What are Web Cookies?

Here’s a hint: You can’t eat them.

Source: adpushup.com

Web cookies are everywhere on the internet and are commonly found on websites, but what exactly are they? Darren Charter (2002) defines “cookies” as “small data structures used by websites or servers to store and retrieve information on a user’s side of the internet connection”.

In simpler terms, web cookies remember statistics about a user’s unique preferences based on the electronic device that is being used (Charter, 2002). Originally “cookies” were created to assist online shoppers (Harmozi, 2005). Today “cookies” have the capacity to detect IP addresses, the type of web browser being used, type computer system, and a whole host unique information (Cunningham, 2002).

The two major subsets of “cookies” can be categorized into first and third-party. First-party cookies are strictly controlled by the source company of the website for internal use, while third-party cookies involve another outside party who utilizes the details for themselves or intends to sell the information for profit. DoubleClick Inc. is the most notable third-party cookie company as their business model is based on the facilitation and selling of data gained from web cookies (Hormozi, 2005).

“Cookies” remain highly relevant in the marketplace as big data is used to uncover insights to inform decision making. The opportunity to understand a large number of online users and affordability of web cookies additionally accounts for their widespread use. In summary, small to large size businesses seek to capitalize on the behaviors of online consumers to make an informed decision at an affordable price (Anshari et al., 2019). It is no wonder why the majority of online sites use this application to gather statistics of their visitors.

Unfortunately, many consumers are unaware that web cookies are being used by sites to track their behavior. The amount of information that “cookies” can detect from a user makes their application more threatening to the public. Credit card numbers, social security, and bank account information are haphazardly given on the internet without a second glance, but significant damage could be caused if given to the wrong website.

Corporations, such as Google and Facebook, have continually received public criticism over the way they utilize consumer data, especially in light of the misuse or breach of information. At the center of the debate is the topic of privacy, which prompts a major ethical question: Is the data mining of consumers’ web activity, for the use of targeting sales, ethical when consumers may not aware of this activity?

The Internet User

The primary stakeholders that are impacted by the ethical dilemma of web cookies include internet users, businesses, and data miners. Internet users do benefit from “cookies” as recommended products are displayed and advertisements are tailored to individual interests.

These features help consumers avoid products and advertisements that they would not remotely be interested in, while increasing the chance that they view items they find fascinating. Additionally, online convenience and customization are provided to internet users as web cookies store the preferences of individuals (Cunningham, 2002). Coupons, discounts, and autofill entries are just some of the most forms that web cookies take.

Despite the plethora of benefits, a major harm that consumers face with the application of “cookies” is when collected data is used to create consumer profiles without the consent of the user. Consumer profiles remain a large issue within third-party organizations as these facilitators expose detailed customer profiles to other companies for the sake of profit (Laczniak, 2006). The theft of the consumer’s information is another potential harm that no enterprise is immune to. Users should be assured that they have the right to deny or accept the use of “cookies” and that software is available for them to install in the pursuit of managing web cookies (Cunningham, 2002).

Online users’ rights are denied when the option of consenting or not consenting to “cookies” is not an option. Rights are further denied when the users’ data is being tracked and sold without the consent of the consumer (Harmozi, 2005). Privacy is considered an individual right by the legal system, but the ambiguous definition of “privacy” has made it hard to define and enforce a legislature to protect consumers.


Businesses benefit from “cookies” in several ways including the monitoring of online traffic, detecting consumer trends, tailoring advertisements to target markets, and gauging the effectiveness of advertisements (Cunningham, 2002). Data is a powerful tool that allows companies to make better-informed decisions to more accurately target audiences and effectively spend advertisement money to reduce expenses.

Yet “cookies” work against businesses in two ways: inaccurate visitor counts and misuse of data. Visitor counts can become skewed when a person uses multiple devices or several users are on a single device, thus creating inaccurate statistics (Harmozi, 2005). Furthermore, the misuse of data betrays the relationship between company and consumer.

In 2011, Google was forced to pay a $22.5 million penalty to quell an active investigation conducted by the Federal Trade Commission who allegedly claimed that the technology giant had decided to monitor Safari users with web cookies even as customers opted out of the tracking (Stanton, 2012). Debacles such as the one formerly explained hurt the reputation of the company by betraying the trust of the consumer.

Businesses have the right to decide whether or not to apply “cookies” to their online presence and if a company decides to implement web cookies. If “cookies” are indeed a chosen method, another choice is to be made between first or third-party cookies (Harmozi, 2005). Recently in early 2020, Google decided to make amends with their misuse of “cookies” by phasing out third-party cookies within the next two years on their search engine, demonstrating their right of choice (Iyengar, 2020).

Data Miners

Data miners are individuals or companies that specialize in researching data to find out insights on customers. Scattered data is combined to create profiles that are used to predict future purchases (Laczniak, 2006). These data miners benefit from “cookies” greatly because their career exists due to the analysis of information extracted from web cookies. Companies pay a pretty penny to data miners to better inform them on how to market a product or service effectively.

Although, data miners can cause harm by invading the privacy of customers when the data is analyzed without their consent and the information becomes too detailed. “…a growing and permanent record exists of what individual consumers buy, where they bought it, the price paid and the incentives that motivated the transaction” (Laczniak, 2006). However, data miners do have the right to use the information they receive if a customer willingly provides it to them.

The Government of the United States

The federal government of the United States is recognized as a secondary stakeholder since the government is not initially impacted by the effects of digital cookies. A rising number of lawsuits based on the premise of “cookies” at the federal level have resulted from the lack of transparency and regulation of web cookies (Harmozi, 2005).

Currently, the American government does not implement any strict laws that protect the privacy of internet users even though the idea of privacy has been stated as a fundamental human right (Hormozi, 2005).

Harms occurs when the government fails to protect the privacy of its citizens and public resources are exorbitantly spent on related lawsuits. An example of harm that stems from web cookies is the infamous instance of Cambridge Analytica, a political consulting firm, who utilized information from Facebook profiles to target political ads without the consent of Facebook users (Cutter, 2019).

The situation not only harmed Cambridge Analytic and Facebook, but also the political structure in the way the public perceives the trust for political campaigns. The federal government of the United States has the jurisdiction to create or to not create laws that protect the privacy of internet users based on American soil.

The Federal Trade Commission (FTC) has directly seen a rise in lawsuits dealing with “cookies” as again the lack of transparency and regulation have started to affect the marketplace more widely (Harmozi, 2005). The Federal Trade Commission’s sole purpose is to create a fair capital market and protect citizens from being taken advantage of by large businesses. The misuse of web cookies undermines the goal of the Federal Trade Commission by encroaching on the personal information of people.

Google’s squabble with the Federal Trade Commission is a prime example of how a company could exert its power over consumers to unknowingly take advantage of them (Stanton, 2012). As a result, the Federal Trade Commission has the shared rights of the government to enforce incentives or punishments, from the federal level, with the intention to protect individuals and nurture a fair marketplace against the potential harms of those small but powerful data structures called “cookies”.


To this point, web cookies have been defined as an application that gathers digital data based upon a particular electronic device and was originally created to help consumers shop online. “Cookies” are primarily used in today’s marketplace to track the online behavior of consumers. The information gained and analyzed from “cookies” then informs businesses on how to effectively target certain markets or individuals.

First and third-party cookies are the major subcategories of web cookies, which is distinguished by who gets access to the information. The four major stakeholders that have a stake in the ethical implication of “cookies” include internet users, businesses, the government of the United States, and data miners. Businesses and internet users show a potential benefit, harm, or right to exercise when “cookies” are in use.

Meanwhile, the government faces further discussion on how to resolve any future harms to prevent the infringement of the consumers’ privacy. The continuation of the paper will look at three models to determine if online cookies are economically, legally, and ethically feasible.

The economic model of Corporate Social Responsibility will assess how “cookies” impact the economy. Investigating the legal matter surrounding web cookies will evaluate how the application either upholds or does not uphold the minimal standards that society expects of “cookies”. Finally, Care Ethics will seek to analyze whether online cookies are morally acceptable by individuals and society.

Economic Outcome Model

The economic outcome chosen to gauge digital cookies is called Corporate Social Responsibility (CSR). Corporate social responsibility focuses on the organization’s responsibilities, obligations, and accountability towards society. Four distinct principles are assessed in corporate social responsibility which includes economic, legal, ethical, and philanthropic responsibilities.

The author chose the model of CSR because it does not narrowly focus on just one particular aspect, such as profit, but rather takes a holistic approach through its four principles. The financial and social implications of the four responsibilities are equally important. Finances are vital since cash flow sustains and builds an enterprise, while social presence has become more significant since the public demands companies to be held responsible for their actions.

The first part of CSR is to produce goods or services to people who want it at a fair price, which covers economic responsibility. In essence, companies should contemplate how likely a consumer will be able to purchase a product or service based upon its price and how desirable the offering is. Businesses should be compensated with profit if the customer buys a product or service at a fair price. Likewise, if the customer has a need for the offering and perceives the price as fair then the consumer feels satisfied by the purchase. Overall, the idea is for the consumer and business to receive mutual benefits. If the product or service is not desired or seems unfairly priced then the corresponding company will most likely not succeed.

Online cookies have helped drastically in these two instances as businesses are able to both make a good and service more affordable and tailored to the customer’s needs. Affordability is easily achieved since the implementation of “cookies” usually costs the purchase price of the software. Thus, the resources that would have been spent on tedious data collection can decrease the overall price of research.

The needs of the customer are dually ensured as the information collected by web cookies can be used to strategically analyze the interests of online users. Emerging insights about consumer interests are often considered when developing new products or services to better appeal to consumer desire.

The next aspect covered through Corporate Social Responsibility is legal and ethical. The legal responsibility investigates the minimal rules that society expects for an institution to follow, while the ethical responsibility is concerned with addressing any expectations anticipated from society, excluding legality.

Although the legal and ethical responsibilities are included in CSR, they will be discussed in more depth later the paper because of their importance. In brief, online cookies are deemed legal but not ethical under their corresponding responsibilities.

Finally, the philanthropic responsibilities are decided on by the business and reflect how consumers view the company. The fourth aspect is much harder to assess since it is based on the perception of a corporation. This principle is based on whether consumers view a business as morally bad, neutral, or good. Web cookies have spurred conflicting public opinions due to the question of privacy. One such institution that displays both ends of the spectrum is Google, which is known for collecting user information.

On one hand, some support cookies because they mutually benefit Google and its consumers by providing affordable and desirable products or services. Yet as Google looks to phase out third-party cookies within the next two years, some are concerned that the action will not stop the technology giant from gathering information due to their dominance in the marketplace (Iyengar, 2020).

Economic Outcome Decision

The economic model assesses the financial feasibility of a subject matter. Upon evaluating the effects of web cookies within the marketplace, it seems as if “cookies” are economically feasible because of their affordability and unique ability to track the various intrigues of the consumers. It should be mentioned that the legal responsibility concluded that web cookies are ethical, but under the ethical responsibility “cookies” were not ethical.

Despite the conflicting views that were found in philanthropic responsibilities, digital cookies have helped to revolutionize commerce. Large and small businesses alike seem to understand the importance of finding insights from the wealth of information being stored. E-commerce especially would not be the same without the use of digital cookies.

Other unintentional benefits that have from online cookies include the thriving of online subscription or service-based ventures and the wide accessibility of products and services. Therefore, under the economic model of Corporate Social Responsibility online cookies are deemed ethical.

Legal Requirements Model

The United States does not have any wide-reaching legislation that requires consumer consent in the use of “cookies”, however, there is one law that protects the privacy of minors called the Children’s Online Privacy Protection Act (COPPA). “This law protects minors under the age of thirteen from having their personal information collected without the consent of their parents” (Scelsi, 2006).

To comply with the standards of COPPA a website must provide a clear privacy policy, provide a notice for parental consent, provide the option to consent, secure any information disclosed, and dispose of the data once it has been used. COPPA was first passed in 1998 and has since been updated to adjust to technological advancements. Information such as first name, last name, home address, telephone number, and social security was initially considered to be personally identifiable information.

In 2013, the definition of personally identifiable information extended to online contact information, usernames, IP addresses, geolocation, the imagery of a child and the voice of a child. Since the Children’s Online Privacy Protection Act only applies to minors, it has been the job of individual states to specify how consumers’ over thirteen are to be protected by online cookies.

California was the first to extend the principles of COPPA into their state legislation. The California Consumer Privacy Act requires websites to disclose privacy policies, the specific information that will be collected, and the third parties that the data will be given to. Although the legislation only applies to the state of California, the California Consumer Privacy Act has changed the way Silicon Valley utilizes web cookies. “…companies including Apple, Yahoo, and Google have entered into a joint statement of principles with the California Office of the Attorney General” (Scelsi, 2006).

California’s step to protect consumer privacy has created a large, yet slow wave of legislation. In 2019, twenty-four states considered implementing similar privacy laws. In the end, only the states of Illinois, Maine, and Nevada had realistically enacted any legislation within the year 2019. Fifteen other states at the time held the status of pending privacy laws while Connecticut, Hawaii, Louisiana, North Dakota, and Texas decided to instead assemble an advisory committee to tackle the subject of data mining.

Legal Requirements Decision

The legal responsibility examines the minimal rules that society expects for a company to follow. Under the legal considerations, using web cookies to learn about the consumers’ information without consent is legal. The only federal exception is when data is collected from children under thirteen without the permission of a parent.

Furthermore, evolving state laws about consumer privacy should be highlighted since more states are taking deliberate action to protect their residents. It should also be noted that the legal requirements of European privacy laws are stricter in comparison to the United States in the situation of any expansion to Europe. In summary, “cookies” are ethical under the legal requirement.

Ethical Duties Model

The idea of Care Ethics or the ethics of care was contributed by Carol Gilligan and is associated with the feminist viewpoint. The premise of Care Ethics is based on the notion that people exist in a web of relationships that should be preserved and nurtured. The author has chosen this model because she saw that something was missing from the company she had previously work for. She had found that unsatisfactory employee relations and communication resulted from the lack of relational strength.

Three supporting principles are used to expand this ethical duty model. The first is that ethics do not have to be impartial like laws. Ethics are not always dictated by a black or white decision. In fact, decisions are usually found in a gray area. Doing the right thing regardless of policy is upheld through this principle. The child-like notion of all or nothing is set aside and multiple solutions encouraged rather than the two most obvious at hand to create the best outcome. The second principle is the belief that relationships are important and valuable. Long has business relationships seemed cold and callous accompanied by a get-ahead mentality. Care Ethics rebukes this attitude by implying that relationships are the foundation of business and should be cherished. Negating the value of relationships risks the sustainability of a corporation since business ties are what keeps an enterprise running. The final principle of Care Ethics is to exercise special care to those who are dependent on others. In other words, extending compassion or kindness to those who are connected to the company is necessary to grow ongoing or future relationships. Employees, customers, the community, producers, and other stakeholders that rely on the business are to be granted this special care.

The act of internal and external philanthropy is important for many reasons. Internal compassion promotes better retention, corporate culture, and employee compliance. Meanwhile, external compassion improves public relations and community relationships. All of which help to communicate an excellent business.

To reiterate, the four major stakeholders that are tied to “cookies” include internet users, businesses, the government of the United States, and data miners. Under the ethics of care, the lack of consent in the use of “cookies” violates the idea consumers have a choice.

Companies do not have to adopt a win or lose mentality to either receive the consumer’s information without their knowledge or stop using “cookies” altogether. Indeed, the middle ground is asking the customer to make their own choice. Lack of consent additionally implies that relationships are not valuable since users do not have a say in if they want their personal information tracked. There is no choice. Privacy is ignored. When a company gathers data without the consent of the consumer their information is more likely to be viewed as mere numbers that can be used to generate more sales. As a result, compassion and kindness take a back seat to further profit. In reality, the customer should have a say to whether their information can be used by a business or not since it is their personal information and the company would be viewing their customers as actual people.

If a consumer does decide to consent to the use of “cookies” they should be assured their information is safe. The lack of trust results in the dilutes the relationship between consumers and the company. Similarly, the government must balance ongoing relationships with consumers and businesses. Consumers must receive kindness in the form of protection by the government so that corporations do not take advantage of their information. In contrast, businesses must oblige with government compliance to honor the existing relationship to operate in America.

Ethical Duties Decision

The ethical responsibility covers the practices expected by society, excluding any current laws. After the model of Care Ethics has been applied to the question: “Is data mining of consumers’ web activity (utilizing cookies) to collect and utilize information to target sales ethical when the consumers may not be aware of this activity?” it has been deemed that “cookies” without consent is not ethical. Web cookies are not ethical without because without the option to consent they belittle the relationship towards consumers, which is why the government has slowly gotten more involved.

In different words, a company can be seen as essentially stealing information from customers without their approval. The only way that web cookies would be seen as ethical would be if they were consensual.

Final Decision

In summary, “cookies” bring great benefits to many including convenience, customization, targeted advertisements, and detecting consumer trends. On the contrary, web cookies greatly invade consumer privacy as data is sold to other institutions.

Web cookies are considered economically viable under corporate social responsibility and legal under the American judicial system.

However, “cookies” were not considered to be ethical under the model of Care Ethics. The author believes the ethical aspect is the most important model out of the three models presented since the law and market do not always deem moral good.

The acceptance of the law is not always driven by ethical reasoning since people’s ethical codes conflict and humans are fallible. Meanwhile the marketplace, although essential, is chiefly concerned with profitability instead of people. In conclusion, online cookies are not ethical without the consent of the user.

Consent is the keyword that determines ethical approval. Without consent, the consumer’s information has the potential to be misused unknowingly to the customer. Legally the use of “cookies” without consent is acceptable, but the federal and state government of the United States have started to realize the need for more legislation concerning consumer privacy.

Deception and ignorance conveniently used for profit at the expense of individuals are not acceptable, let alone ethical.

Time will only tell if internet users, businesses, and the United States government alike will make the decisive decision to make “cookies” more ethical by requiring the option to consent when cookies are being used.


Anshari, M. et al. (2019). Customer Relationship Management and Big Data Enabled Personalization & Customization of Services. Applied Computing and Informatics, 15(2). 94–101

Charters, D. (2002). Electronic Monitoring and Privacy Issues in Business- Marketing: The Ethics of the DoubleClick Experience. Journal of Business Ethics, 35(4). 243–254

Cunningham, P. (2002). Are Cookies Hazardous to Your Privacy? Information Management Journal, 36(3). 52–54

Cutter, E. (2019, October 10). Honesty in digital age. University Wire.

Henderson, T. (2019, July 31). States battle big tech over data privacy laws. Stateline.org

Hormozi, A.M. (2005). Cookies and Privacy. Information Systems Security 13(6). 51–59

Iyengar, R. (2020, January 16). Google wants to change the way cookies work. CNN Wire Service.

Laczniak, G., & Murphy, P. (2006). Marketing, Consumers and Technology: Perspectives for Enhancing Ethical Transactions. Business Ethics Quarterly, 16(3). 313–321

Scelsi, Chrissie. (2016, January). Recent Developments in Online Privacy Laws. Florida Bars Journal, 90(1), 72–74

Stanton, L. (2012, September 1). FTC Proposes Record $22.5 Million Penalty For Google in Safari Do-Not Track Case. Telecommunications Report, 78(17), 13–15



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store