VPPA: The 40-Year-Old Law Being Used to Protect Privacy
Hello all, and happy Thursday!Read Now
The simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Ensure your customers’ data is in good hands
Gain insights with privacy assessment templates and workflow management
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Don’t let data privacy compliance get in the way of growth
Preserve your competitive edge
Manage data privacy at scale
Expert insights on all things privacy
Subscribe and become a Privacy Insider
Research the most essential privacy topics
We'll scan your website for privacy risk at no cost
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
No fines, no penalties
Add Osano data privacy ratings and recommendations to your application
Fresh duds for data privacy fans
September 28, 2021
Cookies. They're the lifeblood of many businesses. And they're undergoing a massive shift.
Well, that's at least true for the third-party kind. The kind that comes from an advertiser with a relationship to the site a user's visiting, deployed to track that user around the web for insights on their behaviors.
Thanks partly to the Cambridge Analytica scandal, users and regulators have become increasingly concerned about the data such cookies were collecting. How did Facebook know which users were most likely to own guns or how they voted in the most recent election? These kinds of revelations put a new spotlight on tracking cookies.
It's a hugely important topic. There are entire economies built on ad tracking and a lot of profit at stake.
What's not clear is what we should do about it. Because online content has billed itself as "free," it feels uncomfortable to start talking about paying every time I want to Google something, you know? But if third-party cookies disappear, who picks up the tab?
See, the content was never actually "free." It's just that platforms have used ad-sales profits to fuel their engines. The content all of us as consumers can access for "free," written by journalists, lawyers, artists and academics, is paid (mainly) via the money sites make from displaying content users want to see, yes. Meaning: The money they make from advertisers desperate to get on the same page as that excellent content because they've indicated an interest in that topic. And that happens via tracking.
There are a few ideas at play.
There's the Brave model. If you haven't heard of it, Brave is a browser that sells itself on user privacy. It doesn't support targeted ads on its platform. Instead, it scrubs websites' ads and then fills the space with ads it sells in-house. Instead of users seeing personalized ads, the entire user base sees ads based on an "anonymous aggregate of the browser's user base," as Computerworld reports.
Facebook's recent experiment is similar to Brave's model. It's looking at ways to target users with ads without using personal data. Instead, users with common interests would be lumped together as a "group" of potential buyers who might be interested in a product, as The New York Times reports.
Last year, Apple deployed a pop-up window to allow users to opt out of being tracked by third parties for advertising purposes. More than 80% used it, and that had an impact on small businesses, especially. I chuckle as I write this, but even Facebook stated that it was "Speaking up for small businesses" in full-page ads in The New York Times, The Washington Post and The Wall Street Journal. "Our studies show, without personalized ads powered by their own data, small businesses could see a cut of over 60% of website sales from ads," Facebook said.
In an article for WIRED called, "Nice Try, Facebook. iOS Changes Aren't Bad for Small Businesses," Dipayan Ghosh said Apple's changes "hurt Facebook and its affiliated data brokers and ad networks — not the main-street small businesses evoked by Facebook's newspaper ads."
Some say it doesn't matter if Big Tech can't make advertising dollars off third-party cookies because companies like Google, Apple and Facebook own most user data already. They could run on those insights alone. And that's where some of the antitrust complaints lodged against the companies come in. To oversimplify a complicated topic.
Absent a browser-based solution, there could be ramifications to users and consumers other than less-relevant ads popping up on their iPhones or Androids. Some businesses may have to raise prices to make up for ad revenue loss. Or, websites could turn to a subscription-only model.
Though some of the products and services claim their way is the best path forward for protecting consumer privacy, we've yet to agree on how to do that without devastating advertisers.
That's what Google's Privacy Sandbox ostensibly will do. But things are moving slowly. Google had initially sought to phase out third-party cookies by the end of 2022 but has since delayed to 2023. It told advertisers it would come up with an alternative plan before it ditched third-party cookies altogether, and so far, no one's come up with it.
"While there's considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right," Google said in its June update.
For now, we'll have to let companies fumble with some experiments. But businesses have reason to be concerned about how much that'll cost them until an anxious industry finds its way before regulators find it for them.
Hey, if you missed our web conference last week on U.S. state privacy laws, it was a good one! See the link above for access.
Enjoy reading, and I'll see you next week!
If cookies go away, who pays for the internet?
The New York Times reports on the future of the internet now that the $350 billion digital ad industry is being dismantled. "Driven by online privacy fears, Apple and Google have started revamping the rules around online data collection. Apple, citing the mantra of privacy, has rolled out tools that block marketers from tracking people. Google, which depends on digital ads, is trying to have it both ways by reinventing the system so it can continue aiming ads at people without exploiting access to their personal data," the report states. But if Tech Giants and mom-and-pop shops alike can't do cookie-based marketing for data, what takes its place as the internet's currency?
EU authorities form cookie task force to handle influx in complaints
The European Data Protection Board, the group comprising EU data protection authorities from the 27 member states, has announced it will form a cookie banner task force. The task force will respond to an influx of complaints with several data protection authorities over cookie banners. NYOB, the advocacy group led by Max Schrems, filed 422 complaints in August against websites it claims are using misleading cookie banners, a violation of the EU General Data Protection Regulation.
At hearing this week, Senators to debate potential US privacy law
The lawmakers with jurisdiction over consumer privacy have finally set a date for this legislative session's first hearing, Politico reports. At the Senate Committee on Commerce, Science and Transportation hearing, slated for Wednesday, Sept. 29, senators will discuss the need for a comprehensive federal privacy law and examine how to protect consumer privacy rights adequately. It's been nine months since the committee last met on privacy.
UK marketers file complaint with European Commission over Google's Privacy Sandbox
A coalition of digital marketing firms and others has filed a formal complaint with the European Commission against Google's Privacy Sandbox. The Sandbox, orchestrated by the World Wide Web Consortium, aims to create web standards for sites to deploy online advertising without the use of third-party cookies, which Google is phasing out. In June, EU regulators said they were investigating Google's adtech practices, including the Privacy Sandbox proposal. TechCrunch reports that the Movement for an Open Web alliance says Google's technology changes impact user choice on privacy and hampers competition.
South Korea one step closer to 'adequacy' agreement with the EU
On Sept. 27, a group of EU data protection authorities (DPAs) said South Korea's privacy law aligns closely enough with the EU's to allow data transfers safely, EURACTIV reports. The opinion is "non-binding" and aims to advise the European Commission in its decision over whether to grant South Korea so-called "adequacy," as required for non-EU countries to transfer data across EU borders. However, the DPAs noted reservations about South Korean law enforcement's access to personal data under its law. Next, EU member states must weigh in before the Commission can finalize the deal.
Writer at Osano
Writer at Osano
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
Osano makes it easy. Ready to get serious about data privacy? Choose your plan and get started. All plans come with a 30-day FREE trial!