Third-Party Tracking Cookies and Data Privacy

9 Pages Posted: 14 May 2012 Last revised: 18 Apr 2013

See all articles by Ian D. Mitchell

Ian D. Mitchell

Northern Kentucky University - Salmon P. Chase College of Law

Date Written: April 25, 2012


Public discourse these days is replete with concerns about data security and information privacy. One of the major themes of these conversations is the concept of waiver and what rights to privacy are actually waived when engaging with parties over the internet. A significant mode of this theme involves the use of “cookies” which are surreptitiously installed on users’ computer hard drives during common internet transactions. While cookie-use plays a substantial role in making web-based transactions more efficient, even for the user, the concern about cookies focuses on the fact that third parties to the transaction are often able to use the information collected from cookies and aggregate it. Aggregated data can then be used to construct a highly informative profile of the individual user or consumer which would be highly difficult, if not impossible, to get from any other source. In spite of the fact that most internet users are aware of the technological times in which we live, many users would not believe that such data collection is reasonable given the context in which the collection takes place.

Online advertisers increasingly use consumers' collected personal data to design more individually relevant purchasing experiences. Often, this takes place through third-party tracking “cookies.” Website visitors, usually without their knowledge, provide third-parties with invasive, identifiable personal information like consumer and web-browsing history. In the name of a providing a better buying experience, these advertisers compile digital profiles of users and exploit this information to their advantage. However, what constitutes a reasonable expectation of privacy in e-commerce should be redefined, starting with establishment of default rules that favor consumers' data privacy. This paper argues that the presumption going forward regarding third-party tracking should be that, in addition to default “opt-out” rules, a combination of government and industry forces needs to come together in order to achieve comprehensive regulation that meets the needs of individual data privacy and successful commerce.

Keywords: privacy, cookies, tracking, data privacy, technology, Google, Apple, Safari, DoubleClick

JEL Classification: K23, K39

Suggested Citation

Mitchell, Ian D., Third-Party Tracking Cookies and Data Privacy (April 25, 2012). Available at SSRN: or

Ian D. Mitchell (Contact Author)

Northern Kentucky University - Salmon P. Chase College of Law ( email )

Nunn Hall
Highland Heights, KY 41099
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics