The debate around online privacy has never been more complex, or opinion more divided. Government and EU directives mean that data relating to individual web use can (and in some cases, must) be collected and stored. But there are other ways, often unseen by internet users, of profiling internet users by accessing data relating to user behaviour. This article examines the ways in which data can be stored by communications service providers, and gathered for advertising information (e.g. Phorm); and the processes by which data can be ‘leaked’ by browers to help third parties profile users. In the past year there have been a number of debates on the need for online privacy. Some commentators (Sir David Omand and Scott McNealy) have argued that privacy online must be sacrificed for progress and security whilst others insist on privacy being paramount in a free society (Sir Tim Berners-Lee and Sir Ken Macdonald).