Cookies are text strings which can be written on to the user's hard drive when visiting a web site (subject to the user not having set the browser to reject cookies). On subsequent visits to the Web site the server will recognise the cookie which it previously placed on the user's hard drive.
Servers can only check for cookies they have placed, not for cookies created by other servers. Cookies are used by web site operators to allocate individual references to users of their sites. Although these references do not identify the individual users they can be matched with other information collected by the web site operator. In the case of DoubleClick, this information includes search queries, information posted by users online (including personal information) and surfing habits recorded through the use gif tags.
DoubleClick's advertising network spreads over 11,000 Web sites and it has been able to use this network to compile a Sophisticated database comprising detailed demographic profiles of millions of Internet users. DoubleClick can use this database to enable advertisements to appear on web sites, depending on the profile of the user of the site. This ability to "personalise" Web sites is extremely useful to advertisers such as DoubleClick.
However, privacy activists were concerned by the actual and potential uses of DoubleClick's cookie database, particularly once DoubleClick bought Abacus Direct, a direct marketing company that maintained a database comprising information on 90 per cent of United States households.
All arguments were dismissed by the court as being without merit or on technical grounds. However, this is unlikely to mark the end of proceedings against DoubleClick because the plaintiffs ate planning to appeal against this decision and further proceedings are pending in California and Texas State courts.
The DoubleClick decision will only nave limited value in countries outside the US, where the courts will apply the laws of their own jurisdictions. In Hong Kong, a claim based on the facts of the DoubleClick case may well include claims for unlawful hacking (under the Telecommunications Ordinance) and trespass. In relation to such claims (which have similarities to those presented in the DoubleClick case) Hong Kong courts would almost certainly seek to obtain guidance from the DoubleClick decision.
First published in Technology Post 17 April 2001.