Not Similar to Cookies: Device and Browser Fingerprinting as Sensitive Personal Data

Nottingham, Mark

doi:10.2139/ssrn.3890545

Download This Paper

Open PDF in Browser

Add Paper to My Library

Not Similar to Cookies: Device and Browser Fingerprinting as Sensitive Personal Data

26 Pages Posted: 22 Jul 2021

See all articles by Mark Nottingham

Mark Nottingham

University of Melbourne - Melbourne Law School

Date Written: December 16, 2020

Abstract

Browser and device fingerprinting are especially pernicious methods of online tracking, but most legal responses have not distinguished them from a more well- known mechanism, cookies, despite having a reputation as being ‘creepy’. I contend that they deserve separate consideration, owing to the distinct privacy challenges they present.

In this paper I briefly explain what fingerprinting is, summarise how online trackers use it, and explore the privacy issues raised, especially as compared to cookies. I evaluate the current constraints on fingerprinting using Lessig’s norms/ market/architecture/law framework of regulation modalities. I then discuss why fingerprints should not only be considered as distinct from cookies, but should also be considered as sensitive data, deserving of a distinct legal response. Finally, I outline potential legal responses to fingerprinting, exploring their tradeoffs.

Keywords: internet, privacy, law, fingerprinting, web

Suggested Citation: Suggested Citation

Nottingham, Mark, Not Similar to Cookies: Device and Browser Fingerprinting as Sensitive Personal Data (December 16, 2020). Available at SSRN: https://ssrn.com/abstract=3890545 or http://dx.doi.org/10.2139/ssrn.3890545