Ecommerce Sites: Beware of 3rd Party Cookies - Are Google Analytics Users In Privacy Breach?

by Chip Cooper - Date: 2008-06-14 - Word Count: 489 Share This!

To be successful, ecommerce sites require information about site visitors.

What sites are the top referrers? Which search engine produces the most traffic? How long do visitors remain on-site, what is their pathway through the site, and what pages do they exit from?

One method of collecting this information is often referred to as using 3rd party cookies. If you use 3rd party cookies, are you aware of the privacy concerns, and will you be liable for a privacy policy breach?

What's A "Cookie" Anyway?

A cookie is a message given to a Web browser by a Web server. The browser stores the message in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server.

Information gained with cookies helps the Web server track such things as user preferences and data that the user may submit while browsing the site. For example, a cookie may include information about the purchases that the user makes (if the Web site is an ecommerce site), or the cookie may "remember" the user's contact information so the user will not have to re-key it on future site visits.

1st Party and 3rd Party Cookies Distinguished

There is an important difference between 1st party and 3rd party cookies. If you use 1st party cookies, they are passed to a visitor by your site, and the data generated remains with your site. On the other hand, if you hire an independent company (such as Google with its Google Analytics program) to pass the cookie, that cookie is called a 3rd party cookie.

Privacy Concerns With 3rd Party Cookies

Privacy concerns arise from the fact that the data generated with 3rd party cookies resides on the servers of the 3rd party --- not your server. The fact that you do not control these 3rd party sites and their use of this data has raised concerns among many users. For example, users have questioned whether these 3rd party sites aggregate the data among many sites and report ecommerce trends to the media, or whether the 3rd party sites use the data for purposes of cross-website profiling and ad targeting.

And what is your legal obligation to disclose the use of 3rd party cookies? In the European Union, it's illegal to pass cookies without informing users that you do, what they're used for, and how they can be avoided, and it's generally believed that the failure to adequately disclose the details of the use of 3rd party cookies is a violation of EU law.

In the US, there is an evolving debate regarding the same issues, and the answers are less certain.


It's recommended that if you use 3rd party cookies, you clearly disclose in your privacy policy the distinction between 3rd and 1st party cookies, and how they're used and avoided.

Be careful, however, in amending your Privacy Policy because amendments may not be effective retroactively for data collected with 3rd party cookies prior to the amendment.

Related Tags: legal contracts, contract forms, sample saas agreement, online contract drafting service, sample contract agreements, contract drafting software, privacy policy generator, saas contract form, sample privacy policy, privacy policy form, chip coo

Chip Cooper is a leading intellectual property, software, and Internet attorney who advises software and ecommerce businesses nationwide. Chip's 25+ years of experience include 20 years as Adjunct Professor of Computer Law at Wake Forest University School of Law. Visit Chip's site and download his FREE newsletter, Website Law Alert, and also learn about his "Do-It-Myself" and "Do-It-For-Me" service options. Your Article Search Directory : Find in Articles

© The article above is copyrighted by it's author. You're allowed to distribute this work according to the Creative Commons Attribution-NoDerivs license.

Recent articles in this category:

Most viewed articles in this category: