How we reached a digital privacy age on high alert and What contributed to such a revolt that is asking for third-party cookies depletion? The 3 main areas of focus that were directly responsible for this act was, the Legal environment that focuses on the various data privacy laws and directives enacted in various jurisdictions all over the world, the Browser area, that deals with the various changes incorporated in Safari, Firefox, Chrome, etc. and Ad Blocking pressure from users.
The Legal Environment for Data Collection and its Usage
Many jurisdictions worldwide recognize an individual’s fundamental right to data privacy. This gives power to that individual with the right to have knowledge about how their personal data is being used and shared. This of course involves the use-cause related to digital advertising.
There is still no comprehensive law to regulate online privacy worldwide. What we see today is only a mélange of various regional, federal, state, and local laws with varying degrees of stringency.
EU’s ePrivacy Directive and the General Data Protection Regulation (GDPR)
The main instrument for the EU about restraining storage and access operations on user’s devices is the ePrivacy Directive of the union. According to this Directive, entities wishing to carry out storage and access operations on any user’s device must obtain consent from that user as a precondition. These types of consent must of course be specific, informed, freely given and definite.
Due to the combined requisites of the GDPR and the ePrivacy Directive, certain changes can be observed. For example, obtaining consents for collecting personal data through “consent banners”. A consent banner is a banner placed at either the top or bottom of a webpage that contains disclosures with a consent request
California’s Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA)
The CCPA made California the first state in the United States to pass a comprehensive privacy law.
However, unlike the GDPR, the CCPA requires implementing specific privacy notices and opt-out tools. Strictly speaking, the CCPA provides users with ownership over any private information. It also requires businesses processing the state’s users’ personal identifiable information to enable users to:
- Know exactly what personal information is being collected;
- Know to whom their personal information is being disclosed;
- Access any and every personal information that was collected about them;
- Avoid the selling of such information and
- Request a deletion of such collected personal information.
The CPRA revises as well as expands the CCPA thus enhancing the rights granted to the consumers under the CCPA. Also, it introduces additional requisites for businesses thus creating new enforcement mechanisms. The CPRA is scheduled to be made effective in January 2023.
Even if their outlining requisites are different what remains the same under these laws are:
- Users can exercise their rights and control over their personal identifiable information with more impact.
- Businesses need to comply with transparency, consent, and personal data processing obligations and this does not end with the denunciation of various third-party cookies.
Browser Gatekeeping
Other than complying with the above mentioned data privacy laws such as the GDPR and California Consumer Privacy Act (CCPA) businesses are altering the ways in which other parties or entities can access and use any individual’s personal information.
All browsers have implemented various changes that have altered the way in which other parties viz. publishers and advertisers can collect and use personal identifiable information and therefore has made a huge impact on the market.
Safari (Apple): Intelligent Tracking Prevention (ITP)
Safari has the longest history among all browsers to take such initiatives with their Intelligent Tracking Prevention or ITP functionality running for over the last couple of years.
Due to this, if any user has not interacted with a tracking website in the last 30 days, those cookies are automatically deleted along with all new third-party cookies from the site being blocked. If, however, they have visited any such tracking website resulting in the creation of a first-party cookie it can only be used in a third-party context for the next 24 hours. After that, it can be used only as a first-party cookie.
Mozilla Firefox: Enhanced Tracking Prevention (ETP)
Mozilla’s Enhanced Tracking Prevention or ETP is a “simplified content blocking settings“, which gives users strict, standard and custom options for them to control online trackers.
This heavily depends upon the blacklists of websites that are known to perform tracking during private browsing sessions. The ETP blocks tracking cookies as well as actual calls to these sites.
In the custom mode, users can personalize which restrictive list they want to use.
Chrome (Google)
In January 2020 Google announced their next steps towards solidifying data security by phasing out support for the third-party cookies in Chrome. They are to be replaced with a ‘privacy-preserving alternative’ to make these cookies obsolete named “Privacy Sandbox”. Through this Privacy Sandbox, Google aims to provide the digital advertisement industry with anonymous non-addressable signals which are not cookies and five APIs. Advertisers would then be able to make use of each of these APIs to receive collective data regarding issues with conversion and attribution.
Following this in March 2021, Chrome announced a future launch of an origin trial for FLoC or Federated Learning of Cohorts API. This would help them to reach out to people with relevant contents by clustering large groups of people having similar patterns in terms of web-browsing.
Ad Blocking
In a browser, Ad Blocking is a functionality that helps to remove the online advertisements displayed on a webpage; the most common tools for which being browser extensions.
In more recent years, ad-blocking features are being increasingly incorporated into the application ecosystem although there is a lack of traction when compared to browsers.
The most common reasons for incorporating ad-blocking and script tracking tools are:
- Privacy concerns like personal data leakage;
- Security issues like malware;
- Faster site loading speeds;
- Less distraction on content;
- Less battery and bandwidth (especially for mobile devices) usage.
These are the three main contributing factors behind the depletion of third-party cookies. Stay tuned with this space if you want to know more about such impacts of Proprietary Platforms on Stakeholder Usage.
More about this topic here