CA Regulators' Bite: Equal to Their Bark?
Hello all, and happy Thursday!Read Now
January 11, 2024
Hello all, and happy Thursday!
One of our stories in this week’s newsletter touches on a long-awaited development—and one that tends to lead to a great deal of confusion. Recently, Google joined Mozilla and Apple in blocking third-party cookies (albeit to a limited audience as part of a planned larger rollout later this year). So, I thought I’d spend this week’s introduction clarifying some of the misconceptions around third-party cookies.
As a quick refresher, cookies of both the first- and third-party variety are nothing more than small text files dropped onto your browser by a website. The site can then read these text files to gain information—such as what item you added to your shopping cart, what your username is, or, in the case of third-party cookies, what your browsing history is.
Third-party cookies tend to be especially egregious when it comes to respecting data privacy rights. They collect and share user data through networks of websites, aggregating and syncing countless data points to ultimately develop a fairly detailed profile about users’ browsing habits.
Google has been preparing to drop support for third-party cookies for a while now, and currently, it’s planning to do so globally sometime this year. This is often misinterpreted, however (which the privacy professionals on our mailing list can probably empathize with). Sometimes, people think that this means cookies as a whole are going away—and that there is therefore no need to secure user consent to stay compliant with the GDPR, CPRA, or other data privacy regulations.
Unfortunately, that’s not the case. First-party cookies are plenty capable of collecting personal information, and even if they aren’t quite as invasive as third-party cookies tend to be, businesses still need to inform users about them and collect their consent. That’s not to mention all of the other ways that businesses collect personal information without relying on cookies, too!
If you want a refresher on how cookies work, scroll down to check out our featured blog this week.
On January 8, New Jersey’s General Assembly and Senate passed a consumer privacy bill, S332, which would grant New Jersey residents several rights, and obligate controllers and processors of New Jersey residents to take action. The law is similar to consumer privacy laws passed last year in other states, with some distinctions. Currently, the bill awaits signature by Governor Phil Murphy before it becomes law.
A trade group representing TikTok, Snapchat, Meta, and other major tech companies sued Ohio on Friday over a pending law that requires children to get parental consent to use social media apps. The law is set to take effect January 15, but the trade group argues that it unconstitutionally impedes free speech and is overbroad and vague.
The US Federal Trade Commission (FTC) has prohibited Outlogic, a massive US data broker formerly known as X-Mode Social, from selling or sharing sensitive information that can be used to track people’s locations as part of the regulator’s first data tracking settlement.
In a small test available to roughly 1% of its global userbase, Google is rolling out a new feature to disable third-party cookies. Third-party cookies are typically used to personalize online ads and monitor browsing habits and are often criticized for being overly intrusive. Rivals such as Apple's Safari and Mozilla Firefox already include options to block third-party cookies.
Recently, the Federal Communications Commission (FCC) released a new rule that significantly constrains the ability of websites used for comparison shopping and lead generation to secure consent from consumers to receive robocalls and text messages from large numbers of unrelated service providers.
Cookies—they’re one of the most ubiquitous and fundamental data trackers on the web today. But not everybody knows how they work. If you ever find yourself wondering about the ins and outs of cookies and cookie consent, check out our blog on the subject below.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.