20 August, 2015
New research, executed by US privacy organisation Access now, shows that so-called super cookies are also used in the Netherlands.
Tracking headers, better known as ‘super cookies’, ‘zombie cookies’ or ‘perma-cookies’ are technically not cookies. Cookies are injected locally and can be manipulated by the user in a web browser. Tracking headers, however, are placed at network-level, beyond the reach of users. These controversial headers are practically undeletable and track the app- and browsing habits of users, after which these data are transmitted to the network administrator. Moreover, programs that are designed to protect the privacy of users, such as ad blockers or incognito mode, are ineffective against this technology.
Access Now searched for tracking headers in transmissions of 200,000 users in 164 countries who clicked on a button on the specially created website Amibeingtracked.com. The ‘super cookies’ were found in a total of 10 countries, including China, Canada, India, Spain and the Netherlands. Earlier this year, researchers in the US found that these tracking headers were used by US telecommunication providers AT&T and Verizon Wireless. These revelations led to an investigation by the US Federal Communications Commission (FCC), regulatory action by the lawmakers in the US Congress and several lawsuits. According to Access Now, ‘super cookies’ are no longer used in the US at the moment.
The investigation shows that telecom provider Vodafone still uses these ‘super cookies’ in the Netherlands. Vodafone acknowledges this, but states that the technology is used only ‘for functional purposes’. Examples include services in which customers make payments for goods by charging it to their phone bill. Furthermore, Vodafone underlines that these personal customer data are not shared with third parties.
For more information about cookie legislation, contact our privacy specialists.
One of the most promising fields where information technology innovations emerge is smart...
The data breach notification obligation for healthcare companies: an article by Bart Schermer and Chris van Balen
Recently, the Dutch parliament presented a legislative proposal containing a data breach...