Researchers from Mozilla report in a study that web browsing histories (the lists of user visited websites) are uniquely identifying users (PDF). In their study that was the case for 99% of users. Treating web browsing histories like fingerprints, the researchers analysed how the users can be reidentified just based on the coarsened list of user-visited websites.
In doing so they upheld and confirmed a previous study from 2012, prompting the author of the original study to say that web browsing histories are now personal data subject to privacy regulations like the GDPR.
Sensitivity of web browsing history data questions the laws allowing ISPs to sell web browsing histories.
The now-vindicated author of the 2012 study added this emphatic note in their blog post. “Web browsing histories are personal data. Deal with it.”