Publications

Web tracking, on the hunt for your personal data?
Publié le 3 September 2019

When hearing “web tracking”, it is hard to not think of the image of hunting a prey across a field, the term is impressive or even frightening. While surfing the net, you may have already wondered what footprint remains behind you? Who is behind the web tracking? What does the law state to protect you?

Web tracking is a means by which sites identify users and collect their browsing data. Web tracking can be done in several ways using the following tools: cookie, fingerprinting, beacons, session replay, mouse tracking etc.

 

1. The different trackers:

 

Trackers are the tools used to collect data on the user and track his or her behaviour through the various sites visited. There are two main types of them:

First-party trackers are the trackers that are used by the server of the website on which the user is browsing.

The information is not only sent to the server of the website on which the user is browsing. They may also be transmitted to any other website displaying resources on the visited site, such as images or scripts that are not visible to the user (transparent pixel). The latter are third-party trackers.

Third-party trackers have a bad reputation because they are mostly invisible to the user and do not allow him to explicitly express his consent. In addition, the data collected are sent to another site whose existence is rarely known to the user.

 

2. Who is behind the web tracking?

 

Mainly advertisers. After collecting this data, services (social networks, web analytics, Ad Tech, etc.) can therefore define a user ID that will be stored in a cookie or recorded as a fingerprint. This identifier allows the user to be tracked through different websites visited via the same browser.

The identification of a user is more accurate when they have connected to a logged space as some services require such as Facebook or Twitter. For example, the presence of a Facebook “like” button or a Twitter “tweet” button on a website allows social networks to know that the user has visited this website because a call is made to their servers with this information.

 

 3. Why is web tracking widespread across all web sites?

 

Tracking is used to display advertisements in a targeted manner to generate revenue. Targeted advertising generally generates more clicks when it is based on the user’s interests. The exploitation of user data therefore makes it possible to remunerate publishers.

Tracking tools can improve the user’s browsing experience by, for example, retaining language or interface customization preferences. This tracking is also necessary for product recommendations on e-commerce sites.

Finally, tracking makes it possible to ensure the security of the web through the analysis of suspicious behaviour.

 

4. What does the law say to protect Internet users?

 

The notion of consent is essential to guarantee the protection of users’ personal data, already defined in the French Data Protection Act and consolidated by the GDPR in Articles 4 and 7 of the European Regulation.

Last July, the CNIL published new guidelines on cookies and other tracking devices in order to strengthen the application of free and informed consent to Internet users. The two main axes of these guidelines concern consent to the deposit of cookies and the need for operators to prove that consent has been obtained.

The ePrivacy Regulation – aimed at regulating the use of personal data in the field of electronic communications and harmonizing European legislation – is still awaiting its entry into force.

A simple solution to allow the user to protect himself against tracking is to make private browsing more widespread. Although this means of navigation does not protect against tracking on the terminal, it is quite effective against user tracking for advertising purposes. Indeed, cookies only last for the duration of the session and fingerprinting is limited to a generic browser that many users share.

Web tracking is at the heart of the concerns of European supervisory authorities, particularly when the purpose of data collection concerns advertising targeting. They are confronted with international lobbies for the establishment of a new era in the management of cookies and other tracking devices. Not all trackers are malicious and, in some cases, provide greater security on the net. The authorities want more transparency to allow any Internet user to be in control of their data and the information they may or may not wish to share with third parties.

 

References :

https://www.cnil.fr/fr/cookies-et-autres-traceurs-la-cnil-publie-de-nouvelles-lignes-directrices

https://www.cnil.fr/fr/cookies-traceurs-que-dit-la-loi

https://eur-lex.europa.eu/legal-content/FR/TXT/HTML/?uri=CELEX:52017PC0010&from=FR

 

By Lola Met

 

Follow us on Linkedin, Twitter and Facebook