Browser-based Crypto Mining and EU Data Protection and Privacy Law: A Critical Assessment and Possible Opportunities for the Monetisation of Web Services

Recently, browser-based crypto mining (or browser mining) received attention in academic literature, mainly from the work in the field of computer science. Browser-based crypto mining describes the act of websites or other actors mining cryptocurrencies for their own gain on client-side user hardware, which mainly takes place by mining Monero through Coinhive or similar codebases. Although the practice gained infamy through the various ways in which it was illicitly deployed, browser mining has the potential to act as an alternative means for the monetization of web services and digital content. A number of studies explored browser mining for monetization purposes and highlighted its short-comings compared to the traditional advertisement-based monetisation strategies. This paper discusses the practice in light of EU data protection and privacy law, notably the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD), which is currently being overhauled and aligned with the GDPR. It adds to the discussion surrounding the feasibility of browser mining as a potential alternative for monetization by exploring the legality of browser mining in relation to EU data protection and privacy law and by identifying possible benefits regarding the protection of individuals’ personal data and privacy by deploying browser mining. It is argued that employing browser mining in a transparent and legitimate manner may be an additional option to financing websites and online services due to the growing legal pressure on advertisement models such as programmatic advertisements that rely on the exploitation of large amounts of personal data and ad networks.