Most of us have developed a reflex: privacy policy appears, thumb moves to "Accept", life continues. We do it on websites, apps, and now, apparently, televisions. But recently, while setting up a new Samsung TV, something stopped that reflex in its tracks. The list of "partners" the TV intended to share data with was 263 companies long. In the video I know I said 400, but still, 263 is far hight than I was expecting 

That moment of "privacy shock" — feeling invaded in your own living room — is worth unpacking properly. Because the real issue isn't whether you clicked accept. It's whether any of us genuinely understand what we're accepting, why it exists, and whether our collective response to it is calibrated correctly. 

So what actually is a cookie?

Cookies started life as a genuinely useful piece of web plumbing. In 1994, Netscape engineer Lou Montulli invented them to solve a basic problem: websites had no memory. Every page load was a blank slate. Cookies gave sites a way to remember you — your shopping cart, your login, your preferences.

A cookie is simply a small text file. A website writes it to your browser; your browser sends it back every time you return to that site. That's it. At their most innocent, they're the reason you don't have to log back into Gmail every twenty minutes.

The complication comes in two flavours. First-party cookies are set by the site you're actually visiting and are broadly benign. Third-party cookies are set by someone else — an advertiser, an analytics provider, a social media widget — embedded on that page. These can follow you across the internet, building a profile of your behaviour across hundreds of sites you've never consciously engaged with.

On a smart TV, there are no traditional cookies — but the principle is identical. Your viewing habits, your app usage, the content you pause, rewind, or abandon — all of it becomes data. And that data travels.

The four types of cookie (in plain language)

Strictly necessary

Keeps you logged in. Remembers your basket. Non-negotiable for a working site.

Functional

Saves your preferences — language, region, layout. Useful, low-risk.

Analytics

Tells the site owner how pages are used. Can be anonymised — often isn't.

Advertising / targeting

Builds a profile of you. Shares it. Follows you around the web. This is the one.

Are we panicking about the wrong thing?

Here's the honest tension: most people are simultaneously over-informed and under-informed about cookies. They know they exist, they've been conditioned to feel vaguely threatened by banners, and they've developed coping strategies — clicking accept as fast as possible to make the banner disappear. That's not privacy-conscious behaviour. That's banner fatigue wearing a privacy-conscious costume.

The genuine concern isn't that a website knows you visited it twice this week. It's the aggregation: dozens of data brokers combining your TV viewing, your web browsing, your location data, your purchase history, and your search behaviour into a single commercial profile that you never consented to and can't easily inspect.

Meanwhile, real risks go unnoticed. People use the same password everywhere, click phishing links in emails, and connect to public Wi-Fi without a VPN — yet feel virtuous about occasionally clicking "reject all" on a cookie banner.

The 400-partner list on a Samsung TV is extreme, but it's a useful data point. It illustrates that the modern "consent" model is largely theatrical. No one is reading 400 partner policies. The consent architecture is designed to be accepted, not interrogated. GDPR tried to address this; the results have been mixed at best.

What can you actually do?

On smart TVs specifically: dig into the privacy settings menu rather than accepting the onboarding prompt. Most Samsung and LG TVs have an "interest-based advertising" toggle buried several menus deep — turn it off. Disable ACR (Automatic Content Recognition) if you can find the setting; this is the technology that monitors what you're watching in real time.

On the web: a browser extension like uBlock Origin blocks the trackers that cookie banners are trying to legitimise. Choosing "reject all" on cookie banners, where that option is clearly presented, takes thirty seconds and meaningfully reduces your third-party data trail.

More broadly: understand the difference between the data you're comfortable sharing (anonymous usage stats, session preferences) and the data that builds a profile of you (cross-site behavioural tracking, location, purchase intent). Make decisions at that level, not at the level of individual banners.

The bottom line

Cookies aren't the villain — uncontrolled data aggregation is. The cookie banner arms race has produced a generation of users who are annoyed by privacy warnings without being protected by them.

Feeling invaded in your living room because your TV is sharing data with 400 companies is a reasonable response. The useful next step is channelling that reaction into understanding the specific mechanisms involved — and adjusting the settings you actually can control, rather than accepting everything in exhausted resignation.

The smart TV in your living room is, in a very practical sense, a data collection device that also happens to play Netflix. Knowing that changes how you configure it.