Cookies Crumbling: The End of Cross-App Tracking?

Thursday 31st March 2022

Cross-app tracking and personalised advertising have grown exponentially in recent years. Given the intrusive nature of tracking users’ online browsing, shopping and behaviours, this growth has also given rise to a demand for privacy-enhancing technologies. Recently, we have seen Google confirming its intention to move away from placing third-party cookies on users’ devices. However, this has created uncertainty for advertisers who are heavily reliant on this technology to reach consumers.

What are Third-Party Cookies and Why are They Used?

Third-party cookies are one way in which advertisers can track users across the internet via their browsing history. Cookies are data files stored on computers, tablets, phones, and other internet-enabled devices. Online services such as websites and apps place cookies so they can recognise user profiles. These cookies remember certain information such as passwords and login details. Along with this, they also perform functions such as saving some selected site preferences and the contents of a customer’s shopping basket.

Third-party cookies function similarly but are placed by someone other than the operator of the website or app. They allow the relevant third-party company to track the online activity of people who visit the website and to build up a profile. This can include other sites they visit, what they buy, and what they show interest in. They can then use that information to build up a collection of visitor profiles commonly used for targeted advertising. This type of technology is heavily used by advertisers who can target and retarget customers based on their perceived interests. It has proven to be a hugely successful and efficient way of marketing and selling products and services.

Why are Companies Moving Away from Third-Party Cookies?

Under data protection laws, consent must be obtained from the user before non-essential cookies can be placed on a user’s device. Whilst many businesses take differing approaches to data protection compliance, since 2019, websites have been unable to rely on implicit opt-ins (for example where a banner on a website states that the website uses cookies, and the user’s consent is implied by their continued use). Instead, the user must be informed of the cookies the website uses and provide a ‘GDPR standard’ consent before any cookies are placed on their device.

There is growing concern that users cannot consent to the extensive and far-reaching types of tracking we are seeing. With the increasing use of social media sites such as Facebook, third parties collect increasingly personal information about users. Often privacy information is not sufficiently transparent as to the data sharing taking place. This has led to a demand for transparency over the use of individuals’ personal data. With this, there’s also a growing desire to see more control over how it is used. This is changing the advertising ecosystem.

Proposed Alternatives to Third-Party Cookies.

Third-party cookies are not the only technology that can track users. Google has stated that it intends to propose alternatives that achieve similar ends,  and the UK Competition and Markets Authority has accepted such proposals (whilst saying it will keep a close eye on such plans).

Instead of sharing specific data in the way which third party cookies do so, Google’s ‘Topics’ API will group users into different ‘topic clusters’ over approximately 350 broad categories. When users visit a website, that site and any third party such as an advertiser will only be shown three of that user’s interests from the previous few weeks (for example; travel, food and fitness). This reduces the number of third parties which can access a user’s data, whilst still allowing a degree of personalisation.

What’s Next for Businesses?

So, what effect will ‘the end’ of cross-app tracking have on businesses? Those operating online should continue to ensure that they are meeting their legal obligations in relation to cookies and consent. They will still be required to request consent to the use of non-essential cookies, even if third-party cookies are eventually phased out entirely. Any businesses that rely on third-party data should keep up to date with the developments in this area. Also, it is worth considering alternative methods of data collection and analytics, given the threat that the removal of third-party cookies poses to the advertising ecosystem.

If you require any further information on the above developments, please do not hesitate to get in contact with a member of Gordons Data Protection and GDPR team.