As you know, ‘cookies’ are tiny text files that store various tracking information regarding any given website visitor-user. In that regard, under EU data protection law in-force, they should be regarded as containing personal data.

The following is the definition of ‘personal data’, as provided by the 95/46/EC Directive:

(…) “‘personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;(…) “

While behind a single IP address you could have a bunch of different computers, in all situations cookies store information about users, (i.e. persons). Either identified or identifiable.

There are different ‘kinds’, if you will, of cookies. In some situations they’re used for security purposes (session cookies) like when you log in to your bank’s website, other times cookies are used towards providing a ‘better’ user experience… so that this or that website are able to remember the general preferences you have defined towards for instance a defined look and feel, and so on…

And now for those amongst you fans of conspiracy theories… Yes, there could be other uses of cookies that could potentially put at risk users privacy.

Say that you run an advertising serving system that places banners in a couple of hundred thousand websites. This advertising network would most probably place cookies in your browser of choice to build certain metrics such as the number of clicks that a certain ad or ad format gets, what ads have already been shown to you, etc.

But let’s say that I start tracking you across the different websites that you visit, some of which are serving ads through this third party advertising network. Let’s say that you click on a banner from a political campaign… Let’s say that either knowingly or by accident, you end up in one of those websites that would better be (at least at your home…), blocked under some sort of parental lock…

Would you say I would be in a position that would enable me to start building a thorough profile on your web surfing habits… tastes… ideology…

Let’s go a step further… What if I own both your webmail app. of choice as well as this ad network?

This isn’t out of the realm of what is already possible… Cookies are very effective tracking devices. The combination of IP addresses + cookies are a step further in the same direction.