Trick Or Treat: Cookies And Consumer Privacy In Online Advertising

The proliferation of online goods and services means consumer data is available to those with a need or interest in possessing it.  One method providers and third party partners employ to collect online consumer data is the use of cookies.  There are many types of cookies, chocolate chip, peanut butter (I could not help myself), but all serve the same overall function: tracking consumer behavior for browser experience customization and delivery of targeted ads.  The use of cookies over time may create a highly detailed history of interests, needs and purchases relative to a consumer—information that is very valuable to companies.  At first glance, this may seem like a treat, however, the trick is in navigating through the various types of cookies and understanding who is collecting information, what and how information is collected and used, and the duration of the collection. 

Cookie Varieties And What They Can Do

Cookies are like the ghosts of the online marketplace.  You cannot necessarily see them, but they are there.  They are placed on websites visited by consumers or on consumers’ devices.  First-party cookies are placed on websites and can remember login names, shopping cart items, and items previously viewed.  Third-party cookies are placed on websites by an entity other than the website itself and may be responsible for delivering targeted ads or providing analytics to the website regarding consumer behavior.  Cookies exist in temporary form where they are erased upon quitting an application, or they can be persistent and remain on a user’s device in order to record information over time.

Flash cookies and device fingerprinting are additional methods of tracking consumer data.  Flash cookies store information regarding a consumer’s online browsing activities, including user preferences and settings.  Device fingerprinting permits tracking of a device over time based on browser configurations and settings or, in the case of mobile applications, device identifiers.  One distinctive feature of device fingerprinting is the ability to cross-track consumer behavior, meaning all connected devices used by a particular consumer (i.e., smart phones, laptops, desktops and other smart devices such as smart appliances and home entertainment systems) can be tracked resulting in a contextually full user history.

Consumer Knowledge And Choice

Understanding what cookies are and how they are used affords consumers the ability to make informed decisions.  Consumers can place limitations on or all together block or delete cookies.  Limiting or deleting cookies may be accomplished by manually configuring browser settings.  Consumers can also control cross-device tracking by resetting device identifiers to either block or limit associations made from a consumer’s past activities.  Opt-out cookies and Do Not Track are additional methods of blocking or limiting online tracking. 

Responsibilities Of Providers And Third Parties

Companies also have a responsibility to consumers relative to collection of consumer data.  Website operators and advertising companies should disclose their data collection practices and obtain affirmative consent from consumers before collecting sensitive or personal information.  Consumers should be given the right to opt out of collection practices and should be given the tools necessary to do so.  Self-regulatory agencies, like the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA) also play a major role in setting guidelines for companies to follow.  The DAA, for example, has a set of codes which it will begin enforcing in 2017.  One guideline relates specifically to cross-device tracking and will require providers who engage in cross-device tracking to notify users of such practices and allow them to opt out.  One particularly helpful component of the guidelines provides that if a consumer opts out on one device, data collected from that device may not then be used for targeted ads on other devices linked to that specific consumer.   

In the context of cookies, lack of awareness and choice threatens consumers’ sense of privacy, as well as the level of trust consumers have in the provider of the services used.  The onus is on consumers and companies to create online experiences characterized by knowledge, transparency, choice and the ability to set individually sufficient levels of privacy.  Therein lies the treat.