Internet cookies and their effect on our privacy and right to information

Image Credit: Lisa Fotios

Jana Joha discusses the overwhelming presence of internet cookies in your browsing life and the effect that they have on our privacy and right to information.

Internet cookies have become an essential and inescapable part of how we browse and search on the internet today. Every time we visit a website we are prompted with a notification asking for our consent to accept cookies. Internet cookies can be useful by helping web developers give users a more personal and convenient experience on their websites. The most common function of cookies is that they let websites remember users’ login details and the items placed in their shopping carts. All this information allows for an enjoyable experience when web browsing but are there hidden dangers?

The modern-day internet cookie or HTTP cookie is a small piece of data that gets stored on a computer’s hard drive whenever a user visits or browses a webpage that uses cookies. Cookies are used to identify your computer whenever you log onto a website. They have various functions but the most simple function is to let websites remember your log in details, allowing you to reopen a webpage if you closed out of it without having to log in again. Cookies also allow websites to track a user’s browsing activity and history in order to serve up targeted ads. That’s why, for example, if you were to search for something on Amazon you might see ads related to what you searched for on your Facebook feed later that day. In addition, cookies are used by website owners to track exactly how many unique users visit and use their website. This is possible due to the fact that cookies stored on a user’s computer have unique IDs. Therefore, if you were to visit the same webpage multiple times in a day it would recognise you as one user instead of multiple. This allows website owners to collect more accurate data about their website traffic. 

The modern-day cookie was invented back in 1994 by 24-year-old web browser programmer Lou Montulli. At the time, Montulli was working for Netscape Communications which was having trouble storing shopping cart data while consumers were browsing their website. Their servers couldn’t cope with the overwhelming amount of data and therefore, Montulli was tasked with finding a way to store that data on users’ computers instead of on the company’s servers. Montulli was successful and used an old tool called ‘Magic Cookie’ as inspiration for developing the HTTP cookie. Magic Cookie is an old computing term referring to the data that is shared when a user logs into a system. This small piece of data is shared between the user’s computer and the server. Montulli took this idea and repurposed it for internet browsing. The company was then able to save space on their servers and in turn save money. Cookies today are still used to identify computers but now they have the added function of tracking user activity. This can be very helpful - or it can be a breach of privacy depending on how the website decides to use the information. 

There are different types of HTTP cookies which have specific features. Session cookies and persistent cookies have different expiry dates. Session cookies only save data in a computer’s temporary memory while the user is browsing a website. These cookies are sometimes called transient or non-persistent cookies and are automatically deleted when the user ends a session. However, persistent cookies do not delete after a session ends. Instead, they remain on the computer and expire at a specific date or after a certain period which is determined by the website. During its lifespan, it will send data to the server every time a user visits the website it belongs to, or every time a user views a resource which belongs to that website, such as an advertisement. Therefore, these cookies are called tracking cookies and are used by advertisers or website owners to track and record user activity and browsing habits over longer periods of time. This tracking helps websites to suggest items or ads that might interest users based on their browsing history. Gradually, a profile of the user is created. 

Another important type of cookie is the third-party cookie.  Unlike a first-party cookie that is directly created by the website that the user is viewing, third-party cookies are generated by other websites which are completely different from the web page that the user is currently browsing. These cookies typically appear on web pages that have content, such as banner advertisements, or ones that are linked to other websites. For example, you might be browsing a website that has a button to like or share on Facebook embedded into it. Having this feature means that the website is able to communicate with Facebook, allowing Facebook to send their own cookies through this website, which get stored on your computer to track your activity. Facebook tracks your activity on a completely unrelated site in order to serve up targeted ads on your Facebook newsfeed later. Visiting a website that has, for example, 10 ads may generate 10 different cookies, even if the user never clicked on those ads. 

A more concerning type of third-party cookie is a zombie cookie. These cookies are generated by other websites and are permanently installed onto users’ computers, even when they opt not to install. They are incredibly difficult to remove and can even reappear after being deleted, hence the name ‘zombie’ cookie. Web analytics companies use these cookies to track internet usage and user browsing histories. In addition, they allow web traffic tracking companies to retrieve unique user IDs and track their personal browsing habits. 

Concerns over the use of third-party cookies have spurred the European Union to introduce regulations on data protection and privacy. The General Data Protection Regulation or the GDPR aims to give individuals control over their personal data. Websites are now required to be GDPR compliant which involves informing users of the website’s cookie policy and giving the option to opt-out of cookies. 

It’s worth pointing out that not all cookies aim to create a privacy breach, however, concerns over the use of cookies speak to a greater issue of data protection and privacy. Recently, the Irish government decided to ban access to all records related to the Mother and Baby Homes Commission for a period of 30 years. Critics of this bill have argued that the right to access these records is determined by the EU privacy law, GDPR. However, under Irish legislation, access rights can be restricted in certain circumstances if they would potentially impede the operation of commissions or future witness cooperation. The Data Protection Commissioner has asked for the government to demonstrate why it’s necessary to restrict rights of access. 

On October 25th 2020, President Michael D Higgins signed into law the controversial Mother and Baby Homes record legislation that protected access to the records and only allowed those with personal connections to access their information. Recent events and the use of internet cookies raise the question of whether or not we have real control over our personal data. How can we ever be sure what our cookie data is used for and can the GDPR truly protect our privacy and rights?