{"id":520,"date":"2022-04-15T18:00:07","date_gmt":"2022-04-15T18:00:07","guid":{"rendered":"http:\/\/takhte.in\/VoiceofViews\/?p=520"},"modified":"2022-04-18T13:47:46","modified_gmt":"2022-04-18T13:47:46","slug":"biting-the-cookie-informed-consent-and-the-right-to-privacy","status":"publish","type":"post","link":"https:\/\/takhte.in\/VoiceofViews\/biting-the-cookie-informed-consent-and-the-right-to-privacy\/","title":{"rendered":"Biting the Cookie: Informed Consent and The Right to Privacy"},"content":{"rendered":"\n

Mahathi U
The National University of Advanced Legal Studies, Kochi, Kerala<\/em><\/p>\n\n\n\n

The methods of production, collection, combination, sharing, storage, and analysis of data on the internet are rapidly reorienting and thereby redefining personal data and the protection that ought to be given to it. Owing to this constant change, online privacy remains a predicament to consumers, policymakers, and web organizations. <\/p>\n\n\n\n

When a website reads, “We use cookies to give you the best online experience,” this message is either ignored or accepted by the user. In doing so, little does the user know about these tiny text files that can be used to intrude into his privacy and access his data. Neither the Data Protection Bill nor the IT Act contains provisions to regulate cookies. A few provisions are so broad that cookies might fall under their ambit. But such legislative gaps only serve to weaken the privacy of people using the internet. This article attempts to propose a stipulation in Indian law to monitor and control the use of cookies on the world wide web. <\/p>\n\n\n\n

That’s How the Cookie Crumbles:<\/strong><\/p>\n\n\n\n

The archetypal method of locating and tracking user activity online entails placing small text files or “cookies” on a user’s hard drive, which are given back to that website during successive visits by the user. They may be designed to stay on the hard drive for only the online session, which is currently in progress; they can be fashioned to last for any period or be designed to last eternally.<\/p>\n\n\n\n

Undeniably, a few websites need cookies to operate effectively. E-commerce hubs form a part of this category, requiring the placement of cookies in the shopper’s drive in order to discern that shopper as the person who stored his items in his virtual shopping cart (Chapman and Dhillon 2002). However, cookies can make up an invasion of privacy from various standpoints: viz, their capacity to track users’ online behaviour; their clandestineness; their pervasiveness and duration; users’ lack of knowledge regarding the degree of threat they pose, their control and usage and their use by third parties. <\/p>\n\n\n\n

The rise in software potentiality that augments user knowledge of efforts to place cookies indicates that greater consilience between disclosure and practice could be favourable to website organisations. Though a priori<\/em> disclosure of cookies’ usage might lessen the negative effects of cookie detection of the user’s behavioural intentions, concerns about the ‘current process of disclosure’ are extant.<\/p>\n\n\n\n

 The rampancy of non – consensual identification has increased with the use of third-party cookies and original domain. These issues remain unaddressed and under-regulated by the Indian system. <\/p>\n\n\n\n

So, the Indian regime must learn from the EU’s ‘Cookie law’. The EU’s cookie law is essentially a cookie consent directive that protects personal data privacy in the EU. This directive was intended to be the user’s defense against data profiling, tracking user behaviour, the harvesting of personal data without consent, and unwelcome marketing tactics through unsolicited advertisements and other notices.<\/p>\n\n\n\n

As per a New York Times report, Europe is now the leading tech watchdog in the world, which is undoubtedly due to the existing cookie law and the broader GDPR (General Data Protection Regulation) and the new ePrivacy Regulation will also strengthen it. <\/p>\n\n\n\n

The pop-up windows and cookie consent notices that the user encounters as he surfs the web are attestations to the fundamental right to privacy under European law. Nevertheless, there are flaws in this regime, too, from which the Indian system needs to learn and improvise. <\/p>\n\n\n\n

The ePrivacy directive clearly states that trackers and cookies must not be placed before getting the user’s consent, regardless of whether they contain personal data or not, except for those cookies which are strictly necessary for the basic functioning of that website. Despite this, many of the notices and pop-ups merely state that their website “uses cookies to enhance the user experience,” leaving the users with the only option to double-click on the “OK”, to signify their permission to access their personal data. <\/p>\n\n\n\n

This results in a condition which is known as ‘consent fatigue.’ The user, in this situation, has no real choice of consent whenever he visits a website. Due to the lacuna, that user’s data continues to be harvested and marketed in the space below the internet visible to the naked eye, which makes up the most of that trillion-dollar economy. <\/p>\n\n\n\n

The Indian regime, by not regulating the use of cookies or equivalently efficacious technology, directly enfeebles the right to privacy granted to every person; and every user of the internet, in the instant case. Under the IT Act, Section 43 restricts the access, download, copy, or extraction of any data, computer database, or information from any computer, computer system, or computer network without the owner’s permission or the person in charge. Though this provision may, at large, be taken to include the regulation of cookies, the users’ right to be notified of the presence of cookies in a particular webspace and his right to ‘do-not-track me’ options have not been included. <\/p>\n\n\n\n

Privacy as a fundamental right is entrenched in Article 21 of the Indian Constitution. The Data Protection Bill, recommended by the B. N. Srikrishna Committee, does not incorporate this imperative provision to protect said right either. However, it does contain provisions for informed consent with an exhaustive list of requirements to be fulfilled for the consent to be considered informed.<\/p>\n\n\n\n

The suggestion made would be to append a provision which protects the personal data of the user, encompassing the facets of informed consent, the due process to be followed to obtain consent, and the rights and duties of a reasonable and responsible user of the internet, assuring the protection of his personal data.  <\/p>\n\n\n\n

The cookies lurking in users’ hard drive are nibbling away at their privacy and continue to leave a bad after-taste in the mouths of some, so dismiss the role of cookies at your own peril.  <\/p>\n\n\n\n

The methods of production, collection, combination, sharing, storage, and analysis of data on the internet are rapidly reorienting and thereby redefining personal data and the protection that ought to be given to it. Owing to this constant change, online privacy remains a predicament to consumers, policymakers, and web organizations. <\/p>\n\n\n\n

When a website reads, “We use cookies to give you the best online experience,” this message is either ignored or accepted by the user. In doing so, little does the user know about these tiny text files that can be used to intrude into his privacy and access his data. Neither the Data Protection Bill nor the IT Act contains provisions to regulate cookies. A few provisions are so broad that cookies might fall under their ambit. But such legislative gaps only serve to weaken the privacy of people using the internet. This article attempts to propose a stipulation in Indian law to monitor and control the use of cookies on the world wide web. <\/p>\n\n\n\n

That’s How the Cookie Crumbles:<\/strong><\/p>\n\n\n\n

The archetypal method of locating and tracking user activity online entails placing small text files or “cookies” on a user’s hard drive, which are given back to that website during successive visits by the user. They may be designed to stay on the hard drive for only the online session, which is currently in progress; they can be fashioned to last for any period or be designed to last eternally.<\/p>\n\n\n\n

Undeniably, a few websites need cookies to operate effectively. E-commerce hubs form a part of this category, requiring the placement of cookies in the shopper’s drive in order to discern that shopper as the person who stored his items in his virtual shopping cart (Chapman and Dhillon 2002). However, cookies can make up an invasion of privacy from various standpoints: viz, their capacity to track users’ online behaviour; their clandestineness; their pervasiveness and duration; users’ lack of knowledge regarding the degree of threat they pose, their control and usage and their use by third parties. <\/p>\n\n\n\n

The rise in software potentiality that augments user knowledge of efforts to place cookies indicates that greater consilience between disclosure and practice could be favourable to website organisations. Though a priori<\/em> disclosure of cookies’ usage might lessen the negative effects of cookie detection of the user’s behavioural intentions, concerns about the ‘current process of disclosure’ are extant.<\/p>\n\n\n\n

 The rampancy of non – consensual identification has increased with the use of third-party cookies and original domain. These issues remain unaddressed and under-regulated by the Indian system. <\/p>\n\n\n\n

So, the Indian regime must learn from the EU’s ‘Cookie law’. The EU’s cookie law is essentially a cookie consent directive that protects personal data privacy in the EU. This directive was intended to be the user’s defense against data profiling, tracking user behaviour, the harvesting of personal data without consent, and unwelcome marketing tactics through unsolicited advertisements and other notices.<\/p>\n\n\n\n

As per a New York Times report, Europe is now the leading tech watchdog in the world, which is undoubtedly due to the existing cookie law and the broader GDPR (General Data Protection Regulation) and the new ePrivacy Regulation will also strengthen it. <\/p>\n\n\n\n

The pop-up windows and cookie consent notices that the user encounters as he surfs the web are attestations to the fundamental right to privacy under European law. Nevertheless, there are flaws in this regime, too, from which the Indian system needs to learn and improvise. <\/p>\n\n\n\n

The ePrivacy directive clearly states that trackers and cookies must not be placed before getting the user’s consent, regardless of whether they contain personal data or not, except for those cookies which are strictly necessary for the basic functioning of that website. Despite this, many of the notices and pop-ups merely state that their website “uses cookies to enhance the user experience,” leaving the users with the only option to double-click on the “OK”, to signify their permission to access their personal data. <\/p>\n\n\n\n

This results in a condition which is known as ‘consent fatigue.’ The user, in this situation, has no real choice of consent whenever he visits a website. Due to the lacuna, that user’s data continues to be harvested and marketed in the space below the internet visible to the naked eye, which makes up the most of that trillion-dollar economy. <\/p>\n\n\n\n

The Indian regime, by not regulating the use of cookies or equivalently efficacious technology, directly enfeebles the right to privacy granted to every person; and every user of the internet, in the instant case. Under the IT Act, Section 43 restricts the access, download, copy, or extraction of any data, computer database, or information from any computer, computer system, or computer network without the owner’s permission or the person in charge. Though this provision may, at large, be taken to include the regulation of cookies, the users’ right to be notified of the presence of cookies in a particular webspace and his right to ‘do-not-track me’ options have not been included. <\/p>\n\n\n\n

Privacy as a fundamental right is entrenched in Article 21 of the Indian Constitution. The Data Protection Bill, recommended by the B. N. Srikrishna Committee, does not incorporate this imperative provision to protect said right either. However, it does contain provisions for informed consent with an exhaustive list of requirements to be fulfilled for the consent to be considered informed.<\/p>\n\n\n\n

The suggestion made would be to append a provision which protects the personal data of the user, encompassing the facets of informed consent, the due process to be followed to obtain consent, and the rights and duties of a reasonable and responsible user of the internet, assuring the protection of his personal data.  <\/p>\n\n\n\n

The cookies lurking in users’ hard drive are nibbling away at their privacy and continue to leave a bad after-taste in the mouths of some, so dismiss the role of cookies at your own peril.  <\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Mahathi UThe National University of Advanced Legal Studies, Kochi, Kerala The methods of production, collection, combination, sharing, storage, and analysis of data on the internet are rapidly reorienting and thereby redefining personal data and the protection that ought to be given to it. Owing to this constant change, online privacy remains a predicament to consumers, […]<\/p>\n","protected":false},"author":1,"featured_media":521,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[176],"tags":[221,192,214,222,191],"class_list":["post-520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-talks","tag-cookie","tag-free-online-publishing-platform","tag-mahathi","tag-privacy","tag-vov-writer"],"_links":{"self":[{"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/posts\/520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/comments?post=520"}],"version-history":[{"count":1,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/posts\/520\/revisions"}],"predecessor-version":[{"id":522,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/posts\/520\/revisions\/522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/media\/521"}],"wp:attachment":[{"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/media?parent=520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/categories?post=520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/takhte.in\/VoiceofViews\/wp-json\/wp\/v2\/tags?post=520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}