Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

Trust and Compliance in an Evolving Cookie Landscape

Download: Consent Report Q2 2024
Published September 15, 2021
Author

Maria Khan

Data Privacy Legal Manager at Securiti

FIP, CIPT, CIPM, CIPP/E

Listen to the content

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The cookie landscape is evolving in light of emerging global privacy regulations and consumer awareness on data privacy. The transformation in the advertising world continues to advance to this day as tech giants like Google plan to phase out third-party cookies altogether by 2023.

The removal of third-party cookies and the introduction of more complex user segmentation and bidding algorithms have pushed global companies to explore new ways to engage users with or without personal data identifiers and businesses have started investing their time and efforts to prepare for the post-third-party cookie world.

Firefox and Safari have already blocked third-party cookies on their respective browsers. But Google is taking the game to a whole new level by introducing more sophisticated mechanisms and algorithms that it claims to be privacy-compliant: FLoC and FLEDGE.

Federated Learning of Cohorts (FLoC) is going to replace the use of third-party cookies by allowing website publishers to inform advertisers about the interests of website users. This involves clustering large groups of website users with similar interests to aggregated ad-target cohorts created on their interest-based attributes.

First Locally-Executed Decision over Groups Experiment (FLEDGE) enables marketers to create and deploy their own audiences without the use of third-party cookies via remarketing algorithms. It allows site owners, brands, or third-party platforms to assign site users to cohorts they define based on the user’s actions on the site. Just like FloC, targeting users is cohort-based but assigning cohorts is dependent on user’s actions.

Both FLoC and FLEDGE are part of the technologies that Google is using in its testing environment of Google Privacy Sandbox.

The change in the cookie landscape will not just impact the marketing industry globally. This will also affect privacy teams globally as they tackle meeting consent compliance.

How Consumer Trust Fits in This Crossroad of Consent, Trust, Privacy, And Ethics

Even with alternative solutions to the use of third-party cookies, the following questions remain:

  • Consent requirement in the post-cookie removal era
  • Consumer trust assessment
  • Impact on consumer ethics

How Consent Requirement Fits in an Evolving Cookie Landscape

In the post third-party cookie era, companies and brands are going to explore other more viable options that may or may not contain personal data/personally identifiable information (PII), such as name, email address, IP address, etc.

Different types of alternatives to 3PC are being suggested, implemented, and experimented to see which option allows brands and publishers to gather targeted data on users, all the while attempting to ensure compliance with privacy regulations such as the GDPR.

As per most global privacy laws like the GDPR, consent is required for the use of cookies and similar tracking technologies that have the ability to identify individuals. This does not just include third-party cookies but also first-party cookies and other identity solutions. Therefore, alternatives like data clean rooms where users are placed in aggregated groups may still require compliance with privacy laws as both parties (advertisers and publishers) come together with users’ personal data on an intermediary platform. Even if a company opts for user graphs where they require the collection of users’ demographic data for targeted ads, compliance with consent requirements is considered to be essential.

Also, the use of first-party data for non-essential purposes is subject to regulatory compliance. This is because even with first-party data, there remains a possibility of identifying or tracking individuals and building their profiles.

Regardless of what 3PC alternative brands and publishers intend to choose, if they are collecting PII data then compliance to privacy regulations like the GDPR becomes obligatory which ultimately calls for consent. This is because the definition of personal data refers to the possibility of identifying an individual and if the possibility remains, consent would be considered essential. In addition, the use of any kind of PII will be subject to other legal requirements such as data minimization that requires organizations to collect the data only which is adequate, relevant, and limited to what is necessary for the purposes it is processed.

Therefore, it is highly essential to evaluate each alternative solution to the use of third-party cookies and whether or not it involves the collection of personal data. At the moment, no alternative solution to the use of third-party cookies including FLoC and FLEDGE appears to be a catch-all solution that fully protects a user’s privacy as well as ensures compliance with regulatory requirements.

Read our 5 Critical Consent Requirements in an Evolving Cookie Landscape that will help you choose privacy-compliant alternatives to the use of third-party cookies.

How Consumer Trust is Built and Measured

Consumer trust and ethics are becoming some of the most widely discussed topics in the privacy and technology industry. Since brands and publishers are directly engaging with consumers, it is essential for them to offer education and awareness. In fact, companies are making a collective effort to build trust by being transparent about their data collecting and processing activities. Most global privacy laws including the GDPR require organizations to inform individuals about what personal data is collected from them, how it is collected, the purposes for which it is collected, and the intended recipients of the data. This ultimately leads to an understanding of the data privacy and security practices of the company among its consumers. Besides, as the number of privacy laws continues to multiply, there has been an increased consumer awareness of data privacy.

That said, building consumer trust has to be nurtured and maintained in every industry, not just digital.

For example, the primary objective of Volvo would be to ensure the quality and durability of the product. At the end of the day, their customers, who are car owners, would be talking about their car. For such companies, trust regarding data collection and privacy becomes secondary yet important because if by any chance a breach occurs, the discussion in their community would shift to the breach, which ultimately impacts consumer trust.

Increased consumer awareness of data privacy has resulted in greater scrutinization of the data security practices of a company which forces companies to satisfy the needs of their consumers by ensuring the confidentiality of their consumers’ data and addressing their data security concerns. Therefore, beyond consent management and meeting legal requirements, it is imperative to gain consumer trust by ensuring transparency regarding data collection and privacy practices.

How the New Landscape Impacts Consumer Ethics

Data privacy and ethics go hand in hand regardless of the industry. The European data and privacy regulations along with other major privacy laws like the CCPA are established to ensure the same. Companies are not only obliged to fulfill consent requirements but also obliged to delete the data if a user requests, or risks potential fines and enforcement.

Data protection and privacy regulations further reinforce the ethical obligation on companies by limiting them to gather only the data that is required and have a valid purpose. Now the question remains how new technologies like FLoC and FLEDGE, which use AI and ML, are going to ensure consumer ethics? There is no definitive answer yet as the new data collection technologies are still in their infancy. However, upcoming regulations like the European legal framework on AI appear to be protecting an individual’s personal data in line with the data protection requirements while also ensuring the ethical use of AI services.

Securiti is helping organizations simplify, automate, and manage consent compliance across their products and services. The suite will allow organizations to:

  • Scan and classify cookies
  • Global web footprint
  • Auto-block non-essential cookies
  • Auto-update privacy notices
  • Maintain records of consent and more.

To learn more about Securiti’s Consent Management suite, watch the demo.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


Share

More Stories that May Interest You

Take a
Product Tour

See how easy it is to manage privacy compliance with robotic automation.

Videos
View More
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
DSPM vs. CSPM – What’s the Difference?
While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...
View More
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
View More
Databricks AI Summit (DAIS) 2025 Wrap Up
5 New Developments in Databricks and How Securiti Customers Benefit Concerns over the risk of leaking sensitive data are currently the number one blocker...
Inside Echoleak View More
Inside Echoleak
How Indirect Prompt Injections Exploit the AI Layer and How to Secure Your Data What is Echoleak? Echoleak (CVE-2025-32711) is a vulnerability discovered in...
What is SSPM? (SaaS Security Posture Management) View More
What is SSPM? (SaaS Security Posture Management)
This blog covers all the important details related to SSPM, including why it matters, how it works, and how organizations can choose the best...
View More
“Scraping Almost Always Illegal”, Netherlands DPA Declares
Explore the Dutch Data Protection Authority's guidelines on web scraping, its legal complexities, privacy risks, and other relevant details important to your organization.
Beyond DLP: Guide to Modern Data Protection with DSPM View More
Beyond DLP: Guide to Modern Data Protection with DSPM
Learn why traditional data security tools fall short in the cloud and AI era. Learn how DSPM helps secure sensitive data and ensure compliance.
Mastering Cookie Consent: Global Compliance & Customer Trust View More
Mastering Cookie Consent: Global Compliance & Customer Trust
Discover how to master cookie consent with strategies for global compliance and building customer trust while aligning with key data privacy regulations.
Understanding Data Regulations in Australia’s Telecom Sector View More
Understanding Data Regulations in Australia’s Telecom Sector
Gain insights into the key data regulations in Australia’s telecommunication sector. Learn how Securiti helps ensure swift compliance.
Top 3 Key Predictions on GenAI's Transformational Impact in 2025 View More
Top 3 Key Predictions on GenAI’s Transformational Impact in 2025
Discover how a leading Chief Data Officer (CDO) breaks down top predictions for GenAI’s transformative impact on operations and innovation in 2025.
Gencore AI and Amazon Bedrock View More
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
DSPM Vendor Due Diligence View More
DSPM Vendor Due Diligence
DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...
What's
New