used for tracking and also to evaluate the level of identification provided.

Regarding policy perspective, the relevant EU legal framework that also addresses cookies is in transition. Currently, EU Member States are in the process of transposing EU directives addressing cookies and there is space for interpretations and clarifications. A study is required at the end of the transposition process to evaluate possible different requirements or interpretations.