Lukasz Olenjik:

Device fingerprinting involves collecting information about user devices, such as smartphones or computers, to create a unique identifier, often to track people or their activities as they browse around the web. This data may include IP addresses, browser user-agent strings, screen resolution, or even details like battery discharge rate. Fingerprinting is particularly concerning because it can be passive—requiring no user interaction. Data is collected without the user’s knowledge and linked to their device. Upon subsequent browsing, systems can recognize the same visitor, enabling ad tracking or uncovering private information, such as browsing habits.

This form of identification is neither transparent nor user-friendly. Users are often unaware it is happening, and when done without their consent, awareness, or other legal grounds, it breaches laws. Unlike cookies or other mechanisms, such identifiers cannot be easily “cleared,” making them especially invasive. Nevertheless, websites, advertising technologies, and others have continued to use them. Remarkably, large technology companies like Apple and Google once vowed not to engage in such practices. This commitment marked a major achievement for privacy, driven by advancements in privacy research and engineering. Large platforms even began competing to enhance user privacy, benefiting users’ welfare and reducing the risk of data misuse or leaks. This issue cannot simply be reduced to “Google does this, and the ICO critiques it.”