Should the usage of first-party cookies be completely prohibited?

By: ZARYAB ALI ABBAS

In today’s digitally interconnected world, cookies play a major role in the way individuals interact with websites. According to Wilkinson (2017), who is an experienced employee with multiple awards and honors at Rogerwilco, a South African marketing firm , an individual’s device may collect nearly 1000 cookies in a day from regular internet use. While these cookies are usually associated with user convenience, such as remembering your login details, or your language settings, they have a much more complex function in today’s digital landscape. Kaspersky (2024) notes that cookies are small text files stored on a user’s browser. They hold information such as login details, and browsing habits. This essay will be focusing on first-party cookies, which are “directly created by the website you are using” (ibid) and their impact in today’s digital landscape. First-party cookies are still widely used by websites globally. They aid users with keeping their items safe in a shopping cart and also aid firms in server costs and user retention, while maintaining a good user experience. However, in this highly digitalized society, first-party cookies are often used to build user profiles and the data they store can be a target of exploitation. This raises important ethical and regulatory questions on their role in the digital world. This essay will evaluate the benefits and drawbacks of first-party cookie use, examining them through an economic, ethical, political and utilitarian lens to answer whether they should be prohibited.

When considering the benefits of first-party cookies, the argument that first-party cookies enhance user experience satisfies utilitarian principles. They can help remember user preferences, such as language settings, which greatly streamline the user experience. Kacper Polewiak, a project specialist at RTB House, a Polish advertising agency, explains how they can be used to save a user’s shopping basket. (RTB House, 2024) Polewiak’s example is supported by Google,  who verify that cookies can store contents of a shopping cart to improve site usability. (Google, 2009) To evaluate Polewiak’s credibility: RTB House is a reputable firm in ad-tech, and while Polewiak’s position as a project specialist demonstrates relevant expertise, he represents an organization with vested interests in digital marketing. However, his claim is corroborated by Google—a widely trusted source with strong provenance and evidence-based support, which proves his credibility. Moreover, the feature highlighted by Polewiak greatly improves user experience on international e-commerce websites such as Amazon and eBay. Items added to the cart are stored securely, allowing users to return and add on to their cards if need be. This makes shopping more convenient and therefore adds to the numerous benefits of first-party cookies and their use. Adding to this, these cookies allow users to remain logged in on frequently visited websites, reducing the need to constantly reenter passwords. Cookies also store non-sensitive data such as form content, enabling autofill even after crashes. Rowe (2024), a senior writer with over a decade of experience at Tech.co, highlights that the average person has 100 passwords. Cookies allow users to stay logged in, reducing friction and enhancing convenience. Thus, their ability to simplify everyday web use aligns with utilitarian principles that prioritize actions producing the greatest benefit for the largest number.

Furthermore, from an economic lens, first party cookies have multiple advantages for a firm’s infrastructure and revenue. Kaspersky (2024) highlights how cookies can help in “saving money on server maintenance and storage costs.” as data such as login credentials and preferences can be stored locally on the user’s own browser and computer. These efficiency gains hold global relevance, especially for firms operating large-scale digital platforms. An article by McKinsey, which is a global management consulting company, states that personalization drives performance. “Companies that grow faster drive 40% more of their revenue from personalization.” (McKinsey, 2021) This personalization can be obtained through the usage of first-party cookies which make it so that consumer preferences are remembered, making the website feel personalized for themselves, which strengthens the perspective that they should not be prohibited. Furthermore, Anna Holmberg, a marketing activation consultant at Avaus (a Swedish marketing agency), reports a 32% decrease in customer acquisition costs, alongside improved satisfaction (78%) and brand awareness (75%) through first-party data strategies (Avaus, 2024). These improvements indicate enhanced cost-effectiveness. The reported data gains credibility through corroboration. Holmberg’s claims are further supported by Interflora, a global flower delivery service. She details how Interflora used automated strategies with first-party data to decrease customer acquisition costs by 32% and increase revenue by 30%. Additionally, Holmberg’s evidence can be deemed credible as she possesses relevant expertise in the marketing field and provides accurate quantitative data, which sheds light on the reliable nature of these figures. There may be some bias as she comes from a marketing firm, however her usage of an independent firm (Interflora) shows some level of objectivity, which makes her argument reliable. Her evidence is also as recent as 2024, which shows the currency of her evidence, making it deeply relevant today. McKinsey & Company (2021) further supports this, reporting that firms relying on personalization— enabled through cookie-stored preferences—drive 40% more revenue than those that do not. Finally, Shantanu David (2025) from Exchange4Media (a well-established Indian publisher) describes how “First-party data enables sophisticated retargeting and personalization at scale.” Based on the behavior of users, brands can provide messaging that works for users, leading to greater conversion rates. This enhances the campaign’s effectiveness and allows for long-term brand loyalty, which is of great importance in competitive digital markets. Therefore, through the promotion of personalization, lowering the cost, and intensifying customer relationships, first-party cookies are economically invaluable in the digital landscape.

However, on the contrary, applying an ethical lens reveals significant drawbacks. According to Klein et al. (2022), a research team from Germany led by a PhD candidate in human-computer interaction, cookie banners are often misleading. His team questions the legitimacy of consent obtained through cookie banners. It states “While cookie banners are supposed to give the user control over their personal data, they often employ dark patterns to lure users into giving as much consent as possible” They highlight how this manipulation includes making “Accept All” buttons more prominent and accessible as compared to the “Reject” options. The team’s work is peer-reviewed and comes from a well-established research background, and consists of software developers and other PhD candidates, which shows their relevant expertise in the field, which leads to high validity.  Furthermore, first-party cookies also pose as a privacy threat. (Chen et. al 2021, p.1) shows that even when users take steps to block third-party cookies, first-party cookies are still exploited for cross-site tracking purposes without explicit consent. They reveal that 97.72% of websites from a popular list of websites use first-party cookies set up by thirdparty scripts, and over 57% of these cookies include unique identifiers which are being shared with third-parties. Their data is gathered through empirical methods by a university research team, which shows how first-party cookies are increasingly being used to track users across the internet, under the disguise of being harmless and necessary. Such practices are exploiting user trust and its misuse violates fundamental human rights as it involves covert tracking of users, non-consensual data sharing, and consent manipulation. This strengthens the view that first-party cookies should be prohibited, as it portrays the dangers if used unethically. Moreover, first-party cookies pose a serious security risk. In the case of Roblox, a popular game among children with 85.3 million daily active users, approximately 200,000 accounts were stolen worldwide due to a malicious search extension that harvested user cookies (Ye, 2025; Cookie Cutter, 2022). This theft resulted in huge losses for many teenagers and children alike on the internet, as they lost accounts with large amounts of in-game purchases, which amounted to hundreds of dollars for each person. This raises serious questions about the safety of minors on the internet. This strengthens the argument that first-party cookies should be prohibited. Additionally, Meghan Lafferty (2023), writing in eSecurity Planet, highlights how stolen cookies can be sold on the dark web or used for illegal transactions. They may also be used to commit identity theft, cause financial loss and expose personal such as your browsing history and messages. This may lead to possible defamation and psychological harm. Sam Thielman (2016) writes in The Guardian, and states how hackers used forged cookies to hack 1 billion accounts at Yahoo in 2016, accounting for the largest data breach in history. The article stated that stolen information may contain names, telephone numbers and dates of birth. These acts violate privacy rights, breaching Article 12 of the Universal Declaration of Human Rights (UDHR) and Article 8 of the European Convention on Human Rights (ECHR). However, in defense to first-party usage, the breach did happen numerous years ago and is a bit outdated by today’s standards. However, unchecked firstparty cookie usage can have global ethical and legal consequences. 

Adding on to this argument, first-party cookies may also be psychologically and politically manipulative in nature when observed through a political lens. First-party cookies enable websites to collect detailed user data, which can be used to influence user’s behavior and emotions. An example of first-party data being used to manipulate user emotions is illustrated by Kashmir Hill (2014) and her article in Forbes, who is currently a New York Times author and has been writing about technology for more than a decade. Her article discusses the 2014 Facebook experiment. In this experiment, Facebook intentionally manipulated the News Feed of users to assess their emotional responses. They selectively chose what posts to show, which included very cute babies or dead dogs. This global largescale study included 689,000 participants and their moods were silently being manipulated by Facebook through first-party data which can be obtained through firstparty cookies. This raises ethical concerns about consent and emotional manipulation, as users were not aware that they were being observed, along with the fact that they may have suffered psychological harm. However, this source is a bit dated as it comes from 2014, however, the issue of observing consumers without their consent is still a relevant issue today. Furthermore, Vian Bakir, a Professor in Journalism & Political Communication at Bangor University with over 14 years of experience, discusses the Cambridge Analytica where a vast amount of personal data was obtained through firstparty cookies and other means. (2020) These were used to create highly personalized user profiles. These profiles allowed for personalized political ads that targeted the user based on their psychological traits and preferences. This targeted approach which was made possible by vast amounts of data obtained through first-party cookies shows the power these cookies have in influencing emotions and political landscapes. Thus, the use of firstparty cookies for psychological and political manipulation shows how they should be prohibited, as they pose as a big threat to democratic principles and personal autonomy. 

Before researching, I was of the opinion that first-party cookies should be prohibited. My view was shaped by the opinion that they are quite invasive and store data about your personal life, often without you even realizing. However, after researching and weighing both sides of the argument, I conclude that first-party cookies should not be prohibited. Though they may be prone to unethical use and manipulation, they still provide great benefits for the average individual. They store important information such as passwords, shopping cart items and user preferences, which are vital to a convenient web-surfing experience. The benefits of first-party cookies clearly outweigh their disadvantages, which leads me to believe that they should not be prohibited.  Further research should investigate how first-party cookie data is utilized in machine learning models and whether it is responsible for privacy risks. As cookies track user behavior, this data can influence predictive algorithms in ways that may unintentionally reinforce stereotypes, reduce fairness in personalization, and challenge ethical standards surrounding consent, transparency, and data usage in AI systems. Therefore, data usage in AI systems should be strictly controlled to ensure that there is transparency and privacy is upheld.

Bibliography

Bakir, V. (2020). Psychological Operations in Digital Political Campaigns: Assessing

Cambridge Analytica’s Psychographic Profiling and Targeting. Frontiers in

Communication, 5. doi:https://doi.org/10.3389/fcomm.2020.00067. [Accessed 18 Apr.

2025]

Chen, Q., Ilia, P., Polychronakis, M. and Kapravelos, A. (2021). Cookie Swap Party:

Abusing First-Party Cookies for Web Tracking. Proceedings of the Web Conference 2021. doi:https://doi.org/10.1145/3442381.3449837. [Accessed 16 Apr. 2025]

Cookie Cutter (2022). How 200,000 Roblox Accounts were Stolen. [online] YouTube. Available at: https://www.youtube.com/watch?v=v6K_lmi_AcE [Accessed 17 Apr. 2025].

David, S. (2025). https://www.exchange4media.com/tech-talk-news/first-party-datatakes-spotlight-but-cookies-still-stay-on-marketers-menu-141606.html? [online] exchange4media. Available at: https://www.exchange4media.com/tech-talk-news/firstparty-data-takes-spotlight-but-cookies-still-stay-on-marketers-menu-141606.html? [Accessed 15 May 2025].

Google (2009). How Google uses cookies – Privacy & Terms – Google. [online] Google.com. Available at: https://policies.google.com/technologies/cookies?hl=en-US [Accessed 19 Apr. 2025].

Holmberg, A. (2024). First-party data benchmarks – what results can you expect? – Avaus. [online] Avaus. Available at: https://www.avaus.com/blog/first-party-databenchmarks/? [Accessed 21 Apr. 2025].

Kacper Polewiak (2024). Kacper Polewiak. [online] RTB House. Available at:

https://www.rtbhouse.com/blog/what-are-first-party-cookies-and-how-can-brandsuse-them-to-reach-customers? [Accessed 20 Apr. 2025].

Kashmir Hill (2014). Facebook Manipulated 689,003 Users’ Emotions For Science.

Forbes. [online] 3 Sep. Available at:

https://www.forbes.com/sites/kashmirhill/2014/06/28/facebook-manipulated689003-users-emotions-for-science/ [Accessed 22 Apr. 2025].

Kaspersky (2024). What are cookies? [online] Kaspersky. Available at:

https://www.kaspersky.com/resource-center/definitions/cookies [Accessed 17 Apr. 2025].

Klein, D., Musch, M., Barber, T., Kopmann, M. and Johns, M. (2022). Accept All Exploits: Exploring the Security Impact of Cookie Banners. Proceedings of the 38th Annual Computer Security Applications Conference, pp.911–922. doi:https://doi.org/10.1145/3564625.3564647. [Accessed 16 Apr. 2025]

Lafferty, M. (2024). Video: How Hackers Steal Your Cookies & How to Stop Them. [online] eSecurity Planet. Available at: https://www.esecurityplanet.com/video/howhackers-steal-your-cookies-and-how-to-stop-them/ [Accessed 15 Apr. 2025].

McKinsey (2021). The Value of Getting Personalization right–or wrong–is Multiplying. [online] McKinsey & Company. Available at:

https://www.mckinsey.com/capabilities/growth-marketing-and-sales/our-insights/thevalue-of-getting-personalization-right-or-wrong-is-multiplying [Accessed 17 Apr. 2025].

Rowe, A. (2024). 75% of Consumers Are Unhappy With Their Website Login Process. [online] Tech.co. Available at: https://tech.co/news/consumers-unhappy-website-loginprocess? [Accessed 19 Apr. 2025].

Thielman, S. (2016). Yahoo hack: 1bn accounts compromised by biggest data breach in history. [online] the Guardian. Available at:

https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-onebillion-accounts-breached [Accessed 21 Apr. 2025].

Wilkinson, A. (2017). How many cookies do you collect on an average day? [online] Rogerwilco. Available at: https://www.rogerwilco.co.za/blog/how-many-cookies-doyou-collect-average-day [Accessed 16 Apr. 2025]. Ye, S. (2025). Roblox Player Count 2025: How Many People Play Roblox in 2025. [online] Lagofast.com. Available at: https://www.lagofast.com/en/blog/how-manypeople-play-roblox-roblox-player-count-2025/ [Accessed 18 Apr. 2025].