Before I explain the difference between the two, you need to generally understand what happens when you visit a website. Essentially, two tasks occur: first, you’re sending a request to the website’s server asking for the website’s data to be sent to you. Second, the server sends you that data. Your browser then reads the data, and voilà, the website appears on your screen.
What is local storage?
Local storage allows websites to save data onto your computer. Importantly, this data does not leave the user’s computer. Data stored on the local storage has no expiration date and remains present on the computer until deleted. The local storage can also store much more information than a cookie (default is around 5MB compared to a cookies’ 4KB).
In the case of Wordle, when the New York Times’ server sends the website data containing Wordle to your computer, that data (now running off your computer) accesses the local storage to see if that user has played before. If the user has, then Wordle will load the user’s stats. If not, then Wordle will create a save game on the user’s computer. After the user plays a game, Wordle will update that save game. As noted above, no data leaves the user’s computer.
Please note that businesses may jump to the conclusion that because data stored on the user’s local storage never leaves the user’s computer, it is a safer way to store sensitive personal data. This is incorrect. Don’t save personal data here as there are many security vulnerabilities associated with using local storage, such as cross-site scripting attacks. Wordle is different as the data it stores is not sensitive.
What about cookies?
When a user receives the website’s data, the server may also send the user a small file to be saved on the user’s computer. This small file is a cookie. Then, whenever the user sends a request back to that same website’s server, the user’s computer may also send that cookie. To put it simply, cookies are used when the server needs something from the user.
First, cookies are classified by duration: Session cookies and Persistent cookies. Session cookies last as long as the user’s browser remains open. Persistent cookies last as long as they are programed to last.
For example, let’s say you’re a business owner and you want to know how many unique visitors you get on your website. You would use a persistent cookie that lasts for a period of time (say one year). Whenever someone new visits your website, your server would send them a cookie, and whenever they access your website in the future, their computer would tell your server that they have visited the website before.
Second, there are different types of cookies:
Essential (or strictly necessary) cookies
These cookies are essential for you to use a website’s features. For example, being able to be logged into a site to visit certain secure areas or using a website’s shopping cart feature.
These cookies collect information about how visitors use a website. For example, the information these cookies usually collect relates to which pages visitors go to most often and whether they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the website works.
These cookies allow the website to remember your preferences (such as your name, language, or the region you’re in). The purpose of these cookies is to provide enhanced, more personal features.
Targeting or advertising cookies
These cookies collect information about your browsing habits to make advertising relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission.
In summary, cookies are sent to the user’s computer and are read by the website’s server. In contrast, data saved on a user’s local storage is never sent to the server.
Do you need help figuring out whether you need a cookie notice? Do you need help drafting your cookie notice? If so, Siskinds’ Business Law Group, can help. You can also reach out to me, Savvas Daginis—a Canadian and American Business and Privacy Lawyer—at [email protected] if you have any questions.