What Are the Risks of Third-Party Cookies?
Third-party cookies are created when users visit a website that includes elements from other sites, such as third-party images or advertisements. The ongoing debate surrounding these cookies revolves around the degree of user control, and the handling of user information, making it difficult to achieve a middle ground between personalised marketing and preserving user privacy.
What Are Third-Party Cookies?
Cookies play a crucial role in the online user experience. There are different types of cookies, first-party and third-party cookies, which serve different functions. First-party cookies are typically generated by the website a user is actively visiting, which helps create a seamless experience by facilitating user preferences and core functionalities. For instance, these cookies can recognise returning visitors, eliminating the need for repeat login credentials. Additionally, analytics tools use first-party cookies to gather data for website analysis. While generally harmless, their usage may require consideration and disclosure to users.
On the other hand, third-party cookies are generated by a different website than the one currently being visited. They come into existence when a user accesses a website containing elements from other sites, such as third-party images or advertisements. A server hosting these elements responds to the user's request by placing a cookie on their browser. For example, playing an embedded YouTube video on a website results in YouTube setting cookies on the user's device. These cookies track user preferences, influencing suggestions for similar content when the user visits the third-party site.
How Are Third-Party Cookies Created?
The creation of third-party cookies is triggered when a website requests resources or scripts from a different domain. If a website integrates an analytics tool from a third-party service provider, the provider responds by sending a JavaScript file to the website. This file, when loaded, stores cookies in the user's browser, allowing the analytics tool to track their activities. Importantly, the implementation of third-party scripts and cookie storage must be contingent on the user's consent, and websites should block such scripts if users decline the use of these cookies.
What Is the Problem With Third-Party Cookies?
The are a number of concerns surrounding the use of third-party cookies mainly around privacy, security, and transparency. One of the biggest issues is the significant collection of personal information facilitated by these cookies. By tracking users' browsing habits, third-party cookies contribute to the creation of detailed profiles, raising serious privacy concerns. The accumulation of such information allows for the targeted delivery of advertisements and content, often without users' explicit consent.
Besides privacy worries, third-party cookies can also be risky for security. They might be used by bad actors for harmful purposes like tracking users to steal personal info or spread malware. Because this tracking is done in a sneaky way, users might not even know that their online actions are being watched and manipulated for bad reasons.
Another problem with third-party cookies is that they are not transparent about how they are used. Many people using the internet don't know how much these cookies follow their actions online. This lack of awareness makes it hard for users to choose wisely about their online privacy and decide how much of their information they're okay with sharing.
Google Chrome, has recently announced that it is stopping third-party cookies. On 4th January, the browser took the initial step by preventing third-party cookies from tracking 1% of its user base. The ambitious plan aims to extend this privacy-centric approach to all of Chrome's 3 billion-plus users by the end of the year.
What Are the Privacy Risks of Third-Party Cookies?
While most cookies used by websites are harmless and make our online experiences smoother, the trouble begins when ad networks misuse them for extensive tracking. Ad networks collect a lot of information, including personal details like medical history, sexual orientation, and political beliefs. What's scarier is that this information can often be linked back to the user's real name.
Privacy is considered a basic human right, but with the widespread use of third-party cookies, it's under threat. These cookies have become a big part of digital advertising, and this raises serious privacy concerns. Over the past decade, we've seen massive data breaches exposing billions of users' private information, much of which was collected without their knowledge through cookies.
One glaring example of the privacy impact was the Cambridge Analytica scandal on Facebook. Before the 2016 elections, Cambridge Analytica used a huge amount of Facebook user data to influence voting behaviour for political campaigns. This scandal made people realise the extent of data collection on social media, and many were shocked to learn that certain apps on Facebook were giving away their personal data, even to their friends.
The Cambridge Analytica incident made a lot of people think about privacy as a crucial right. As a result, users are now more careful about what information they're willing to share and are paying more attention to cookie tracking. This event highlighted the need for better transparency, informed consent, and stronger protections to keep our online privacy safe.
The Information Commissioner's Office Cookie Warning
The Information Commissioner's Office (ICO) has issued a stern warning to some of the UK's leading websites, cautioning them of potential enforcement action unless they make necessary changes to comply with data protection laws.
The focus of concern lies in the inadequate provision of fair choices for users regarding personalised advertising tracking. Specifically, the ICO has emphasised its previous guidance, asserting that websites must facilitate an equally straightforward process for users to either "Accept All" or "Reject All" advertising cookies.
Several websites have been identified as lacking in this crucial aspect, and the ICO has taken proactive steps by writing to the companies responsible for managing many of the UK's most visited websites.
These companies have been given a 30-day deadline to rectify their practices and align them with data protection laws. The ICO's executive director of Regulatory Risk, expressed the urgency of the matter, highlighting the concerns of users who may feel uneasy about companies using their personal information for targeted ads without explicit consent.
This can have potential negative impacts such as gambling addicts being targeted with betting offers, women receiving distressing baby adverts following a miscarriage, and individuals exploring their sexuality being exposed to ads that disclose their sexual orientation.
Are Third-Party Cookies Going Away?
We're talking about the end of third-party cookies because web browsers like Safari and Firefox are putting limits on how advertising companies can track users. Safari started this trend in 2017 with its Intelligent Tracking Prevention (ITP) program, followed by Firefox's Enhanced Tracking Protection (ETP) in 2018. These initiatives automatically restrict the use of third-party cookies, reducing how much advertisers can track users.
In 2019, Google, whose Chrome browser is widely used, joined in with its Privacy Sandbox project. Google committed to stop using third-party cookies in Chrome by 2023, aiming to find alternative ways to retain essential advertising features without relying on cookies.
However, even if third-party cookies go away, it doesn't mean advertisers can't track users online anymore. They'll still have other technologies to track users' browsing and behaviour for advertising purposes. So, while the tools may change, the practice of tracking users for targeted ads is likely to continue.
How Can Gerrish Legal Help?
Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property.
We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.
We are here to help you, get in contact with us today for more information.