Securiti announces a $75M Series C Funding RoundView
Published on September 2, 2022 AUTHOR - Privacy Research Team
Internet cookies aren't those artery-clogging goodness made by grandma. Instead, an internet cookie is a small piece of data from a particular website stored on a user's computer while they browse the web.
One of the common purposes of internet cookies is to track users as they browse through multiple websites and display them with personalized ads (based on their web searches, likes, and dislikes). Before further ado, let's get down to third-party cookies, how they collect user data, and their legal implications.
Unlike a first-party cookie set by the website's server, a third-party cookie is usually set by a third-party domain/server (i.e. an ad-based vendor). Third-party cookies are dropped via a specific vendor code or tag deployed on a particular website and stored under a different domain. A third-party cookie is available to any website that loads the third-party server's code.
Third-party cookies have multiple purposes, such as keeping track of users' browsing activities to show them personalized ads of goods and services. For instance, if you search for a Halloween costume, you may see your screen filled with ads regarding Halloween costumes on multiple websites, especially on social media sites such as Facebook.
Even if the user terminates the session or closes their browser, ads will continue targeting as the tracking data is stored on the users’ computer.
Simultaneously, cookies also have native functions such as remembering a user's login credentials for a particular website, enabling them to instantly log in without manually adding their email address and password.
For instance, when users are on a shopping site, they browse through multiple categories, scrolling through the items they like. Typical cookies injected by the shopping site would allow it to remember the things a user has looked at and added to their cart. On the other hand, third-party cookies would not forget this data but may share it with other websites.
With third-party cookies in place, once you revisit the site, you will be shown the items you've previously looked at along with related articles that you might like (based on your previous selections). Again, the primary aim of such third-party cookies storing a user's online activity is to increase the likelihood of a conversion.
Users who scratch their heads thinking why they're being displayed ads on sites they're visiting for the first time, the answer is most of the time simple – third-party cookies. Third-party cookies are one of the most reliable ways to send users targeted ads across the web.
First-party cookies are primarily used to improve how users interact with websites and are made by the host domain, which is the website you visited. These are accepted as an agreement between the user and the website to improve operations and are not controversial.
First-party cookies connect your browser to the website and exchange only the most fundamental data. There isn't much debate about their application. First-party cookies only save the data you provide on the website and maybe your IP address.
Third-party cookies are created by external parties rather than the website's owner. By definition, they are regarded as "non-essential cookies" by data privacy laws. Most third-party cookies are tracking cookies created by marketing firms that display adverts for goods similar to the ones you purchase or add to your cart, mainly because of online tracking.
In short, first-party cookies are linked to a particular website. To make the website easier to use, they retain some personal information. On the other hand, third-party cookies allow an external party to monitor your online purchases and other activities.
Cookies set by third parties aren't a big risk. Cookies aren't inherently dangerous, and they don't infect your computer with malicious viruses or malware. To some users, however, cookies may be considered an invasion of privacy.
Depending on your browser, you can use the instructions below to enable third-party cookies.
Note: Please make sure ‘Accept third-party cookies and site data’ is set to “Always”.
While third-party cookies are a great way of marketing products and services for advertisers, not all users want to be targeted. Multiple data regulation laws put relentless pressure on companies who engage in ad display and transferring cookie information.
The General Data Protection Regulation (GDPR) requires websites to collect explicit consent from the user regarding any cookies collected or shared other than the ones necessary to run the site.
GDPR has strict measures in place governing how user data should be prioritized and protected. Under the GDPR, consent means requiring a "clear affirmative action."
The conventional pre-checked box or a popup cookie banner stating that users consent to the website using cookies is no longer sufficient. This means that users must willingly opt-in to having their data collected and used for marketing purposes.
To voluntarily consent to cookies, GDPR requires companies to ask the users in a "clear, concise, and not unnecessarily disruptive way." This means that the site must have a user-friendly consent mechanism that doesn't contain technical or legal jargon.
Additionally, GDPR requires websites to have a seamless mechanism in place where users have the option and the right to take back their decision to grant data collection, also known as the "right to be forgotten."
The California Consumer Privacy Act, routinely referred to as CCPA, explicitly states that cookies' data is personal information.
Although CCPA doesn't emphasize that businesses attain opt-in consent for cookies like the GDPR, it requires them to disclose any types of data they have collected via cookies. Furthermore, CCPA demands firms to reveal what they have been doing with the accumulated data.
Like GDPR, CCPA compels businesses to take the necessary steps to comply with the law by embedding the option of opting out of the sale of personal information collected by users via cookies.
Brazil's Lei Geral de Proteção de Dados (LGPD) or the General Personal Data Protection Law, states that companies are responsible for providing prior notice and obtaining consent regarding cookies.
The law specifies that it's the data holder's responsibility to obtain the user's consent in writing or any other means. Once the cookie has been collected, the data holders must have clear records to prove they complied with LGDP cookie consent.
Furthermore, entities collecting cookies must explain whenever data is collected beyond the scope of the objective formerly informed to the user. Failure to justify could result in fines. Without any legal basis, the data controller must acquire consent from the user to process cookies. As such, proper mechanisms should be deployed to facilitate consent from users.
Third-party cookies track your online activities without affecting your user experience. This is why, if given a choice, you should permanently disable third-party cookies. Because they track your behavior to deliver more relevant adverts to you, third-party cookies are often referred to as tracking cookies.
Generally, third-party cookies are considered to be an infringement of user privacy. Blocking third-party cookies improves user security and privacy while presenting a challenge for companies that provide ads and track consumer behavior because they frequently put ads that follow users around the web.
On August 4, 2022, Google issued an update regarding third-party cookies. By the end of 2024, Google will no longer employ third-party cookies in Chrome, joining many browsers that have abandoned the infamous tracking technique.
Brands use third-party cookies to gather information about user browsing history and online activities. They compile information on which websites consumers frequently visit and keep track of their purchases and the things they have expressed interest in.
Websites and companies can collect third-party cookies if they respect local and international laws put in place by data regulators and governments. The legalities of collecting and sharing cookies should be followed by the law to avoid any controversial use of internet cookies or have fines imposed by data regulators.
If you’re unsure your business website complies with data protection laws related to cookies, make use of the cookie consent management tool that scans your websites to detect and classify cookies that are dropped.
The tool visualizes and tracks 1st and 3rd party code that runs on your websites, providing a simple and secure way for website visitors to exercise their right to opt-out of online tracking. Simultaneously, businesses can avoid conflicts and fines from data regulators by complying with cookie consent requirements.
See how easy it is to manage privacy compliance with robotic automation.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
3031 Tisch Way Suite 110 Plaza West, San Jose,