.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.png?width=148&height=200&name=Privacy%20Insider%20Book%20(mock%20w%20shadow).png)
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
In a last-minute reversal surprising nobody, Google has pushed back the deprecation of third-party cookies once more.
It had seemed like Google was committed earlier this year when they phased out third-party cookies for 1 percent of browser traffic as a test. But for anybody who had been watching closely, the delay isn’t too much of a surprise. Google’s alternative to third-party cookies—the Privacy Sandbox—has faced challenges both from a privacy perspective and from a competition perspective.
Privacy Sandbox is Google’s version of a “walled garden.” Essentially, rather than rely on third-party ad tech networks to track user behavior across the internet and serve targeted ads via third-party cookies, brands can go directly to the platforms their prospects interact with. Through walled gardens, brands can advertise and gain valuable insights without connecting those insights directly to a specific user or device. Instead, the platform targets advertisements for the brand, thus reducing the risk of personal information flowing where it ought not. At least, that’s the idea.
In the case of Privacy Sandbox specifically, it’s been accused of effectively forcing advertisers to rely on Google as a middleman, rather than being able to use the relatively decentralized approach to targeted advertising of third-party cookies. At the same time, it’s still a poor solution for data privacy concerns. For example, an ICO report identified gaps in the Privacy Sandbox that could be used to identify individual users.
Given these ongoing issues, it’s not surprising that the third-party cookie phaseout has been delayed once again. Third-party cookies are likely to disappear at some point, but whether a business as large as Google will be able to do so expeditiously is unlikely.
Best,
Arlo
Top Privacy Stories of the Week
Telehealth Firm Cerebral Fined $7 Million Over ‘Careless’ Privacy Violations
The Federal Trade Commission (FTC) is proposing a $7 million fine against Cerebral, a mental telehealth firm that it says not only was careless with patients’ data but actively shared it with third parties for advertising purposes. The company and its CEO, Kyle Robertson, are also accused of lying to customers about how their data is shared and of having a misleading cancellation policy.
Ministry Of Migration and Asylum Receives Administrative Fine and GDPR Compliance Order Following an Own-initiative Investigation by the Greek SA
An investigation by the Greek Supervisory Authority (SA) revealed that the Greek Government’s own Hellenic Ministry of Migration and Asylum failed to carry out effective Data Protection Impact Assessments for two immigration-related systems and also failed to cooperate with the SA during its investigation. As a result, the SA has imposed an administrative fine of €175,000 on the Hellenic Ministry of Migration and Asylum.
Google Delays Third-Party Cookie Demise Yet Again
For the third time, Google has pushed back its original deadline to sunset third-party cookies. Originally slated for January 2020, Google has now indicated that it will deprecate third-party cookies sometime in 2025. In a statement on its website for the Privacy Sandbox, Google representatives said, “We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators, and developers, and will continue to engage closely with the entire ecosystem.”
President Biden Signs Law to Ban TikTok Nationwide Unless It Is Sold
President Biden recently signed a bill providing foreign aid for Israel, Ukraine, and Taiwan—and would ban TikTok unless it is sold within 12 months. In response to tension with China and data privacy concerns, the law stipulates that ByteDance must sell its stake in TikTok within a year under the threat of being shut down.
EDPB Opinion on Legality of Pay-or-consent Models in EU GDPR Context
The European Data Protection Board recently issued a highly anticipated opinion that large online platforms implementing pay-or-consent models will, "in most cases," not comply with EU General Data Protection Regulation requirements for obtaining valid consent for processing personal data.
Osano Blog: Compliance, Customized—Create Custom Assessments With Osano
Just like a master chef tailors a recipe to the tastes of their patrons, our latest feature allows you to customize your compliance efforts to suit your business needs perfectly. Osano is excited to unveil a significant enhancement to our compliance toolkit: Custom Assessments. This new functionality is designed to transform how businesses manage and execute their data privacy assessments, providing an unprecedented level of customization and efficiency. Read more in our blog!
If you’re interested in working at Osano, check out our Careers page!
