The University of Canberra's Centre for Internet Safety (CIS) has called for greater powers for the Office of the Information Commissioner to assist with a crackdown on the use of digital cookies.
Dr Watters said more research needed to be done to determine the prevalence of tracking cookies that targeted Australian users, along with an audit of how and if explicit and informed consent was taken when personal data was stored in cookies.
"In relation to cookies, an organisation is effectively a collector of personal information, and could be the target of investigation for a privacy breach," Dr Watters wrote.
"For example, an investigation of an advertising company’s information systems could reveal the extent to which persistent cookies are used for tracking and for the subsequent identification of users, by requesting information and requiring the provider to take an oath that its contents are correct and complete."
This would draw on sections 44 and 45 of the Privacy Act, according to Dr Watters.
Dr Watters said Australian websites should be investigated to determine how many used tracking cookies, and what they were used for.
Such a study should investigate if and how websites obtained "explicit informed consent" when collecting users' personal data in cookies, he said.
Dr Watters cited a study by Truste that found an average of 14 tracking cookies per page within the Top 50 British web sites. Most of these cookies were made by third-party companies and half were persistent.
- Gives users the choice to indicate wherever customisation or personalisation is required, rather than storing persistent cookies. Sessions should be managed using session cookies, and all user data should only be stored on the server-side.
- Requires explicit informed consent to be obtained from users for persistent or tracking cookies to be stored.
- Requires cookies to be stored adhering to an approved standard such as RFC2109.
- Presents users upon request with a copy of data being recorded about them that is subsequently used for personalised advertising.
- Ensures that cookie standards which specify controls to prevent the compromise of cookies on browsers are verified on each browser release.