Internet Law: Cookies, Traffi c Data, and Direct Advertising Practices

• Jurisdiction: South Africa
• Pages: 741-764
• Author: Gerrie Ebersöhn
• Published date: 16 August 2019
• Date: 16 August 2019

Internet Law: Cookies, Traff‌i c Data,

and Direct Advertising Practices

GERRIE EBERSÖHN*

Associate, Sandton

1 Introduction

While the Internet allows for new possibilities to conduct business and to

communicate with third parties, it also poses the risk that third parties may

electronically obtain private or personal information without one’s knowledge

and consent and so infringe one’s right to privacy.

Many web-site operators transmit ‘cookies’ to Internet users visiting their

web sites without informing them of this fact. This has raised privacy concerns

among many Internet users. Also, many web-site operators monitor and record

web-site traff‌i c data, generated by Internet users who visit the formers’ web

sites, which enables these operators to compile certain information and/or

statistics. The purpose of this article is to determine, f‌i rst, how the monitoring

of web-site use (traff‌i c data) occurs; secondly, why such use is monitored;

thirdly, why web-site operators use cookies; fourthly, whether the monitoring

of web-site use and/or the use of cookies by South African web-site operators

infringe South African Internet users’ common-law and constitutional right to

privacy; and, f‌i fthly, whether the unlawful use of cookies violates the Electronic

Communications and Transactions Act1 and other applicable legislation.

I shall also ascertain whether the monitoring and/or recording of web-site

traff‌i c data, and the use of cookies, are allowed in Europe and the United States

of America.

2 Traff‌i c Data

‘Website traff‌i c data’ refers to data that relate to the behaviour of visitors to

the site.2 Such data inform the web-site operator3 (a) of the visitor’s Internet

protocol address;4 (b) which operating system the visitor uses; (c) which pages

of that specif‌i c web site Internet users visit (this indicates which pages are the

most popular); (d) how long visitors stay on the site; (e) how many Internet

users visit the site each day, week, and/or month; (f) from which web site each

visitor comes (this informs the web-site operator about (i) which web sites

generate the most traff‌i c for him, (ii) which banner advertisements or links

generate the highest ‘click through rates’, and (iii) which search engines direct

741

* LLB LLM LLD (UFS). Associate, Hofmeyr Herbstein & Gihwala Inc, Sandton.

1 Act 25 of 2002 (‘ECT Act’).

2 Kurt Thumlert ‘E-Metrics: Understand Your Website’s Traff‌i c Data’ (2001), accessible at

<www.sitepoint.com/article/354>.

3 Ibid.

4 An Internet Protocol (‘IP’) address refers to the address of a particular web site, such as

146.192.589.689.

(2004) 16 SA Merc LJ 741

© Juta and Company (Pty) Ltd

742 (2004) 16 SA Merc LJ

the most Internet users to his web site (also, which search terms they use to

f‌i nd his web site));5 and (g) the points of entry and exit (the Internet user’s

movement through that particular web site is tracked).

So traff‌i c data allows web-site operators to determine how well their online

marketing strategies work.6 An operator can even link such traff‌i c data to

personal identif‌i able data obtained from users or subscribers when they visited

his web site and completed an online form. This allows the operator to identify

his visitors by name, address, and even telephone number.7

Web-site traff‌i c is monitored by adding a few lines of code to the coding of

a particular site’s pages. This code is called an ‘action tag’ (sometimes, a ‘web

bug’, a ‘pixel tag’, a ‘GIF tag’, or a ‘clear gif’).8 An action tag is extremely

small — a one or two pixel square image placed on a web site. It is invisible

to a user viewing the pages of that particular site and records the user’s mouse

movements and key strokes on the web site.9

3 Cookies

A cookie is a short piece of data10 saved as a ‘txt’ f‌i le on the computer user’s

hard drive.11 An example of a cookie is ‘john@hofmeyr.txt’ — ‘John’ is the

user name of the person who visited the ‘Hofmeyr’ web site.

Cookies usually contain the following information: the name of the

entity that sent the cookie; its IP address; the expiry date of the cookie; the

time and date when the cookie was created; and whether a secure Internet

5 It is necessary here to distinguish between the ‘GET’ method and the ‘POST’ method. In In re

Pharmatrak Inc 329 F 3d 9 (1st Cir 2003) at 16, the court explained this distinction as follows:

‘Web servers use two methods to transmit information entered into online forms: the get method

and the post method. The get method is generally used for short forms such as the “Search” box at

Yahoo! and other online search engines. The post method is normally used for longer forms and forms

soliciting private information. When a server uses the get method, the information entered into the

online form becomes appended to the next URL. For example, if a user enters “respiratory problems”

into the query box at a search engine, and the search engine transmits this information using the get

method, then the words “respiratory” and “problems” will be appended to the query string at the end

of the URL of the webpage showing the search results. By contrast, if a website transmits information

via the post method, then that information does not appear in the URL.’

In In re DoubleClick Inc Privacy Litigation 154 F Supp 2d 497 (SDNY 2001) at 504, the court added

that

‘[u]sers submit POST information when they f‌i ll-in multiple blank f‌i elds on a webpage. For example,

if a user signed-up for an online discussion group, he might have to f‌i ll-in f‌i elds with his name,

address, email address, phone number and discussion group alias. The cookie would capture this

submitted POST information.’

6 Thumlert op cit note 2.

7 <www.sane.com/products/NetTracker/mining.html>.

8 Pharmatrak supra note 5 at 14; Chance v Avenue A Inc 165 F Supp 2d 1153 (WD Wash 2001) at

1156–1157.

9 DoubleClick op cit note 5 at 504; Chance v Avenue A Inc supra note 8 at 1157; In re Pharmatrak

Inc Privacy Litigation 220 F Supp 2d 4 (D Mass 2002).

10 In the United States of America, see the Report on Internet Cookies, compiled by the Department

of Energy, and available at <www.ciac.org/ciac/bulletins/i-034.shtml> (‘US Internet Cookies Report’).

See also <http://wp.netscape.com/legal_notices/cookies.html>; Reinhardt Buys (ed) Cyberlaw: The Law

of the Internet in South Africa (2000) 385.

11 See <http://computer.howstuffworks.com/cookie.htm/printable>.

© Juta and Company (Pty) Ltd