Third-Party Tracking Cookies and Data Privacy by Ian D. Mitchell [Northern Kentucky University – Salmon P. Chase College of Law]

Abstract: Public discourse these days is replete with concerns about data security and information privacy. One of the major themes of these conversations is the concept of waiver and what rights to privacy are actually waived when engaging with parties over the internet. A significant mode of this theme involves the use of “cookies” which are surreptitiously installed on users’ computer hard drives during common internet transactions.While cookie-use plays a substantial role in making web-based transactions more efficient, even for the user, the concern about cookies focuses on the fact that third parties to the transaction are often able to use the information collected from cookies and aggregate it. Aggregated data can then be used to construct a highly informative profile of the individual user or consumer which would be highly difficult, if not impossible, to get from any other source. In spite of the fact that most internet users are aware of the technological times in which we live, many users would not believe that such data collection is reasonable given the context in which the collection takes place.Online advertisers increasingly use consumers’ collected personal data to design more individually relevant purchasing experiences. Often, this takes place through third-party tracking “cookies.” Website visitors, usually without their knowledge, provide third-parties with invasive, identifiable personal information like consumer and web-browsing history. In the name of a providing a better buying experience, these advertisers compile digital profiles of users and exploit this information to their advantage.However, what constitutes a reasonable expectation of privacy in e-commerce should be redefined, starting with establishment of default rules that favor consumers’ data privacy. This paper argues that the presumption going forward regarding third-party tracking should be that, in addition to default “opt-out” rules, a combination of government and industry forces needs to come together in order to achieve comprehensive regulation that meets the needs of individual data privacy and successful commerce.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.