The emergence of digital economy has made the digital footprints left by users on the Internet essential materials to be collected for brands and advertisers. The use of web browsing history (Cookie) is able to fulfill the needs for advertising to reach precise targets so that these brands and advertisers can gain their best business benefits. However, personal web browsing history involves privacy. Surfing web pages should be considered as a type of private activity. The author asserts that web browsing history characterizes privacy interest. Therefore, the legal interest of privacy in this regard should be protected by Personal Data Protection Act. Scholars have conducted research on the legislative purposes of Article 41 of Personal Data Protection Act recently amended in 2015. They suggested that not all of the profit-making activities should be included in the realm of the criminal system. Thus, the concept of profit-making defined in the previous regulations should be abandoned while it was necessary to break profit-making activities into legal and illegal categories. In this case, legal commercial activities were not regarded as the applicable object of the said crime. Despite of what the scholars have pointed out, the author argues that the aforesaid contention may have neglected the importance of digital footprints and rapid shifts of the business models we have today. One concern about web browsing history raised in this paper is that the third-party Cookie is currently used to track users' footprints from one domain to another, but there is a lack of explicit descriptions in Cookie policies. Under such circumstance, even users' agreement to the use of Cookie may not constitute legal consent. In addition, constructive assent stipulated in Article 7, Item 3 of the Personal Data Protection Act is not in line with the trend of privacy protection in this modern world. This has given rise to the need for an amendment and deletion of the Act, or strict legal requirements for providing clear explanations in Cookie policies so that data collectors are imposed obligations to make concrete, complete and clear descriptions on the use of Cookie. By doing so, the regulations may apply to determine whether there is constructive assent or not. In general, the existing Personal Data Protection Act should be able to impose obligations on web operators and advertisers to clearly inform users of the use of the third-party Cookie which tracks their web browsing history in order to obtain users' positive consent. Otherwise, the use of third-party Cookie by web operators and advertisers will constitute illegal elements that violate the interests of other people specified in Article 41 of Personal Data Protection Act.