Why in News:

• Google and Facebook were hit with a combined 210 million Euros fine for not complying with France’s data privacy law. The country’s data protection authority, CNIL, said that Facebook, Google’s French homepage and YouTube websites failed to provide its users a ‘disable’ cookies option similar to the enable button.

What are cookies

• Cookies and web beacons are electronic placeholders that are kept on your device by websites to track your specific movements on that website over time. They are useful to a limited extent to individual users. For example, cookies retain login details for quick retrieval next time the user logs back in. But they also extensively track people’s digital footprint and share browsing details with advertisers.
• HTTP cookies, or Internet cookies, have become an essential fixture of the modern Internet, and are a necessary part of web browsing. For developers, this tracking tool is a way to customise and personalise their interface for users. But they pose a threat to user privacy.
• Using cookies, websites remember the user , user login credentials, browsing history, and sometimes peep into e-commerce shopping carts. The data these cookies gather is largely used by advertisers and marketers to place and sell their products online.
• Most cookies are perfectly safe, and are generated by the websites themselves to enhance their page’s performance. These are usually harmless, and are commonly called necessary cookies.
• Third-party cookies are more troubling as they are placed by companies that do not own the website the user is accessing. For example, a student may be surfing an educational website that contains advertisements of various other companies. These advertisers can deploy relevant cookies to track the user’s digital footprint.

Why was the fine imposed?

• The authority said these websites made it hard for users to refuse cookies and nudged them to accept it. They required users to make several clicks and take a circuitous route to disable cookies, which affects the website visitor’s freedom of consent on the Internet.
• A user expects to be able to quickly check a website, and the fact that they can’t refuse cookies as easily as they can accept them influences their choice in favour of consent.

India and cookie laws

• India should draft rules to protect its citizens from being stalked by large tech firms, which control a significant part of the digital space.
• India has no comprehensive personal data protection at the moment.
• While some experts note that the use of cookies without the user’s consent could be subsumed under Section 43 of the Information Technology Act, in the absence of any explicit legislation, companies can circumvent the law by finding technical loopholes. For instance, the Section deals with a ‘computer virus’ that can potentially contaminate an electronic device. But cookies don’t harm the computer like malware.
• The draft Personal Data Protection Bill (PDP), 2019, is also not up to the mark on regulating cookies.
• The Bill defines ‘personal data’ as any information about a natural person who can be directly or indirectly identified. This means, businesses that use cookies can argue that their web trackers inherently cannot spot a ‘natural’ person.

 Reference:

1. https://www.thehindu.com/sci-tech/technology/following-the-trail-of-crumbs/article38213707.ece