Stealing From the Cookie Jar? Beware Evolving Data Privacy Rules.
Reliance on Third-party Cookies
In exchange for user consent to allow cookie tracking, many businesses offer a wide range of services free of charge to their visitors. While this approach, or quid pro quo has largely worked for many years, consumers are becoming more privacy-savvy, and thus increasingly uncomfortable with the amount of information that is collected and shared online.
Additionally, according to research from McKinsey, roughly 71% of people would no longer do business with a company if it gave away sensitive data without permission. More, fines related to cookies and reported by the Spanish supervisory authority have hit as high as £30,000, and databrackets reported that the number of GDPR fines issued grew by 260% between 2018 and 2019.
of all users feel that almost everything they do online is being tracked by advertisers.
of users say that the risks surrounding data collection outweigh the benefits from the services offered by businesses.
In recent months, there has been increasing pressure on businesses when it comes to user tracking. Changes to the EU ePrivacy regulation means the way third-party cookies are allowed and used to track online behaviour is likely to change. That said, developments in the U.K. suggest the potential for an approach to cookies that loosens the requirements outlined in ePrivacy and GDPR. In a Sky News article, the U.K. Culture Secretary indicated plans to change the country’s data laws, including reducing the use of cookie consent banners.
Regardless of how varying jurisdictions will ultimately address the issue of cookies, technology companies are beginning to respond to the increased emphasis on data privacy. In 2020, Google announced removal of its support for third-party cookies in Chrome. David Temkin, Director of Product Management, Ads Privacy and Trust at Google stated in an blog post that, “people shouldn’t have to accept being tracked across the web in order to get the benefits of relevant advertising, and advertisers don’t need to track individual consumers across the web to get the performance benefits of digital advertising.”
Search engines have been testing alternatives to third-party cookies, including methods that allow advertisers to track internet user behaviour while identities are kept anonymous. This approach assigns visitors’ browser history with an anonymised identifier, then adds it to a cohort, i.e., a group of other browsers with similar behaviours. This is one way advertisers can continue to track and target while respecting the privacy of personal information.
A user’s cohort ID is also re-calculated on a regular basis, providing a summary of online behaviour, via an algorithm. The benefit of this is that the process takes place locally on the user’s device meaning, so that no data is stored on servers, which remediates one of the biggest privacy concerns associated with third-party cookies. The cohort approach can also remove any cohorts that have a high rate of visits to pages with sensitive topics, such as medical, political and religious sites, to avoid advertisers from learning or tracking more personal details about a cohort.
Whilst this approach may begin to address some privacy concerns around the use third-party cookies, it does fully answer growing consumer concerns and questions around tracking. This is why first-party relationships and a strong position on data privacy are more vital to an organisation’s success than ever before.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.