Consumer Privacy Laws and Online Advertising and End of the CookieJune 30, 2020
For 25 years – since the introduction of Internet Explorer 2 – our browsers supported third-party cookie technology that formed the basis of internet advertising.
The cookie party is ending.
Tech lawyers and business executives need to learn about what will be following the cookie era, as online advertising pivots to survive omnibus consumer privacy laws like GDPR and CCPA that make old-fashioned adware impossible to use and therefore obsolete. What happens to the cookie and what comes next? Companies will need practical advice on how to advertise in the new web environment.
After privacy regulators in Europe, Canada and elsewhere clearly stated plans to enforce collection of consumer information only with express permission of the consumer data subject, the third-party cookie’s days were clearly numbered. HTTP cookies – some session cookies, some persistent cookies – involve usually-secret placement of code on a consumer’s web browser which could remember items in a shopping cart, record browsing activity and save data entered into website fields. These cookies are likely to survive.
Third-party tracking cookies tend to compile long-term records of a consumer’s browsing history and provide that data to whoever could read it. Some websites could set over 800 cookies on a passing browser. The New York Times reported that it found that people reading a controversial article may be tracked by nearly 50 companies, including those that sell that tracking information to scores more companies. The Times author stated, “as advertisers pushed for ways to better target ads, ad tech companies created vast networks to harvest user data and broker ads on billions of web pages, providing a one-stop shop for advertisers to reach web users.”
The GDPR mandated privacy by design for web browsing, requiring technology companies to develop software that protects privacy by default, and automatically opts the user out of these huge ad networks unless the use chooses to accept the intrusions. The CCPA applies to persistent identifiers, including cookies, and provides consumers rights to learn about the information collected and to request that data be erased. Allowing consumers to opt-out of the cookie networks is bad enough for the current ad industry, but the EU’s requirement of an automatic opt-out by default signals the death of that business model.
And Big Tech is responding. Safari (2017) and Firefox (2019) are already blocking cookies effectively. The world’s most popular browser, Chrome by Google, is rolling out similar third-party cookie blocking technology. According to the blog for Elevated Internet Marketing, “Once Google kills third-party cookies on Chrome, it will still allow tracking to continue without passing personal information onto advertisers. This will give Google more power, but also increase privacy online.” Google has announced its goal of making third-party cookies obsolete by 2022.