In January 2020, Google announced that it will deprecate third-party cookies by 2022. Google’s decision to phase out third-party cookies has been motivated by increasing data privacy regulations over the past few years that require organizations to leverage user’s consent for the processing of their personal data and keep the data relevant and limited to what is necessary for the purposes for which it is processed.
On 24 June 2021, Google announced a delayed timeline for phasing out third-party cookies from 2022 to 2023. Google’s decision to extend its timeline to 2023 appears to be based on its objective to move to privacy-compliant alternatives to the use of third-party cookies.
Google is not the only browser that has planned to remove third-party cookies in light of growing privacy legal requirements, Apple, Microsoft and Mozilla have already done so in their respective browsers.
Third-party cookies are mainly used for marketing purposes such as cross-site attribution, personalized advertising and other means of tracking. Even with Google announcing the deprecation of third-party cookies, the question remains what legal requirements businesses will still need to comply with in order to protect end user’s privacy.
Transparency and notice requirements
Most global privacy laws, both opt-in and opt-out consent regimes, require organizations to notify data subjects when personal data is collected from them, the purposes for which it is collected for, and the intended recipients of the data. Businesses are required to be transparent with individuals on how they handle their personal data. This indicates that cookie consent banners are here to stay even in an evolving cookie landscape. Businesses must consider how they can devise meaningful banners providing clear and easily understandable information to users.
Consent
Most global privacy laws including the GDPR do not differentiate consent requirements for third-party cookies and other tracking technologies that collect personal data including first-party cookies. Rather, wherever there exists a possibility of identifying or tracking individuals and building their profiles with the exception of strictly necessary cookies, consent is considered to be essential. This indicates that in the post third-party cookie world, businesses may be able to maximize data use and improve their marketing activities by mainly leveraging upon consent-driven first-party data pools.
Data minimization
One of the essential data protection principles is to keep the data relevant and limited to what is necessary for the purposes it is processed. Businesses cannot collect and process data just because they can - they have to be able to justify why they need data and keep it as minimal as required. Therefore, any alternative solution to the use of third-party cookies must be designed in a manner that collects only the relevant and necessary personal information.
What’s next?
With Google announcing the deprecation of third-party cookies, businesses are investing their time and efforts to come up with privacy-compliant alternatives to the use of third-party cookies. A few proposed options include although not limited to google privacy sandbox, first-party data stack, and identity solutions. However, none of the alternatives appears to be a catch-all solution that fully protects a user’s privacy as well as helps businesses in their marketing activities.
Although the removal of third-party cookies is undoubtedly a welcome step in today’s privacy-conscious digital world, it neither indicates that user’s privacy will remain fully protected nor that there will be less scrutiny on businesses from regulatory authorities. At the same time, consumers may still want to keep receiving personalized advertisements, they just need more information on how businesses collect and manage their data. It is too soon to say how consumers will react to phasing out of third-party cookies especially when Google is the most widely used browser. It is also difficult to predict to what extent ad-tech companies will sustain given Google dominates the market share.
In the meantime, businesses are encouraged to continue complying with the applicable legal requirements and invest in privacy-compliant marketing solutions. Read our 5 Critical Consent Requirements in an Evolving Cookie Landscape that will help you choose privacy-compliant alternatives to the use of third-party cookies.
How Securiti can help?
Securiti’s Universal Consent Management Solution enables marketers to adequately advertise and market their products in a compliant manner by capturing consent and automating revocation. Securiti’s Cookie Consent Banner Solution enables companies to build cookie consent banners in accordance with the applicable legal requirements when collecting personal data for non-essential purposes on digital properties.
Ask for a DEMO today to understand how Securiti can help you comply with the applicable legal requirements of global data privacy laws and regulations with ease.
