Cookies are small files that are stored on the PC after visiting a website. In this file information is stored, which are related to the respective visited website. For example, you will notice that when you fill out the online order form you do not have to type in data that you have entered once again. In the browser options you can set whether and from which website cookies are stored and when they should be deleted.
There are two types of cookies that can be distinguished: the persistent cookies and the session cookies. Persistent cookies remain on your computer for months or even years, at least if they are not automatically or manually deleted become. The 'session cookies', on the other hand, are automatically deleted whenever the 'browser' is closed. These used banks for online banking. These 'cookies' do not pose a security risk. Persistent cookies are a problem. Because they can log the usage behavior of the user for a long time - for example, for which products in which Online shops er searches.
In general, only the website may read out the 'cookies' that it has set itself - 'Online Shop A' may therefore not read out the 'cookie' from 'Online Shop B'. However, there are also so-called third-party providers, for example advertising agencies that place advertising banners on various websites. Such banners sometimes set their own cookies. Now, if a user has visited three different web pages with the (randomly) same banner ad cookie, the advertising agency can theoretically read through their 'cookie' which three web pages they were. It contains a rather comprehensive portfolio about the surfing behavior of a person. Third-party cookies are therefore considered problematic by data controllers.
Taken from the official information from the 'German Federal Office for Security in Information Technology'