Internet Law: Cookies, Traffi c Data, and Direct Advertising Practices

JurisdictionSouth Africa
Published date16 August 2019
Pages741-764
AuthorGerrie Ebersöhn
Citation(2004) 16 SA Merc LJ 741
Date16 August 2019
Internet Law: Cookies, Traff‌i c Data,
and Direct Advertising Practices
GERRIE EBERSÖHN*
Associate, Sandton
1 Introduction
While the Internet allows for new possibilities to conduct business and to
communicate with third parties, it also poses the risk that third parties may
electronically obtain private or personal information without one’s knowledge
and consent and so infringe one’s right to privacy.
Many web-site operators transmit ‘cookies’ to Internet users visiting their
web sites without informing them of this fact. This has raised privacy concerns
among many Internet users. Also, many web-site operators monitor and record
web-site traff‌i c data, generated by Internet users who visit the formers’ web
sites, which enables these operators to compile certain information and/or
statistics. The purpose of this article is to determine, f‌i rst, how the monitoring
of web-site use (traff‌i c data) occurs; secondly, why such use is monitored;
thirdly, why web-site operators use cookies; fourthly, whether the monitoring
of web-site use and/or the use of cookies by South African web-site operators
infringe South African Internet users’ common-law and constitutional right to
privacy; and, f‌i fthly, whether the unlawful use of cookies violates the Electronic
Communications and Transactions Act1 and other applicable legislation.
I shall also ascertain whether the monitoring and/or recording of web-site
traff‌i c data, and the use of cookies, are allowed in Europe and the United States
of America.
2 Traff‌i c Data
‘Website traff‌i c data’ refers to data that relate to the behaviour of visitors to
the site.2 Such data inform the web-site operator3 (a) of the visitor’s Internet
protocol address;4 (b) which operating system the visitor uses; (c) which pages
of that specif‌i c web site Internet users visit (this indicates which pages are the
most popular); (d) how long visitors stay on the site; (e) how many Internet
users visit the site each day, week, and/or month; (f) from which web site each
visitor comes (this informs the web-site operator about (i) which web sites
generate the most traff‌i c for him, (ii) which banner advertisements or links
generate the highest ‘click through rates’, and (iii) which search engines direct
741
* LLB LLM LLD (UFS). Associate, Hofmeyr Herbstein & Gihwala Inc, Sandton.
1 Act 25 of 2002 (‘ECT Act’).
2 Kurt Thumlert ‘E-Metrics: Understand Your Website’s Traff‌i c Data’ (2001), accessible at
<www.sitepoint.com/article/354>.
3 Ibid.
4 An Internet Protocol (‘IP’) address refers to the address of a particular web site, such as
146.192.589.689.
(2004) 16 SA Merc LJ 741
© Juta and Company (Pty) Ltd
742 (2004) 16 SA Merc LJ
the most Internet users to his web site (also, which search terms they use to
f‌i nd his web site));5 and (g) the points of entry and exit (the Internet user’s
movement through that particular web site is tracked).
So traff‌i c data allows web-site operators to determine how well their online
marketing strategies work.6 An operator can even link such traff‌i c data to
personal identif‌i able data obtained from users or subscribers when they visited
his web site and completed an online form. This allows the operator to identify
his visitors by name, address, and even telephone number.7
Web-site traff‌i c is monitored by adding a few lines of code to the coding of
a particular site’s pages. This code is called an ‘action tag’ (sometimes, a ‘web
bug’, a ‘pixel tag’, a ‘GIF tag’, or a ‘clear gif’).8 An action tag is extremely
small — a one or two pixel square image placed on a web site. It is invisible
to a user viewing the pages of that particular site and records the user’s mouse
movements and key strokes on the web site.9
3 Cookies
A cookie is a short piece of data10 saved as a ‘txt’ f‌i le on the computer user’s
hard drive.11 An example of a cookie is ‘john@hofmeyr.txt’ — ‘John’ is the
user name of the person who visited the ‘Hofmeyr’ web site.
Cookies usually contain the following information: the name of the
entity that sent the cookie; its IP address; the expiry date of the cookie; the
time and date when the cookie was created; and whether a secure Internet
5 It is necessary here to distinguish between the ‘GET’ method and the ‘POST’ method. In In re
Pharmatrak Inc 329 F 3d 9 (1st Cir 2003) at 16, the court explained this distinction as follows:
‘Web servers use two methods to transmit information entered into online forms: the get method
and the post method. The get method is generally used for short forms such as the “Search” box at
Yahoo! and other online search engines. The post method is normally used for longer forms and forms
soliciting private information. When a server uses the get method, the information entered into the
online form becomes appended to the next URL. For example, if a user enters “respiratory problems”
into the query box at a search engine, and the search engine transmits this information using the get
method, then the words “respiratory” and “problems” will be appended to the query string at the end
of the URL of the webpage showing the search results. By contrast, if a website transmits information
via the post method, then that information does not appear in the URL.’
In In re DoubleClick Inc Privacy Litigation 154 F Supp 2d 497 (SDNY 2001) at 504, the court added
that
‘[u]sers submit POST information when they f‌i ll-in multiple blank f‌i elds on a webpage. For example,
if a user signed-up for an online discussion group, he might have to f‌i ll-in f‌i elds with his name,
address, email address, phone number and discussion group alias. The cookie would capture this
submitted POST information.’
6 Thumlert op cit note 2.
7 <www.sane.com/products/NetTracker/mining.html>.
8 Pharmatrak supra note 5 at 14; Chance v Avenue A Inc 165 F Supp 2d 1153 (WD Wash 2001) at
1156–1157.
9 DoubleClick op cit note 5 at 504; Chance v Avenue A Inc supra note 8 at 1157; In re Pharmatrak
Inc Privacy Litigation 220 F Supp 2d 4 (D Mass 2002).
10 In the United States of America, see the Report on Internet Cookies, compiled by the Department
of Energy, and available at <www.ciac.org/ciac/bulletins/i-034.shtml> (‘US Internet Cookies Report’).
See also <http://wp.netscape.com/legal_notices/cookies.html>; Reinhardt Buys (ed) Cyberlaw: The Law
of the Internet in South Africa (2000) 385.
11 See <http://computer.howstuffworks.com/cookie.htm/printable>.
© Juta and Company (Pty) Ltd

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT