Re-focusing my work

When I first started my research for this thesis, I did not know what vast amount of information on user tracking methods is out there. So I had to admit to myself that writing about all of it is too much for a single Master thesis. Therefore, I decided to re-focus my work on a smaller field within the same area and I renamed my thesis to make its contents even clearer. The new title is "Legal issues of user tracking technologies. An analysis of web and mobile tracking methods utilised by Austrian enterprises for business purposes". 

Why web and mobile tracking?

User tracking is highly associated with web tracking; there are websites that even use the terms interchangeable. Together with the ubiquity of mobile phones and their tracking potentials through built-in sensors lots of tracking methods are already covered. One might also point out tracking through wearables, IoT devices or car telemetrics. However, to provide detailed information on what is state-of-the-art and how those methods are currently regulated, I had to reduce the scope.

Why "for business purposes"?

There are companies, which are tracking their own employees at work. With the ongoing pandemic, the number of companies that use similar technologies to keep track of their employees working from home has grown. Unfortunately, I am no expert on labour law or contract law and including this aspect in my work would mean taking away from the time I can spent focusing on privacy regulations. Therefore, I decided to include only the business angle in my final thesis.

“We know where your browser has been”

My first chapter tries to answer the following question:

What is currently considered state-of-the-art user tracking and which other methods are still in use?

To paint a complete picture, I have used an approach similar to the methodology of meta-narrative review developed by Greenhalgh et al. in 2005 [GRM+05]. I have come up with 63 publications, which are (potentially) relevant to my thesis. One of these papers has especially sparked my interest.

Nasser Mohammed Al-Fannah and Chris J Mitchell of the Information Security Group at the Royal Holloway, University of London published a paper named “Too Little Too Late: Can We Control Browser Fingerprinting?” in the “Journal of Intellectual Capital” in January 2020 [AFM20]. In section 6 (“Making Browser Fingerprinting Unnecessary?”) they state:

“That is, there is clearly a desire by key browser vendors to be able to track user behaviour. […] In this respect, it might be argued that trying to restrict cookies has been counter-productive for user privacy; at least cookies are, to a high degree, user-controllable, i.e. users can delete all cookies from time to time and thereby refresh their online identity. Exerting usage control is much more difficult when browser fingerprinting is employed for tracking, since as we have argued it is far less controllable and far more privacy-damaging in that it retrieves a wide variety of information about a user’s platform and browser configuration.”

Which brings me to the question that I have to answer in my next chapter: 

Which (state-of-the-art) user tracking technologies are currently used by Austrian enterprises for business purposes?

Is browser fingerprinting already among those technologies? Moreover, what does it mean from a legal point of view?

Literature

[AFM20] Nasser Mohammed Al-Fannah and Chris Mitchell. Too little too late:can we control browser fingerprinting? Journal of Intellectual Capital,2020.

[GRM+05] Trisha Greenhalgh, Glenn Robert, Fraser Macfarlane, Paul Bate, Olympia Kyriakidou, and Richard Peacock. Storylines of research in diffusion of innovation: a meta-narrative approach to systematic review. Social science &medicine, 61(2):417{430, 2005.