To be successful, ecommerce sites require information about
site visitors.
What sites are the top referrers? Which search engine
produces the most traffic? How long do visitors remain
on-site, what is their pathway through the site, and what
pages do they exit from?
One method of collecting this information is often referred
to as using 3rd party cookies. If you use 3rd party
cookies, are you aware of the privacy concerns, and will
you be liable for a privacy policy breach?
What's A "Cookie" Anyway?
A cookie is a message given to a Web browser by a Web
server. The browser stores the message in a text file
called cookie.txt. The message is then sent back to the
server each time the browser requests a page from the
server.
Information gained with cookies helps the Web server track
such things as user preferences and data that the user may
submit while browsing the site. For example, a cookie may
include information about the purchases that the user makes
(if the Web site is an ecommerce site), or the cookie may
"remember" the user's contact information so the user will
not have to re-key it on future site visits.
1st Party and 3rd Party Cookies Distinguished
There is an important difference between 1st party and 3rd
party cookies. If you use 1st party cookies, they are
passed to a visitor by your site, and the data generated
remains with your site. On the other hand, if you hire an
independent company (such as Google with its Google
Analytics program) to pass the cookie, that cookie is
called a 3rd party cookie.
Privacy Concerns With 3rd Party Cookies
Privacy concerns arise from the fact that the data
generated with 3rd party cookies resides on the servers of
the 3rd party --- not your server. The fact that you do not
control these 3rd party sites and their use of this data
has raised concerns among many users. For example, users
have questioned whether these 3rd party sites aggregate the
data among many sites and report ecommerce trends to the
media, or whether the 3rd party sites use the data for
purposes of cross-website profiling and ad targeting.
And what is your legal obligation to disclose the use of
3rd party cookies? In the European Union, it's illegal to
pass cookies without informing users that you do, what
they're used for, and how they can be avoided, and it's
generally believed that the failure to adequately disclose
the details of the use of 3rd party cookies is a violation
of EU law.
In the US, there is an evolving debate regarding the same
issues, and the answers are less certain.
Conclusion
It's recommended that if you use 3rd party cookies, you
clearly disclose in your privacy policy the distinction
between 3rd and 1st party cookies, and how they're used and
avoided.
Be careful, however, in amending your Privacy Policy
because amendments may not be effective retroactively for
data collected with 3rd party cookies prior to the
amendment.
----------------------------------------------------
Chip Cooper is a leading intellectual property, software,
and Internet attorney who advises software and ecommerce
businesses nationwide. Chip's 25+ years of experience
include 20 years as Adjunct Professor of Computer Law at
Wake Forest University School of Law. Visit Chip's
http://www.digicontracts.com site and download his FREE
newsletter, Website Law Alert, and also learn about his
"Do-It-Myself" and "Do-It-For-Me" service options.
No comments:
Post a Comment