Untangling internet trackers – The Sunday Guardian live

Web trackers, sophisticated pieces of code embedded in websites, meticulously monitor and record our online activities. They track clicks, analyze browsing patterns, and collect vast amounts of data about personal preferences and interests. These complex mechanisms silently observe our every move on the Internet, collecting valuable data for website owners. Think of them as digital detectives, silently putting together a puzzle containing valuable insights.

There’s no denying the popularity and necessity of online tracking tools for website owners. They provide invaluable information about user behavior, demographics, and the popularity of specific pages. This data helps optimize site performance and tailor content to improve the user experience. However, privacy concerns loom large in this landscape.
To address these concerns, various countries have introduced data privacy laws.
– The Personal Data Protection Act, 2023 is India’s first comprehensive data protection law which provides that personal data can only be processed based on the consent of the customer. This consent must be clear, express and specific and have options in local language. However, in case of withdrawal of consent, Personal Data cannot be processed.

-The General Data Protection Regulation (GDPR), implemented by the European Union, is one of the most comprehensive regulations in the world. It imposes strict rules on user consent, data processing and transparency. Website owners must obtain explicit consent before deploying web trackers, and individuals have the right to access and control their personal data.

– In the United States, the California Consumer Privacy Act (CCPA) gives California residents certain rights regarding their personal information. It requires businesses to disclose categories of personal information they collect and gives individuals the right to opt out of the sale of that information. Compliance with these laws is crucial for website owners who use tools that track users’ online activity.
Regulatory enforcement actions underscore the seriousness of noncompliance. The Federal Trade Commission (FTC) recently took action against telemedicine companies for using online trackers, citing violations of the FTC Act and potentially the FTC Health Breach Notification Rule. The FTC Health Breach Notification Rule further underscores the importance of compliance with online trackers.

The Department of Health and Human Services’ Office for Civil Rights (HHS OCR) also investigates online trackers for potential violations of the Health Insurance Portability and Accountability Act (HIPAA), reflecting its focus on protecting the privacy and security of personal health information in the context of online tracking practices.
While web tracking tools are not explicitly banned in any country, their use and regulations vary. More stringent regulations in some countries are designed to protect user privacy, while others may take a more relaxed approach. Telehealth companies and others must adhere to these legal standards to ensure compliance.

Penalties for non-compliance can be significant. Under the DPDP Act, the penalty for non-compliance is up to ₹50 crore per incident. Under the GDPR, regulators can impose fines of up to ₹20 million or 4% of global annual turnover for violations. The CCPA allows individuals to bring private lawsuits, with penalties ranging from $100 to $750 per consumer per incident.

Recently, French data privacy regulator CNIL imposed record fines of €150 million on Google and €60 million on Facebook for making it harder for internet users in France to reject cookies. Cookies are small text files used to track online activity for advertising purposes.

Under EU data protection rules, internet users must give prior consent before cookies can be placed on their devices. The CNIL found that the systems of Google, Facebook and YouTube make accepting cookies easier than rejecting them.
As Karin Kiefer, CNIL data protection chief, put it: “When you accept cookies, you do so with a single click. Rejecting cookies should be as easy as accepting them.” On facebook.com, google.fr and youtube.com, it takes a few more clicks to reject all cookies, compared with a single click to accept them.

Obtaining proper cookie consent is a top priority for the CNIL in enforcing privacy rights. The fines imposed on Google and Facebook are the regulator’s toughest action yet to ensure that internet users have easy control over cookie tracking.
In this complex network of web trackers, navigating the legal landscape is paramount. Awareness of data protection regulations and compliance with web tracker regulations are essential for both companies and individuals. As the digital world evolves, it is crucial to remain informed and adapt to changing requirements to protect privacy rights and personal data.

Khushbu Jain is an active Supreme Court advocate and founding partner of the law firm Ark Legal.