Cookies crushed, the world is changing

September 2020

Cookies: five signs the world is changing

With the launch of the review of Real Time Bidding in 2019, the  UK’s Information Commissioner’s Office (ICO) embarked on a process to consider how cookies (and third-party cookies in particular) were being used by Ad Tech vendors and advertisers to target individuals with their messages. In particular they were concerned about the risks to the rights and freedoms of individuals.

Some useful and clear guidance was published in Summer 2019 by the ICO which explicitly stated GDPR-level consent was required for third-party cookies.

Although this shouldn’t have been a surprise, this guidance was considered to be a game changer as it rendered many sites’ cookie policies non-compliant overnight.

With warnings of investigations emanating from the ICO, it felt like conflict between the ICO and Ad Tech vendors was inevitable.

Over a year on, where are we now?

Covid has had a huge impact on the various players involved in the Ad Tech space. The ICO has re-focussed its attention on Covid-related matters and decided to pause its investigations into Ad Tech.

Does that mean everything can go back to the way it was? The short answer is NO.

In the absence of any regulatory action the market has continued on its (slow) journey towards building a more ethical approach to delivering advertising.

As a result, it is starting to address the challenges presented by the use of non-compliant Ad Tech solutions.

Furthermore, evidence is starting to emerge that taking an ethical approach to advertising and targeting reaps rewards for advertisers.

1. Imminent demise of third-party cookies

The issues surrounding the collection of valid consent has been the focus of the ICO investigations and there is no doubt limited audit trails did exist, whilst the collection of large quantities of personal data appeared unnecessary and disproportionate.

The writing was on the wall when Google Chrome announced, in January 2020, it would cease to support third-party cookies in its browser by 2022.

With over 60% share of the browser market, this decision was a game changer even though Safari and Firefox had previously blocked the use of third-party cookies.

Tensions were further heightened, in August 2020, when The Privacy Collective launched a class action lawsuit against Oracle and Salesforce for using third party tracking cookies for ad tracking and data targeting.

As a result, Oracle Data Cloud rapidly announced they would stop offering third-party data targeting services across Europe from 15th September 2020.

2. Collecting first party data

As the use of third-party data cookies will become obsolete in a matter of time, those people who have spent time developing their first party databases are in a strong position.

Data collected compliantly and transparently from customers or prospects on your own websites is at a premium.

The IAB (US) noted in its 2020 International Report on Programmatic In-Housing (August 2020), that 71% of their sample believed data quality had improved since GDPR while 67% believed consumer trust had improved.

3. Contextual advertising solutions

Instead of using third-party cookies to help target advertising by chasing people around the internet, there are a growing cohort of advertising solutions that rely on context.

Watch out for a proliferation of context-based advertising products, enhanced by first party data segments, which are being developed by publishers.

The New York Times have been an innovator in this space. There are many benefits from this approach – advertising is less intrusive while publishers are taking more control of their ad inventory. Crucially this is approach is more privacy friendly.

4. Edge computing solutions

Hand in hand with the increase in contextual advertising is a growing interest in Edge Computing Solutions which are more privacy friendly and do not rely on third-party cookies being dropped on a device.

The process relies on data being processed on the device that generates the data rather than on a remote cloud server thus protecting the privacy of the user.

Permutive is an example of a supplier using Edge Computing to provide a DMP solution for publishers to replace their more privacy unfriendly DMPs.

5. Gaining assurance from vendors

As advertisers take greater control over the technology that manages the advertising lifecycle, there’s an increasing focus on Vendor Management.

Procurement teams are asking more detailed questions and carrying out greater due diligence before providers are appointed.

More DPIAs (Data Protection Impact Assessments) are being conducted. Vendors are also being asked to provide evidence of compliance.

In the absence of an approved certification scheme from ICO, alignment with the recently published ISO27701, the standard extension of ISO 27001 into privacy and personal data is a good proxy for an approved scheme.

In conclusion, it’s encouraging to see these compliance issues slowly resolving. With a more transparent and ethical approach to delivering advertising impressions, brands are starting to see an improvement in results and trust amongst prospects and customers.

Maybe the ICO won’t need to re-open their investigations after all?

 

Cookie support – if you would like practical advice and support with your approach to cookies and / or targeted advertising- get in touch

Julia is an experienced data protection consultant and has been advising businesses since 2016. She regularly delivers GDPR training as well as developing bespoke GDPR guidance for our clients.

Copyright DPN
The information provided and opinions expressed in our content represent the views of the Data Protection Network and our contributors. They do not constitute legal advice.