Ethical issues with AI

Project – Written Submission

End-User Consent involving third-party cookies

Submitted By
Sidharth Bhatnagar
M20MS058

Have you ever wondered how you get the ads about products or services related to your
search on the internet over the past few days? The answer is cookies, more specifically
internet cookies.

Invented in 1994 by Lou Montulli, a renowned computer programmer, Internet cookies have
been around for quite a long time now, but many of us are still unaware of what a cookie is
and what is its purpose. Internet cookies are nothing but a file stored on your computer or
mobile that saves the information sent by servers. The primary purpose of cookies is to keep
the history and create a personalized experience for users when they return to the website.
Cookies track our movement on the internet and store certain information to fulfil assigned
tasks. Cookies are a potent tool and have many uses, but not all of the benefits come under
the definition of ethical.

Several cookies are based on usage like session, HttpOnly, Persistent, Secure, third-party
and Super cookies. Out of these, third-party and super cookies are especially notorious for
collecting and using the user’s data. The figure below shows how a third-party/tracking
cookie works.
There is a general lack of awareness about cookies & their data tracking capabilities,
including personal data, which is a serious safety & ethical concern. The consent notification
about the cookies does not provide the whole picture, and invariably, users give consent
without much reading or thought. Also, a host of advertisers track our movement apart
from the website a user is visiting. These cookies then track our activity over the internet
and collect many details about our preferences. The saved information is then used for
targeted ads, refining user experience, updating cart, analytics etc. The data is collected and
sold by multiple data suppliers to data brokers without the consent or knowledge of users.

With increasing internet awareness, people are becoming more concerned about how their
personal data is tracked and used. There is a consensus that this unethical data collection
should stop at the earliest. There are agencies, government organizations and large
companies like Google & Apple working towards resolving the third-party cookie issue. For
example- European Union has GDPR (General Data Protection law), which provides a set of
rules to protect user data, California has CCPA (California Consumer Privacy Act) that gives
more control to users about sharing their personal information, Google is working on new
technologies like FLOCs (Federated Learning of Cohorts) to remove third-party cookies by
2030 & Apple has new rules/policy which provides more visibility about how consumers
data is tracked by applications on App Store.

There can be various solutions that can counter the end-user consent and unjust use of
personal user data. I categorize the proposed solution into consumer side solutions and
organization side solutions.

Consumers can use various readily available solutions at their disposal. These solutions can
be termed as short-term.

 Use privacy mode like Google chrome’s Incognito mode while surfing the internet.
This will essentially restrict third party cookies.
 Use privacy-friendly search engines like DuckDuckGO instead of Google Chrome or
Mozilla Firefox. This search engine will not store users’ personal information and IP
address.
 Clearing the browser cookie at the end of each session will make user information
less prone to the collection by advertisers and hackers. One disadvantage is that it
will also delete the login information we generally save for auto-login.
 Using a virtual private network (VPN) to browse the internet will mask the user’s IP
and provide 256-bit encryption for anonymity.

The long-term solution regarding end-user consent must be from organizations, both public
& private, to enable a cookie-free & ethical world of surfing. Some of the solutions that
organizations are working on –

 Informing the user through consent about how their personal collected data will be
used by them or other involved parties. Saying No to consent should be a clearly
given and valid choice.
 Companies must give clear & concise instructions in consent and provide the list of
all third-party cookies that will be given access if consent is accepted. Informed
consent should be the way forward.
 Government organizations should continue developing and refining data protection
laws like GDPR and CCPA and make compliance mandatory for all websites.
 Private organizations like Google and Apple should continue developing technologies
like FLoC to make our future ethical.
 Users can be incentivized (revenue-sharing) if they are ready to share their personal
information with advertising agencies. Some applications provide such revenue
sharing facilities, but they are not mainstream. They should be made public and
easily accessible to all internet users.