This article is the second in our “Everything you need to know about the post-cookie apocalypse” series. In this article, we endeavour to clarify and simplify why cookies are so important to advertisers and why privacy measures promoted by the industry are left wanting.
Why Are Cookies So Important To Advertisers?
The average user may vaguely understand the concept of cookies when they clear their browser history; by erasing their previous browser sessions, the web addresses from past sessions disappear, and sometimes readers have to reenter passwords into websites because they erased the cookie that previously retained their logged-in status. Erasing the cookies also erases the tracks that marketers previously followed to retarget campaigns or detect if users may be interested in certain categories (i.e. sport, finance, fashion, etc.).
The growing import of first-party cookies
There is a key difference between a first-party cookie and a third-party cookie. A first-party cookie is one that an authenticated publisher implants on a consenting visitor’s browser. However, a third-party cookie is one implanted on a visitor’s browser by an unknown third-party without gaining user consent. It is these third-party cookies that underwrite much of programmatic targeting and is of major concern to data privacy advocates.
Interactive Advertising Bureau (IAB) Privacy Measures
European regulators have dealt a blow to one of the digital ad industry’s most vocal advocates, the Interactive Advertising Bureau, declaring that its privacy measures which are meant to safeguard consumer data are simply not good enough. This recent EU ruling was a significant rebuttal of practices promoted by IAB and threatens to undermine the way programmatic advertising is conducted around the world.
The EU regulators said they “found serious GDPR infringements in the system Google and others are using to legitimize online tracking”. IAB responded in a blog post that characterized the ruling as a “preliminary” view with “no binding effect. We respectfully disagree with the APD’s apparent interpretation of the law,”
Note: APD is the Belgian data protection authority.
The decision calls into question the IAB’s ability to design frameworks for internet advertising that satisfy the regulators enforcing recent laws like the EU’s General Data Protection Regulation, which was implemented in 2018. The U.S. has seen similar laws emerge, like the California Consumer Privacy Act. These new laws endeavour to establish clear and consistent rules about the types of data that companies may collect, and ensure that these companies gain knowing consent from consumers to use their data.
Consumers have already seen the changes, especially on websites, where they see more notices from publishers requesting permission to track their online behaviour. The EU’s ruling found that the IAB’s solution for getting permission, which was widely adopted, including by Google, does not meet legal standards.
In a multi-billion dollar business, that is digital advertising, entrenched self-interest promoted and practised by very large corporations such as Facebook and Google ensures that this debate will continue for some time. However, it is interesting to note that governments around the world are starting to realise the damage that can be done by the inappropriate use of visitor data to influence public opinion evidenced by critical social debates such as vaccination and climate change.