Internet users are increasingly conscious of the fact that their online activities leave detailed digital traces. When aggregated, these digital fingerprints may reveal the blueprint of an individual's life. Along with information that we intentionally reveal through purchasing and registration activities, transactional data ("clickstream data", "mouse droppings" or "data trail") enables Web sites to construct detailed "profiles" of users' activities. Once collected, personal data is bought and sold as a commodity by a growing assortment of players.

What is online profiling?

Online profiling is a complex concept that is subject to different definitions. It may mean the collection of anonymous transactional data that is used to create targeted advertisements; it may also mean the merger of clickstream data with personally identifiable information.

Evidence of the growing market for detailed personal profiles is rampant on the Internet. Examples include personalized search engines and "portals," the pervasive use of "cookies" and other sticky bits of data that Web sites store on visitors' computers to personalize and target content and advertising.

What information is included?

Clickstream data is a potentially rich source of information about your habits of association, speech, and commerce. Data collected by a Web site can include your computer's Internet protocol address ("IP"), the browser you use, the computer type, your activities during your last visit to the Web site and your activities on other Web sites. Clickstream data, which may or may not be enough to identify a specific individual, is captured at various points in the network and available for reuse and disclosure.

Why does profiling occur?

Online tracking has tremendous commercial potential. Regardless of the product or service, one-to-one marketing has the potential to greatly enhance competition and economic efficiency. Generally, consumers see profiling related to Internet shopping as beneficial if they know what information is being collected and can exercise control over how it is used. Consumers are generally concerned over profiling, however, when they either do not expect or consent to data collection.

Direct marketing, personalized and targeted with an unprecedented precision, may benefit individual consumers and the online market on the whole. However great the potential benefits of online tracking, they remain incomparable to the grave implications of Internet users' loss of privacy.

How do Web sites gather and compile personal data?

Internet Protocol

Online users employ an Internet protocol ("IP") address to connect to the Internet and communicate with other computers. It is often possible to obtain the domain name, which is associated with the user's Internet Service Provider (ISP) or the company or university that provides the Internet connection, from a user's IP address.

Web site log files contain a user's IP address, time, pages and images downloaded, the Referrer (last page where the user clicked a link to the current page), data entered by the user, and Internet cookies. A user's Web browser sends most of this information in the browser "header."

Cookies are unique, small text files that Web sites write directly onto your hard drive; cookies enable sites to surreptitiously collect information about users' online activities. Cookies contain information such as log-in or registration information, online "shopping cart" information (your online buying patterns in a certain retail site), user preferences, what site you came from last, etc. Information stored in a cookie can range from a random number to identify repeat visitors (anonymous profile) to a code identifying a specific customer in the web site's database.

Designed for the benign purpose of enabling Web sites to recognize a repeat visitor and respond accordingly, cookies were quickly adopted to facilitate the tracking of specific individuals' activities in order to customize content and advertisement. A detailed background on cookies is available at cookiecentral.com.

Java, JavaScript, VB Script

User information collected through Java, JavaScript, and VB Script is generally limited to the type of browser capabilities, screen resolution, etc. The information is commonly used to provide customized content formatted to users' capabilities.

Web sites often gather personal data by a web-based input form. The methods used to do this are "Get" and "Post." The former is contained in the URL; the "Post" method transfers the data 'behind the scenes' without having it appear as part of the URL.

Web sites track responses to e-mail campaigns by having consumers respond to a specific URL or have some type of code added to the URL to identify the respondent. A tracking system that is being developed detects a user's e-mail client with the intent of presenting the e-mail ad in a format that corresponds to the consumer's e-mail program.