Cookies are small files that are stored on the PC after visiting a website. In this file information is stored, which are related to the respective visited website. For example, you will notice that when you fill out the online order form you do not have to type in data that you have entered once again. In the browser options you can set whether and from which website cookies are stored and when they should be deleted.
Because cookies are not an executable program, they are not a direct security risk. Nevertheless, they are not unproblematic: cookies are also used to tailor websites to your personal wishes. The problem is that here a very accurate user profile can be created. Companies use such 'cookies', for example, to display suitable advertising.

Two types of cookies

There are two types of cookies that can be distinguished: the persistent cookies and the session cookies. Persistent cookies remain on your computer for months or even years, at least if they are not automatically or manually deleted become. The 'session cookies', on the other hand, are automatically deleted whenever the 'browser' is closed. These used banks for online banking. These 'cookies' do not pose a security risk. Persistent cookies are a problem. Because they can log the usage behavior of the user for a long time - for example, for which products in which Online shops er searches.
Another risk recover cookies on publicly accessible computers. Some social networks use cookies to ensure that users remain logged in if they have just closed the browser but have not actively logged out. The next user of the public computer can then steal in the profile of the previous user and possibly cause damage.

Third party cookies

In general, only the website may read out the 'cookies' that it has set itself - 'Online Shop A' may therefore not read out the 'cookie' from 'Online Shop B'. However, there are also so-called third-party providers, for example advertising agencies that place advertising banners on various websites. Such banners sometimes set their own cookies. Now, if a user has visited three different web pages with the (randomly) same banner ad cookie, the advertising agency can theoretically read through their 'cookie' which three web pages they were. It contains a rather comprehensive portfolio about the surfing behavior of a person. Third-party cookies are therefore considered problematic by data controllers.

Taken from the official information from the 'German Federal Office for Security in Information Technology'