05th May 2021
What are cookies and how do they effect data protection?
Cookies are files stored on a computer’s browser by websites which can be used for various purposes, often related to marketing or advertising. Their use is widespread among organisations across all industries due to their ability to enhance and simplify user experience and to inform businesses on their client base. While not inherently bad, cookies have earned an unsavory reputation over the years, especially since some companies use cookies to capture data to create detailed user profiles to sell to other companies for marketing and advertising purposes.
Therefore, since cookies allow businesses to track, store, and share user behaviour, cookies are now the source of privacy concerns for consumers, and security and compliance risks for businesses.
In a study held by Cisco in 2019[1], over 84% of consumers stated that they want more control over who has access to their data and how such data is being used. This demand for increased privacy rights and digital transparency has been the main driving force behind legislative actions such as the GDPR and the ePrivacy Directive in the EU. The ePrivacy Directive has become known as the “cookie law” since its most notable effect was websites adding pop-ups asking users to consent to the use of cookies after it was passed.
This has left many organizations struggling with how to effectively use cookies while managing the risks associated with cookies and data protection.
Google to phase out cookies; vows to stop web tracking
Through a blog post in early 2021, Google pledged to steer clear of tracking individual online activity when it begins implementing a new system for targeting ads without the use of cookies. Third-party cookies have been blocked for a while in Safari and Firefox (though the browsers differed in how far they go), and Google plans on doing the same in Chrome.
The internet giant announced that it will slowly phase out third-party tracking cookies over the next two years and vowed that it would not be replacing them with something equally invasive. This despite the impact the change will have on Google’s lucrative advertising business.
To that end, Google has proposed new technologies that may be less invasive and annoying than tracking cookies have become. These new technologies are supposed to make it easier for advertisers to target certain demographics without uniquely identifying specific people and help provide some level of anonymous tracking so advertisers can know if their ads actually converted into sales.
The move comes after Google was hammered by critics over user privacy, and increased scrutiny of privacy and protecting people’s data rights.
Google says that the growing fear of cookie-tracking has prompted users to not trust the internet or advertisers, which puts the future of the web at risk. That’s why Google says it wants to move toward “a more privacy-first web.”
With giants such a Google feeling the pressure to make changes to their stance on cookies , one can only imagine how harder it is for smaller businesses to adapt and make the necessary changes as quickly.
The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job. However, properly informing your users about the cookies your site is using and, when necessary, receiving their consent will keep your users happy and keep you GDPR-compliant.
Are you sure you’re GDPR compliant? Get in touch and our team at Bridge Advice can provide you with a detailed Gap-Analysis Report tailored to your business operations.
[1] https://iapp.org/media/pdf/resource_center/cisco_consumer_privacy_survey_nov2019.pdf