File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Cookies, Personalized Advertisements and Digital Privacy

A company called Global Science Research developed an app called 'This is Your Digital Life' in 2013 with an aim of targeting Facebook users. It collected their online data and maintained track of their web surfing regime with the help of online advertisements (emphasis added). In 2016, Cambridge Analytica, a British firm, prepared a psychological profile of the users based on this data and allegedly helped Donald Trump win the 2016 presidential nomination.

This firm was widely accused of interfering with the Brexit Referendum too. Facebook apologized for its role in data harvesting and its CEO Mark Zuckerberg testified in front of Congress. In July 2019, it was announced that Facebook was to be fined $5 billion by the Federal Trade Commission due to its privacy violations. In October 2019, Facebook agreed to pay a 500,000 fine to the UK Information Commissioner's Office for exposing the data of its users to a "serious risk of harm". In May 2018, Cambridge Analytica filed for bankruptcy.

This incident makes us understand and appreciate the value of personal data in modern times. Skilled processing of the personal data of the masses can make or break governments and change the face of national policy. Such is its impact. These sorts of incidents also highlight the significance of online privacy and the protection of personal data.

Online Privacy

Computer privacy covers the way your personal information is used, collected, shared, and stored on your personal devices while you are on the internet. The Supreme Court of India in Justice K.S. Puttaswamy (Retd.) v. The Union of India (2017), declared that the Right to Privacy is a fundamental right under Article 21 of the Constitution.

People that surf the internet on a regular basis often get to see advertisements that are closely related to their surfing history. The advertisements are so on-point that sometimes the user gets surprised because the advertisement is just the product, the user required at that moment. This may seem convenient to some people, but for others, it may cast doubt.

The advertisers know a great deal about the user. This may not cut off well with some people as they value their privacy over anything. The right to not get surprised is foremost when it comes to online privacy.

How do Online Advertisements Work?

There are three entities in the online advertisement market- publishers, brokering agencies, and advertisers. The publisher is the owner of the website. He is the person who has free space on his website which he is willing to give up for advertisement in order to monetize his website. Advertisers are the people who want their product to be displayed on the publisher's website so that they get more footfall.

Advertisers and publishers, both are registered on a brokering agency such as Google Ads, so it is convenient for both of them to crack a deal without the trouble of searching for each other in the open market. The agency, in turn, charges some commission on the transaction which is its prime source of income.

The advertisers soon realized that instead of wasting their capital to display advertisements just anywhere and everywhere, it would be much more fruitful if they would target their potential customers and not just everyone. As the famous saying goes- necessity is the mother of invention, in our story, this necessity gave birth to an entity that could track the online habits of the masses and help advertisers identify their potential customers. This invention was called third-party cookies.


The protocol we use on the internet is HTTP (Hyper-Text Transfer Protocol) which is a stateless protocol. This means that once the server sends the requested webpage to the user and the user receives the webpage, it forgets to whom it sends it. Thus, remembering the user of the web page throughout the surfing session was proving to be very time consuming and expensive for web servers.

So, an employee of Netscape Browser in 1994 invented cookies that are sent by the servers to the users along with the requested web page. These cookies get stored on the user's web browser and are sent to the server when the user requests the same web page again. The server then identifies the user from the cookie that came along with the request and the session goes on smoothly.

To understand this more clearly suppose that a user wants to log into Facebook. So, he sends his login credentials to the Facebook server and receives the requested web page as a response. Now suppose that the user wants to like a picture of his friend. He proceeds to click on the like button but the webpage demands his login credentials again. This is because HTTP is a stateless protocol and the Facebook server has already forgotten the identity of the user.

So, every time a user has to perform some action on the Facebook webpage, he has to provide his identity details to the Facebook server. This is indeed a very tiresome job. To prevent this, the Facebook server sends a unique cookie to the user's computer when he first provides his credentials and requests for the Facebook page.

This cookie stays stored on the user's web browser. Now, when the user clicks the like button, the request is sent to the Facebook server along with the unique cookie. The server immediately recognizes the user through the cookie that came along with the request. This saves the user from the pain of logging in repeatedly for every action performed. Thus, cookies are a great time, energy, and capital savers.

Third-Party Cookies and Personalized Advertisements

The cookies discussed above are first-party cookies. This means that the cookie is sent by the server of the same webpage for which the user requested, in the above case, Facebook. But when the cookies are sent not by the requested web server but by the server of a different entity, they are called third-party cookies and are also known as tracker cookies.

Third-party cookies are generally used by advertisers and ad brokering agencies to keep a track of users' activities online. This helps them to pinpoint their potential customers and serve them advertisements according to their interests. These advertisements which are displayed on the users' system after keeping a track of their online activity using third-party cookies are known as personalized advertisements.

Third-party cookies work in pretty much the same way as first-party cookies. The only difference is that the server sending the cookie to the user's computer isn't the server whose webpage the user requested. To understand this more clearly let us take an example of a publisher who is willing to rent some space on his websites for advertisements to gain some extra income. So, he approaches an agency to get a good deal.

The agency is already in contact with many advertisers who are willing to display their advertisements on the publisher's website. The agency then sends lines of code to the publisher so that he can place the advertisement on his webpage. These lines of code connect the webpage of the publisher to the server of the agency or the advertiser.

This is done so that when the user clicks on the advertisement, he will be redirected to the advertiser's website. Along with the lines of code, however, are also third-party cookies. They get stored on the user's hard disk and monitor his online activities on the behalf of the advertisers or the agency. This data is then sent back to the agency which processes it to determine what sort of ads would it serve to the user next time so that there are more chances of him buying the product.

This simple exercise in electronics could amount to surveillance and a breach of online privacy. These cookies can get access to sensitive information such as name, age, sexual orientation, occupation, income, and location that the user wouldn't otherwise disclose. Although generally, the only purpose of third-party cookies is to serve better advertisements to the user, they may be utilized to do much more harm as we saw in the Cambridge Analytica Case.

The user that generates the data has a primary right to it. Google whose browser, Google Chrome, holds as much as 64% of the traffic on the internet, has decided to phase out third-party cookies by 2023. But the trends have shown that they are continually pushing back on their self-imposed deadline. Google says that it will begin phasing them out in the mid of 2024.

Legal Aspects
Privacy is a basic human right. Legislation is the most powerful tool to counter this modern breach of privacy. Legal systems of Europe and America have answered their call and formulated two forerunner legislations to safeguard the personal data of their citizens from going into the hands of ruthless tech corporates. European Union has General Data Protection Regulation (GDPR) and the California State of USA has formulated California Consumer Privacy Act (CCPA).

The Government of India withdrew the Personal Data Protection Bill from the Parliament on the 4th of August, 2022. It had been a point of debate in the Parliament since its introduction in 2019. The state must pay heed to the current demand for online privacy and should protect its citizens from the detrimental effects that can take place upon its breach.

The Digital Personal Data Protection Bill, which the government rolled out for public suggestions, seems like the only light of hope currently. As of now, Section 43A and 72A of the Information Technology Act, 2000, are all that the citizens of India have with respect to the use of personal data online.

Cookies are only a small part of the problem with online privacy in India. Algorithms are altogether different problem that can have far-reaching economic implications. The absence of legislation on algorithms in India could have a detrimental effect on the healthy competition between market players. The Government of India needs to act swiftly, as time is of great essence.

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly