Cookies, Personalized Advertisements and Digital Privacy
A company called Global Science Research developed an app called 'This is
Your Digital Life' in 2013 with an aim of targeting Facebook users. It collected
their online data and maintained track of their web surfing regime with the help
of online advertisements (emphasis added). In 2016, Cambridge Analytica, a
British firm, prepared a psychological profile of the users based on this data
and allegedly helped Donald Trump win the 2016 presidential nomination.
This firm was widely accused of interfering with the Brexit Referendum too.
Facebook apologized for its role in data harvesting and its CEO Mark Zuckerberg
testified in front of Congress. In July 2019, it was announced that Facebook was
to be fined $5 billion by the Federal Trade Commission due to its privacy
violations. In October 2019, Facebook agreed to pay a 500,000 fine to the UK
Information Commissioner's Office for exposing the data of its users to a
"serious risk of harm". In May 2018, Cambridge Analytica filed for bankruptcy.
This incident makes us understand and appreciate the value of personal data in
modern times. Skilled processing of the personal data of the masses can make or
break governments and change the face of national policy. Such is its impact.
These sorts of incidents also highlight the significance of online privacy and
the protection of personal data.
Online PrivacyComputer privacy covers the way your personal information is used, collected,
shared, and stored on your personal devices while you are on the internet. The
Supreme Court of India in Justice K.S. Puttaswamy (Retd.) v. The Union of
India (2017), declared that the Right to Privacy is a fundamental right
under Article 21 of the Constitution.
People that surf the internet on a regular basis often get to see advertisements
that are closely related to their surfing history. The advertisements are so
on-point that sometimes the user gets surprised because the advertisement is
just the product, the user required at that moment. This may seem convenient to
some people, but for others, it may cast doubt.
The advertisers know a great deal about the user. This may not cut off well with
some people as they value their privacy over anything. The right to not get
surprised is foremost when it comes to online privacy.
How do Online Advertisements Work?There are three entities in the online advertisement market- publishers,
brokering agencies, and advertisers. The publisher is the owner of the website.
He is the person who has free space on his website which he is willing to give
up for advertisement in order to monetize his website. Advertisers are the
people who want their product to be displayed on the publisher's website so that
they get more footfall.
Advertisers and publishers, both are registered on a brokering agency such as
Google Ads, so it is convenient for both of them to crack a deal without the
trouble of searching for each other in the open market. The agency, in turn,
charges some commission on the transaction which is its prime source of income.
The advertisers soon realized that instead of wasting their capital to display
advertisements just anywhere and everywhere, it would be much more fruitful if
they would target their potential customers and not just everyone. As the famous
saying goes- necessity is the mother of invention, in our story, this necessity
gave birth to an entity that could track the online habits of the masses and
help advertisers identify their potential customers. This invention was called
CookiesThe protocol we use on the internet is HTTP (Hyper-Text Transfer Protocol) which
is a stateless protocol. This means that once the server sends the requested
webpage to the user and the user receives the webpage, it forgets to whom it
sends it. Thus, remembering the user of the web page throughout the surfing
session was proving to be very time consuming and expensive for web servers.
So, an employee of Netscape Browser in 1994 invented cookies that are sent by
the servers to the users along with the requested web page. These cookies get
stored on the user's web browser and are sent to the server when the user
requests the same web page again. The server then identifies the user from the
cookie that came along with the request and the session goes on smoothly.
To understand this more clearly suppose that a user wants to log into Facebook.
So, he sends his login credentials to the Facebook server and receives the
requested web page as a response. Now suppose that the user wants to like a
picture of his friend. He proceeds to click on the like button but the webpage
demands his login credentials again. This is because HTTP is a stateless
protocol and the Facebook server has already forgotten the identity of the user.
So, every time a user has to perform some action on the Facebook webpage, he has
to provide his identity details to the Facebook server. This is indeed a very
tiresome job. To prevent this, the Facebook server sends a unique cookie to the
user's computer when he first provides his credentials and requests for the
This cookie stays stored on the user's web browser. Now, when the user clicks
the like button, the request is sent to the Facebook server along with the
unique cookie. The server immediately recognizes the user through the cookie
that came along with the request. This saves the user from the pain of logging
in repeatedly for every action performed. Thus, cookies are a great time,
energy, and capital savers.
Third-Party Cookies and Personalized AdvertisementsThe cookies discussed above are first-party cookies. This means that the cookie
is sent by the server of the same webpage for which the user requested, in the
above case, Facebook. But when the cookies are sent not by the requested web
server but by the server of a different entity, they are called third-party
cookies and are also known as tracker cookies.
Third-party cookies are generally used by advertisers and ad brokering agencies
to keep a track of users' activities online. This helps them to pinpoint their
potential customers and serve them advertisements according to their interests.
These advertisements which are displayed on the users' system after keeping a
track of their online activity using third-party cookies are known as
Third-party cookies work in pretty much the same way as first-party cookies. The
only difference is that the server sending the cookie to the user's computer
isn't the server whose webpage the user requested. To understand this more
clearly let us take an example of a publisher who is willing to rent some space
on his websites for advertisements to gain some extra income. So, he approaches
an agency to get a good deal.
The agency is already in contact with many advertisers who are willing to
display their advertisements on the publisher's website. The agency then sends
lines of code to the publisher so that he can place the advertisement on his
webpage. These lines of code connect the webpage of the publisher to the server
of the agency or the advertiser.
This is done so that when the user clicks on the advertisement, he will be
redirected to the advertiser's website. Along with the lines of code, however,
are also third-party cookies. They get stored on the user's hard disk and
monitor his online activities on the behalf of the advertisers or the agency.
This data is then sent back to the agency which processes it to determine what
sort of ads would it serve to the user next time so that there are more chances
of him buying the product.
This simple exercise in electronics could amount to surveillance and a breach of
online privacy. These cookies can get access to sensitive information such as
name, age, sexual orientation, occupation, income, and location that the user
wouldn't otherwise disclose. Although generally, the only purpose of third-party
cookies is to serve better advertisements to the user, they may be utilized to
do much more harm as we saw in the Cambridge Analytica Case.
The user that generates the data has a primary right to it. Google whose
browser, Google Chrome, holds as much as 64% of the traffic on the internet, has
decided to phase out third-party cookies by 2023. But the trends have shown that
they are continually pushing back on their self-imposed deadline. Google says
that it will begin phasing them out in the mid of 2024.
Privacy is a basic human right. Legislation is the most powerful tool to counter
this modern breach of privacy. Legal systems of Europe and America have answered
their call and formulated two forerunner legislations to safeguard the personal
data of their citizens from going into the hands of ruthless tech corporates.
European Union has General Data Protection Regulation (GDPR) and the California
State of USA has formulated California Consumer Privacy Act (CCPA).
The Government of India withdrew the Personal Data Protection Bill from the
Parliament on the 4th of August, 2022. It had been a point of debate in the
Parliament since its introduction in 2019. The state must pay heed to the
current demand for online privacy and should protect its citizens from the
detrimental effects that can take place upon its breach.
The Digital Personal Data Protection Bill, which the government rolled out for
public suggestions, seems like the only light of hope currently. As of now,
Section 43A and 72A of the Information Technology Act, 2000, are all that the
citizens of India have with respect to the use of personal data online.
Cookies are only a small part of the problem with online privacy in India.
Algorithms are altogether different problem that can have far-reaching economic
implications. The absence of legislation on algorithms in India could have a
detrimental effect on the healthy competition between market players. The
Government of India needs to act swiftly, as time is of great essence.
Law Article in India
You May Like
Legal Question & Answers