Not Similar to Cookies: Device and Browser Fingerprinting as Sensitive Personal Data
26 Pages Posted: 22 Jul 2021
Date Written: December 16, 2020
Abstract
Browser and device fingerprinting are especially pernicious methods of online tracking, but most legal responses have not distinguished them from a more well- known mechanism, cookies, despite having a reputation as being ‘creepy’. I contend that they deserve separate consideration, owing to the distinct privacy challenges they present.
In this paper I briefly explain what fingerprinting is, summarise how online trackers use it, and explore the privacy issues raised, especially as compared to cookies. I evaluate the current constraints on fingerprinting using Lessig’s norms/ market/architecture/law framework of regulation modalities. I then discuss why fingerprints should not only be considered as distinct from cookies, but should also be considered as sensitive data, deserving of a distinct legal response. Finally, I outline potential legal responses to fingerprinting, exploring their tradeoffs.
Keywords: internet, privacy, law, fingerprinting, web
Suggested Citation: Suggested Citation