By Sohini Banerjee and KS Roshan Menon
Despite their innocuous associations, internet cookies symbolise the power imbalance inherent on the internet. Moreover, they throw up significant privacy concerns that lie at the heart of our digital economy. Recently, European privacy group None of Your Business (‘NOYB’) developed a system to identify websites with unsatisfactory use of cookies. The group found that most cookie banners surveyed did not comply with the General Data Protection Regulation (‘GDPR’). Common complaints included the absence of a reject option, misleading colours that emphasise the “accept all” option over others, and the absence of a clear mechanism to withdraw consent.
A cookie refers to a small text file that is placed on one’s device by the website being browsed. Effectively, it enables a website to “remember” the individual. For example, a website may deploy cookies to retain items added to a user’s shopping cart, and display them on the next visit. The information stored by cookies may include name, e-mail address and IP address. Cookies enable businesses to glean important insights on their users’ online activity, thus ensuring the smooth running of the digital world. However, the data rich nature of cookies also means that individuals may be profiled and identified sans their consent.
In this piece, we undertake a comparative study to understand the future of cookie regulation in India. Our analysis is qualitative, and based on the comparison of four jurisdictions which are most suitable to inform such regulation, namely the United Kingdom (‘U.K.’), Ireland, Canada and Singapore. The object of our analysis is to identify the critical elements of cookie regulation in these jurisdictions, and analyse the desirability of adopting such regulation in India.