Libertatem Magazine

Malicious Cookies and Their Legal Remedies

Contents of this Page


You recently searched something on google after some time you see an ad related to it on Youtube. We usually are more involved in the content of webpages rather than its end user’s agreements and in a hurry, we tend to accept the pop-up that arises “Accept all cookies” are these cookies sweet biscuits? NO these are some basic plain texts that are usually used to guide an end-use,r for example if you have saved your preference of language as English for a web page permanent cookies save it and next time you visit you don’t need to add it again the next question that arises so if it is a guide to an end-user what might be causing it to be malicious in nature? What are its types are all safe? Its legality under The Information technology act and other relevant statutes of India which govern it? & Its preventive measures are all discussed in the upcoming contents of this article.

Types of cookies


First party cookies are there for the end-user. They are used for the owner of the website to add these cookies. They are harmless in nature. If there is an ad generated on a particular website and that ad owner uses cookies for the purpose of revenue generation and to understand the end-user’s behaviour, third party cookies are established. In the case of first-party cookies, any configurational preferences for the user are established so that next time he arrives at the same website, he does not necessarily need to set it again and he can browse to the best of his comfort and save most of his time.


In order to get rid of these types of cookies, Google deletes them for you and can also block both third-party and first-party cookies. But there are some which can neither be created nor be deleted through websites. These are “The Flash” cookies, which are permanently stored on one’s device but yet can still be deleted through settings.


To be precise, there is no such distinction to identify certain cookies as malicious or not. The main task of these cookies is to enter one’s device software through the name of either of the above-mentioned cookies and then create some sort of disturption either by deleting the important documents in one device or by creating edits in one software or by acting like malware, subsequently leading to the death of the software. Most of the time it is transferred through the use of unauthorised web pages for downloading games, videos, or songs where usually the webpage is not only pirated, but also using these cookies for data theft.



There still isn’t any provision that specifically mentions that exhibition of cookies gets legal recognition, but yet, from the Information Technology Act, section 10 A of the Information Technology Act, wherein the e-contracts that the websites exhibit in the phrase of “terms & conditions” is one of the recognitions that itself includes acceptance of cookies. The Indian Contract Act also provides legal recognition for e-contracts. You may be carelessly ticking or in a hurry to accept all of the cookies and accept all of the T&C bar on the webpage without properly reading it, so one should read all of the terms and conditions, or at least go through them in full, to protect themselves from further consequences. 



Technically, in accordance with Article 21 of the Indian Constitution, the right to protection of privacy has been mentioned and if through the use of malicious cookies, data theft, or hackers are exhibiting any sort of privacy violation activities, they will face dire consequences under sections 506 & 507 of the IPC. The punishment includes imprisonment of 3 years with or without a fine, in accordance with the circumstances. The circumstances include the liability of the ISP (Internet service provider). Like in this case, the webpage warned about redirecting to a third-party website which might possibly lead to third-party and malicious cookies and was held as not responsible for the liability. In the case of K Puttaswamy and another vs UOI, it was held that although there is no legal recognition of malicious cookies which possibly lead to data theft, there is a violation of the right to privacy which can be brought under the legal framework of article 21 of the constitution. The intermediary is liable in very few cases, and it is very hard to determine the liability. It is either the person who adapted the cookies, which is hard to determine due to the anonymity of cyberspace, or there are national cybercrime reporting portal one can report to which stringent actions will be taken against the criminal 

There is a cyber appellate tribunal established by virtue of Information technology act 2000 which specifically deals with the cyber issues 

Possible remedies in civil are also available which include accounts of profit, mareva injunction orders and temporary and permanent injunctions in accordance with order 39 rule 2 and section 37 of specific relief act respectively 



It is very tough to recognize whether the cookies that the website establishes is malicious or not most of the time those are some data hackers who use these sort of cookies especially in porn, gaming & certain VPN’s which change one’s IP address to browse a webpage which is not browsed with current Ip address although there are many antivirus scanners and apps like Mc Afee and many more as much as possible one should restrain themselves from ignoring end-user terms & conditions and should as much as possible look into the possibility ISP warnings and if necessary must block the acceptance of the cookies in the settings of the search engine 


As the digital era is advancing so is the privacy of one is under threat the emergence of many trojan horses and recent Pegasus spyware from Israel can be in any form which also may include malicious cookies despite making the ISP or the owner of the webpage as liable one must first learn to be aware of the Terms & conditions of the webpage and must implant necessary antivirus scanners in their device to prevent not only the violation of the right to privacy but also spoilage of software and efficiency of the device and also the govt through cybercrime reporting portals and provisions of IPC, CPC and other relevant acts is trying its best to curb and identify and take stringent actions against the criminals

About the Author