Online Privacy and Cookies


Big Brother is watching you

Twenty-five years ago, at the beginning of the 1990s, the world’s first web servers were receiving their first electronic requests for web pages and storing the IP addresses and other metadata of the requesters in their log files. Web analytics has since grown to become a vital tool in the armoury of any digital business. But have things gone too far? With so much personal data being shared and tracked so widely, a good think about privacy online has never been so important.

All your data belongs to us

Who owns your personal data? Who has access to it? These are some of the big questions of our time, the counterweight to the marketers’ dream come true – big data and the ease of data collection in the digital realm. It makes a lot of sense to collect data, process, analyse and use it to drive business improvements. What is not always considered, is the issue of data protection and privacy: what safeguards should be in place to protect personal data? Who should be in control of the data? To what extent should people be told upfront about how their personal data is being collected and used?

In many jurisdictions, personal data is well protected by law. Here in Australia the Privacy Act 1988 is the principal body of law that protects individuals’ privacy. In the European Union (EU), personal data is quite famously protected: those pesky cookie permission alerts found on many websites are often there to comply with various EU laws.The recent judgment of the European Court of Justice in the ‘Schrems v Facebook’ case has knocked many websites for six in having effectively ruled illegal common practices in exporting personal data out of the EU.

By the time you’ve wrestled with the consideration of whether you have given informed consent to the use of their data, it may be tempting just to throw up your hands and declare data more of a liability than an asset!

Tracking website visits

HTTP cookies were first invented as an ingenious way around the fact that the web is inherently stateless. The inventor of them designing a method for little packets of data – the ‘cookies’ – to pass shopping cart information from one web page to the next in an early ecommerce application. It didn’t take long before people realised the power of cookies in tracking web usage for reporting and analysis.

If you were around on the web in its early days, you probably remember – with an appropriate mix of fondness and horror – the simple hit counters that were often installed on sites, sometimes little more than a gentle ego-massage for the website owner (and sometimes a vector for some early blackhat SEO techniques, but that’s another story).


Things have come on a long way since then. Google Analytics burst onto the scene in 2005 and by 2014 it was estimated to be in use on around half of all websites and was installed on 80% of all websites that used an analytics tracking solution. Central to how Google Analytics works to track users across sessions is a first-party cookie (one ‘belonging’ to the website you visit rather than to a third-party provider of content).


Google Analytics and its competitor products are ubiquitous on today’s web. But it doesn’t stop there, with many large modern websites having untold numbers of analytics, marketing and other trackers. As an example, a visit to the Sydney Morning Herald (the 16th most popular site in Australia, Alexa estimates) sent data to 45 different trackers in a test visit for this blog.


That’s not to single out the site; that amount of tracking is far from unusual. Although, not everyone wants to be tracked when browsing the web. However much we, wearing our analyst hats, crave all this juicy data about our visitors, the fact remains that tracking blockers are among the most popular browser extensions in use. Extensions such as Ghostery and NoScript can be used to block tracking, and the ad-blocking extension AdBlock is claimed to be the most popular extension of all for Google’s Chrome browser. People are perfectly entitled to use these extensions, but is it right for them to do so? In truth, there is no single correct answer to that, and it probably comes down to individual choices around ethics and the amount of control desired over personal data.

Give and take

To a certain extent, there’s nothing new about all the tracking and personal data transmission on the web. For decades, if not centuries, vendors and service providers have been keeping databases and tracking customers in some form or other. What is different is really just the power of data mining and ‘big data’ technology to analyse and personalise so effectively and so quickly.

Let us not forget, that giving up our data, letting ourselves be tracked and being the ‘product’ to be sold to advertisers, we are allowing ourselves to benefit from a plethora of free websites. By letting companies use our personal data, they can target us better with ads that are meaningful to us. This is a better use of advertising budgets and a more beneficial experience for us as consumers when we see adverts tailored to our interests. We’ve also enabled an ecosystem of commercial enterprise, the likes of which we could barely have imagined a generation ago. We give, and we take — the question is, are we getting a fair exchange of value?