Information Privacy Law
Professor Ohm
Worksheet on
Judges and Agencies’ Descriptions of Internet Cookies
In re DoubleClick (S.D.N.Y. 2001).
When users visit any of these DoubleClick-affiliated Web sites, a “cookie” is placed on their hard drives. Cookies are computer programs commonly used by Web sites to store useful information such as usernames, passwords, and preferences, making it easier for users to access Web pages in an efficient manner. However, Plaintiffs allege that DoubleClick’s cookies collect “information that Web users, including plaintiffs and the Class, consider to be personal and private, such as names, e-mail addresses, home and business addresses, telephone numbers, searches performed on the Internet, Web pages or sites visited on the Internet and other communications and information that users would not ordinarily expect advertisers to be able to collect.” DoubleClick’s cookies store this personal information on users’ hard drives until DoubleClick electronically accesses the cookies and uploads the data. . . .
Once DoubleClick collects information from the cookies on users’ hard drives, it aggregates and compiles the information to build demographic profiles of users. Plaintiffs allege that DoubleClick has more than 100 million user profiles in its database. Exploiting its proprietary Dynamic Advertising Reporting & Targeting (“DART”) technology, DoubleClick and its licensees target banner advertisements using these demographic profiles.
In re Pharmatrack (1st Cir. 2003).
A cookie is a piece of information sent by a web server to a web browser that the browser software is expected to save and to send back whenever the browser makes additional requests of the server[1](such as when the user visits additional webpages at the same or related sites). A persistent cookie is one that does not expire at the end of an online session. Cookies are widely used on the internet by reputable websites to promote convenience and customization. Cookies often store user preferences, login and registration information, or information related to an online “shopping cart.” Cookies may also contain unique identifiers that allow a website to differentiate among users.
Each Pharmatrak cookie contained a unique alphanumeric identifier that allowed Pharmatrak to track a user as she navigated through a client's site and to identify a repeat user each time she visited clients' sites. If a person visited in June 2000 and in July 2000, for example, then the persistent cookie on her computer would indicate to Pharmatrak that the same computer had been used to visit both sites.[2]As NETcompare tracked a user through a website, it used JavaScript and a JavaApplet to record information such as the URLs the user visited. This data was recorded on the access logs of Pharmatrak's web servers.
UK ICO, Guidance on the Rules on Use of Cookies and Similar Technologies (May 2012).
A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies are then sent back to originating website on each subsequent visit. Cookies are useful because they allow a website to recognise a user’s device. The Regulations apply to cookies and also to similar technologies for storing information. This could include, for example, Local Shared Objects.
For more information see:
In re Google Cookie Placement (3rd Cir. 2015).
As pled in the complaint:
To inject the most targeted ads possible, and therefore charge higher rates to buyers of the ad space, these third-party companies ... compile the [i]nternet histories of users. The third-party advertising companies use “third-party cookies” to accomplish this goal. In the process of injecting the advertisements into the first-party websites, the third-party advertising companies also place third-party cookies on user’s computing devices. Since the advertising companies place advertisements on multiple sites, these cookies allow these companies to keep track of and monitor an individual user’s web activity over every website on which these companies inject ads.
These third-party cookies are used by advertising companies to help create detailed profiles on individuals ... by recording every communication request by that browser to sites that are participating in the ad network, including all search terms the user has entered. The information is sent to the companies and associated with unique cookies—that is how the tracking takes place. The cookie lets the tracker associate the web activity with a unique person using a unique browser on a device. Once the third-party cookie is placed in the browser, the next time the user goes to a website with the same [d]efendant’s advertisements, a copy of that request can be associated with the unique third-party cookie previously placed. Thus the tracker can track the behavior of the user....
1
[1]M. Enzer, “Glossary of Internet Terms,”(defining and discussing cookies). A browser, in turn, is a user's interface to the Web.
[2]Pharmatrak's cookies expired after ninety days.