Should you accept cookies? 5 times you definitely shouldn’t


Learn why websites want you to accept cookies, whether you have to and should accept them, and what happens if you decline.

You may have encountered a pop-up notification while visiting a website asking you to accept cookies. You might’ve even accepted some of them blindly. But what should you do? What happens when you decline or accept it? While the simple click of a button to accept cookies may seem harmless, the real solution requires a bit more depth.

Firstly, what are cookies? Cookies are the bits of data and information stored in your browser when you visit a specific website. They are small text notifications sent by the website you’re visiting to the computer or device you’re using. Some of these cookies are stored on your device's web browser, while some types are used to collect data from your browser and send it to the website server. The cookies, then, can potentially be used to target ads to your devices. More on what type of data may be collected and for what purposes below.

Is accepting cookies a bad thing? It all depends on the website. Most cookies are harmless, which are only used by the website owner to let you access the site's full experience. Also, you won’t get the personalized features while revisiting the website, meaning you’ll have to fill up your preferences, like language, etc., every time you go to the site. Again, it depends on who will gain access to your data and what they will do with it, along with whether declining cookies will affect your ability to use that site.

Keep in mind not all cookies are the same. Some cookies are placed by first parties like the sites you visit, while others are placed by third parties like advertisers, who can later target ads to your device.

Let’s look into why websites want you to accept cookies, whether you have to and should accept them, and what happens if you decline.

Why websites ask you to accept cookies

Websites have become more focused on asking you to accept cookies. The reason reflects a data privacy protection law that governs online data tracking and transparency.

This data privacy law is known as the European General Data Protection Regulation (GDPR), which became enforceable in May 2018. The GDPR legislation requires all multinational companies to provide an opt-in whereby website owners receive a user’s permission to use cookies before being stored on a user’s web browsers. This opt-in is designed to give users greater control over their data, knowing that information is being collected if they consent to that data collection. A website owner’s noncompliance may result in fines. This potential legal violation has led to more websites sending cookie notifications to ensure they are in compliance.

However, in India, there is no particular law that implements regulations for websites to mandatorily ask for the permission of users to use the cookies. The current data privacy provision “Information Technology Act (ITA) 2000” doesn’t address any laws against using cookies of the site users.1 Still, many websites do have the option for accepting or declining their cookies usage.

Should you accept cookies?

According to the websites and circumstances, it’s up to you to decide whether you should accept cookies or not. When making the decision, it’s better to understand two key questions.

  1. Do you have to accept cookies? – The short answer is, no, you do not have to accept cookies. Rules like the GDPR were designed to give you control over your data and browsing history.
  2. What happens if you decline cookies? – The potential problem with refusing to accept cookies is that some website owners may not allow you to use their websites if you don’t accept their cookies. And even if they do allow it, you may not receive the full user experience on the particular sites. More on that, below.

3 times cookies can be helful

In some scenarios, it can be useful for you to accept cookies. To understand why cookies can be helpful, it’s essential to learn what information cookies might carry about you. Here’s a list.

  • Website name
  • Unique user ID
  • Browsing habits and history
  • Personal preferences and interests
  • Links clicked
  • Number of times a website visited
  • Time spent on a website
  • Settings selected
  • Account log-in information, including your username and password
  • Online identifiers like your location and IP address
  • Personal data like your phone number and email address
  • Shopping cart items

With all of this data collected, companies can use cookies to their advantage and, in some cases, to your advantage as well. Here are three ways that accepting cookies could help you.

  1. Website access. Not accepting cookies can block your access to some websites. If you urgently need to visit such sites, you can first analyze the site's legitimacy before doing it. 
  2. Improved user experience. Cookies can be helpful because they help sites remember you. This memory can help improve your individual user experience by personalizing their content to you. Why is this a good thing? If they already know about you and can tailor your website experience to your interests, they will potentially make your browsing experience more efficient, practical, and focused. This more personalized experience can be beneficial when watching videos, online shopping, reading articles, and more. For example, when you revisit a video steaming website after accepting cookies, it could remember what you watched before and suggest you similar types of content based on them. Cookies can make your online activities quicker and more convenient.
  3. Easy log-ins. Cookies saved on your web browser also can remember your log-in credentials. This can come in handy if you constantly visit a specific platform. You won’t have to repeatedly log in to your go-to websites, especially if you sometimes forget your passwords.

5 times you shouldn’t accept or keep cookies

There are some scenarios where you might not want to accept or keep cookies. Here are five examples.

  1. Unencrypted websites. You shouldn’t accept cookies when you’re on an unencrypted website. If the URL of a site you’re visiting doesn’t contain the lock icon beside it, the address is not encrypted. Why is this dangerous? Encryption scrambles your data and makes it almost impossible for hackers to access it. If a website isn’t encrypted, there is no security to protect your information. This unsecured access may allow third parties to steal cookies from your browser, intercepting personal information you likely want to be kept private,  like credit card and other confidential information, leaving you more vulnerable to online crimes like identity theft.
  2. Third-party cookies. Not all cookies are the same. Some websites can take your cookies information and sell the browsing data to third parties. Sharing your personal information with unknown parties could leave you vulnerable to passive cyberattacks, meaning you could become a cybercrime victim again and again. Once the third parties have your data, they can sell it to the dark web, or use it to copy your identity for performing a variety of online crimes. It’s a good idea to decline third-party cookies if you can recognize them.
  3. Slowed computer speed. Having new cookies stored in your browser over and over also could slow down your computer. Cookies occupy disk space, which can affect your computer’s speed.
  4. Flagged cookiesAntivirus software may flag suspicious cookies, in which case you should not accept them (or you should delete them if you already have). You could install a robust security application, such as Norton 360, that could detect such vulnerable sites and help protect your data.2
  5. Use of private information. If the site you’re visiting is insecure and requires personal data like your Aadhaar Card Number or banking information, you should decline the use of cookies. This is the type of personally identifiable information (also known as PII) that, if intercepted by the wrong parties, could help fraudsters commit online frauds like identity theft.3 Personal information like your Financial details, in particular, should always be kept private and only shared when absolutely necessary and with the highest regard for privacy and security. A regulation like the GDPR helps ensure you’re given this decision and have control over your data, especially when sensitive information like your banking data and similarly identifiable information is at stake.




Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.