Trust and Compliance in an Evolving Cookie Landscape

The cookie landscape is evolving in light of emerging global privacy regulations and consumer awareness on data privacy. The transformation in the advertising world continues to advance to this day as tech giants like Google plan to phase out third-party cookies altogether by 2023.

The removal of third-party cookies and the introduction of more complex user segmentation and bidding algorithms have pushed global companies to explore new ways to engage users with or without personal data identifiers and businesses have started investing their time and efforts to prepare for the post-third-party cookie world.

Firefox and Safari have already blocked third-party cookies on their respective browsers. But Google is taking the game to a whole new level by introducing more sophisticated mechanisms and algorithms that it claims to be privacy-compliant: FLoC and FLEDGE.

Federated Learning of Cohorts (FLoC) is going to replace the use of third-party cookies by allowing website publishers to inform advertisers about the interests of website users. This involves clustering large groups of website users with similar interests to aggregated ad-target cohorts created on their interest-based attributes.

First Locally-Executed Decision over Groups Experiment (FLEDGE) enables marketers to create and deploy their own audiences without the use of third-party cookies via remarketing algorithms. It allows site owners, brands, or third-party platforms to assign site users to cohorts they define based on the user’s actions on the site. Just like FloC, targeting users is cohort-based but assigning cohorts is dependent on user’s actions.

Both FLoC and FLEDGE are part of the technologies that Google is using in its testing environment of Google Privacy Sandbox.

The change in the cookie landscape will not just impact the marketing industry globally. This will also affect privacy teams globally as they tackle meeting consent compliance.

How Consumer Trust Fits in This Crossroad of Consent, Trust, Privacy, And Ethics

Even with alternative solutions to the use of third-party cookies, the following questions remain:

• Consent requirement in the post-cookie removal era
• Consumer trust assessment
• Impact on consumer ethics

How Consent Requirement Fits in an Evolving Cookie Landscape

In the post third-party cookie era, companies and brands are going to explore other more viable options that may or may not contain personal data/personally identifiable information (PII), such as name, email address, IP address, etc.

Different types of alternatives to 3PC are being suggested, implemented, and experimented to see which option allows brands and publishers to gather targeted data on users, all the while attempting to ensure compliance with privacy regulations such as the GDPR.

As per most global privacy laws like the GDPR, consent is required for the use of cookies and similar tracking technologies that have the ability to identify individuals. This does not just include third-party cookies but also first-party cookies and other identity solutions. Therefore, alternatives like data clean rooms where users are placed in aggregated groups may still require compliance with privacy laws as both parties (advertisers and publishers) come together with users’ personal data on an intermediary platform. Even if a company opts for user graphs where they require the collection of users’ demographic data for targeted ads, compliance with consent requirements is considered to be essential.

Also, the use of first-party data for non-essential purposes is subject to regulatory compliance. This is because even with first-party data, there remains a possibility of identifying or tracking individuals and building their profiles.

Regardless of what 3PC alternative brands and publishers intend to choose, if they are collecting PII data then compliance to privacy regulations like the GDPR becomes obligatory which ultimately calls for consent. This is because the definition of personal data refers to the possibility of identifying an individual and if the possibility remains, consent would be considered essential. In addition, the use of any kind of PII will be subject to other legal requirements such as data minimization that requires organizations to collect the data only which is adequate, relevant, and limited to what is necessary for the purposes it is processed.

Therefore, it is highly essential to evaluate each alternative solution to the use of third-party cookies and whether or not it involves the collection of personal data. At the moment, no alternative solution to the use of third-party cookies including FLoC and FLEDGE appears to be a catch-all solution that fully protects a user’s privacy as well as ensures compliance with regulatory requirements.

Read our 5 Critical Consent Requirements in an Evolving Cookie Landscape that will help you choose privacy-compliant alternatives to the use of third-party cookies.

How Consumer Trust is Built and Measured

Consumer trust and ethics are becoming some of the most widely discussed topics in the privacy and technology industry. Since brands and publishers are directly engaging with consumers, it is essential for them to offer education and awareness. In fact, companies are making a collective effort to build trust by being transparent about their data collecting and processing activities. Most global privacy laws including the GDPR require organizations to inform individuals about what personal data is collected from them, how it is collected, the purposes for which it is collected, and the intended recipients of the data. This ultimately leads to an understanding of the data privacy and security practices of the company among its consumers. Besides, as the number of privacy laws continues to multiply, there has been an increased consumer awareness of data privacy.

That said, building consumer trust has to be nurtured and maintained in every industry, not just digital.

For example, the primary objective of Volvo would be to ensure the quality and durability of the product. At the end of the day, their customers, who are car owners, would be talking about their car. For such companies, trust regarding data collection and privacy becomes secondary yet important because if by any chance a breach occurs, the discussion in their community would shift to the breach, which ultimately impacts consumer trust.

Increased consumer awareness of data privacy has resulted in greater scrutinization of the data security practices of a company which forces companies to satisfy the needs of their consumers by ensuring the confidentiality of their consumers’ data and addressing their data security concerns. Therefore, beyond consent management and meeting legal requirements, it is imperative to gain consumer trust by ensuring transparency regarding data collection and privacy practices.

How the New Landscape Impacts Consumer Ethics

Data privacy and ethics go hand in hand regardless of the industry. The European data and privacy regulations along with other major privacy laws like the CCPA are established to ensure the same. Companies are not only obliged to fulfill consent requirements but also obliged to delete the data if a user requests, or risks potential fines and enforcement.

Data protection and privacy regulations further reinforce the ethical obligation on companies by limiting them to gather only the data that is required and have a valid purpose. Now the question remains how new technologies like FLoC and FLEDGE, which use AI and ML, are going to ensure consumer ethics? There is no definitive answer yet as the new data collection technologies are still in their infancy. However, upcoming regulations like the European legal framework on AI appear to be protecting an individual’s personal data in line with the data protection requirements while also ensuring the ethical use of AI services.

Securiti is helping organizations simplify, automate, and manage consent compliance across their products and services. The suite will allow organizations to:

• Scan and classify cookies
• Global web footprint
• Auto-block non-essential cookies
• Auto-update privacy notices
• Maintain records of consent and more.

To learn more about Securiti’s Consent Management suite, watch the demo.