No more cookies, not even in Chrome
No cookies makes site owners responsible
No cookies makes site owners responsible
Content
No cookies makes site owners responsible
Mozilla Firefox and Apple Safari already have removed the use of third party cookies. And now also Google will follow their example.
This is of course important when a major player like Google takes this step. Their browser possess more than 60% of the global web browser market share, it is the end of cookies as we know them. And it will have will have a major impact on all business.
Why will the cookies be removed, and what is so scary about those cookies?
The beauty & the beast, third-party cookie!
No cookies makes site owners responsible
The beauty of third-party cookies!
Let’s say you visit a website to read about hiking trails. While browsing, you notice ads for hiking gear appearing on various other websites you visit afterward, such as social media platforms or other websites. These ads seem tailored to your interest in hiking.
This experience is facilitated by third-party cookies.
With the cookies your browsing activity across different websites can be tracked and allow advertisers to target you with personalized ads based on your interests and behavior.
Being an advertiser, you love it, – and some users as well, if I may add.
And honestly, the only reason third-party tracking cookies have been allowed to exist for as long as they have is, well, they’re very useful, particularly for online businesses.
No cookies makes site owners responsible
What's so scary about third-party cookies!
The negative aspects of third-party cookies are mainly related to privacy and security. The cookies track users across various websites, gathering extensive data on online activities without clear consent.
User habits can be monitored and used for targeted advertising and content. Additionally, third-party cookies present risks of data theft and unauthorized access to personal information by malicious entities, posing significant security threats.
By combining personal information, web behavior, social media connections, and activities across platforms, cookies enable advertisers, data brokers, and online platforms to create detailed profiles of users for targeted advertising, content personalization, and other purposes.
All data collection opens for misuse or exploitation of user data. And we see several examples of misuse and exploitation that one way or another shows direct and/or indirect harm to individuals or individuals as part of a community.
Some scandals exemplifying the risks
Cambridge Analytica Scandal: In 2018, it was revealed that the political consulting firm Cambridge Analytica improperly harvested data from millions of Facebook users without their consent. This data was allegedly used to create targeted political advertising during the 2016 US presidential election and other political campaigns around the world.
Equifax Data Breach: In 2017, Equifax, one of the largest credit reporting agencies in the US, suffered a massive data breach that exposed the personal information of approximately 147 million people. This breach included sensitive data such as Social Security numbers, birth dates, and addresses, raising concerns about identity theft and financial fraud.
The Pathology Department of the East and North Hertfordshire NHS Trust: in 2019, a data breach at a medical testing laboratory in the UK compromised the personal information of over 400,000 patients, including test results and medical history.
Google COPPA Breach: Google agreed to pay a $170 million settlement with the FTC in 2019 over allegations that YouTube violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children without parental consent.
Marriott International Data Breach: In 2018, Marriott disclosed a data breach that exposed the personal information of approximately 500 million guests. The breach resulted in multiple lawsuits and regulatory investigations, including a £18.4 million fine imposed by the UK ICO under the General Data Protection Regulation (GDPR).
Pharmacies and hospitals sending personal information to facebook
Then we have pharmacies that sent information about customers to facebook. The pharmacies when asked about this clearly had no idea what they did. And their customers certainly had no idea that facebook now can use their information.
That’s the case in Sweden. Apotea sent information about hundreds of thousands customers to facebook. The former government owned pharmacy now called Apotek AB sent information about more than a million customers.
In the example we are talking about pharmacies. In the example we are talking about pharmacies. The question then arises: is it normal for online businesess to send information like this to Facebook. No one knows; even Faebook has no idea.
Trying to quantify this issue, we can look at an estimate from 2020 with the number of transmissions made from health-apps alone. It was then estimated to be more then 1 billion transmissions every day.
Perhaps even more scary
Content Manipulation:
Content platforms and social media networks can potentially use tracking and monitoring data to manipulate the content users see in their feeds. Algorithms might prioritize content that aligns with users’ interests and engagement patterns, potentially creating filter bubbles and echo chambers where users are exposed to content that reinforces their existing beliefs.
This selective exposure could influence users’ perceptions, attitudes, and opinions over time.
Psychological Profiling:
Tracking and monitoring data could be utilized to create detailed psychological profiles of users, including their personality traits, values, and preferences.
This information could be leveraged to tailor content and messaging that resonates with users on an emotional level, potentially shaping their opinions and attitudes in subtle ways.
Social Proof and Influence:
Tracking data might identify influencers and opinion leaders within social networks, whose endorsements and recommendations carry significant weight with their followers.
By strategically targeting these influencers with tailored content or advertising, marketers could leverage their social influence to sway opinions and attitudes among their followers.
In essence, the use of tracking and monitoring user behavior poses risks by providing powerful tools for shaping opinions and attitudes through targeted messaging, potential content manipulation, and leveraging social influence.
Site owners are now responsible!
As the third-party cookies are removed and tracking will still exist, responsibilities are moved from browser to site owners!
Getting rid of third-party cookies doesn’t mean tracking of internet users will stop. With the use of various tracking technologies beyond cookies users can still be identified across different websites.
Therefore the removal of third-party cookies does not eliminate the necessity for user consent in website tracking practices. But all the demands and requirements are now transferred to each website owner.
Bigger demands on websites!
Each website owner now has to describe users how they collect and use information from visitors on their website. Then they must be able to live up to that and comply with actual regulations.
Various tracking technologies beyond cookies can still identify users across different websites, requiring continued user consent.
Unless web browsers cease support for all forms of website tracking technologies, users may still be tracked through alternative means while browsing online.
Moreover, tracking technologies can be embedded within website services and applications, making it challenging for site owners to fully understand the extent of data collection by third parties without thorough examination. Therefore, obtaining user consent remains a fundamental requirement under prominent data protection laws worldwide, notably the European Union’s General Data Protection Regulation (GDPR) and similar legislations like Brazil’s LGPD.
Websites operating under these regulations must explicitly seek user consent before deploying cookies, collecting or storing browser data, or processing personal information for tracking and advertising purposes, irrespective of the tracking technology employed. Additionally, websites must transparently disclose the tracking technologies utilized, including details about providers, objectives, and data retention periods.
Furthermore, websites are obligated to securely document obtained consents and be prepared to furnish this information in case of audits or data access requests. Renewed consent is typically necessary if processing conditions change or after a specified timeframe, varying across different laws.
Users should also have the ability to easily modify or withdraw their consent preferences as effortlessly as they initially provided consent. Ultimately, obtaining user consent stands as a crucial element of privacy-compliant tracking practices both presently and in the future.
Cookie regulations summarized
These are the regulations every website has to live up to. These are the items that you find in “Privacy policy“.
- Consent Requirements: Websites must obtain explicit consent from users before activating cookies, collecting or storing data on their browsers, or processing personal data for tracking and advertising purposes, irrespective of the technology used.
- Data Collection and Storage: Websites must clearly inform end users about the tracking technologies used, detailing the providers, purposes, and duration of data collection
- Data Protection Compliance: Websites must ensure compliance with data protection laws like the GDPR, which mandate consent for storing or accessing data on a user’s browser unless strictly necessary.
- Data Retention and Access: Websites must securely document obtained consents and be prepared to furnish this information in case of audits or data access request.
- Consent Revocation and Management: Users must have the ability to easily modify or withdraw their consent preferences as effortlessly as they gave consent.
- Data Privacy Laws: Websites must comply with emerging Privacy Enhancing Technologies (PET) like the Privacy Sandbox APIs, which aim to protect user privacy while enabling the functionality that keeps online services running.
- Data Management and Storage: Websites must manage and store data in a way that is compliant with data protection laws and respects user privacy.
- Data Access and Transparency: Websites must provide users with transparency about the tracking technologies used, including details about providers, objectives, and data retention periods.
- Data Security and Protection: Websites must ensure that data collected and stored is secure and protected from unauthorized access or misuse.
- Regulatory Compliance: Websites must be prepared to adapt to changes in data protection laws and regulations as they evolve.
What it means is that everything just became much more complicated for both users and website owners.
Actually it is not complicated for users. But most certainly it is irritating and frustrating to read, evaluate and mark what to approve from the extensive list of the privacy information. And for each website and application at use.
The issue is that it gets more and more annoying when users are being forced to renew their choices when they choose to not approve everything that the website owners in question wants the users to approve.
More about cookies
Customer loyalty & New customers without cookies and tracking
Find out how to easily generate both new customers, enhance customer loyalty without use of cookies or tracking.
What are cookies?
What are cookies? Mozilla Firefox and Apple Safari already have removed the use of third party cookies. And now also
Customer loyalty & New customers without cookies and tracking
Find out how to easily generate both new customers, enhance customer loyalty without use of cookies or tracking.
What are cookies?
What are cookies? Mozilla Firefox and Apple Safari already have removed the use of third party cookies. And now also