By Reason Cybersecurity
on Tue May 18 2021
No more cookies in our future?
In today’s digital world, data is the mainstay of successful marketing. First, second, and third-party data have long been the force behind data-driven marketing strategies, decision making, and business intelligence. Third-party data, however, and the companies that sell it are increasingly falling out of favor for several reasons. First, the original source of the data is unknown and often not validated. Second, the data is not exclusive; a business’ competitors have access to the same data. And third, its use puts a business’ cybersecurity risk in the hands of outside entities. For example, the use of third parties in a supply chain or to handle data increases an organization’s points of connection which creates potential security risks. These risks then get compounded if the third parties have security weaknesses. Notably, 63% of all data breaches can be linked directly or indirectly to third parties.
Third-party data and its consequences
In fact, anytime a business uses third-party data, it exposes itself and its customers to security and privacy risks; risks that are too substantial to ignore. And consumer privacy concerns are growing as a result. In response, Twitter and Facebook, which had regularly used third-party data in the past, decided to remove it from their ad platforms. Their decisions speak to these heightened consumer concerns. Privacy concerns over third-party data have also been a driving force behind the introduction of several data privacy protection legislation such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Washington State People Privacy Act (WPPA), and other data privacy laws.
Controversy over third-party data is also behind the move to phase out third-party (3P) cookies. Cookies are those tasty marketing morsels used to carry out advertising processes such as behavioral profiling and retargeting to create a more personalized browsing experience. The cookies are small snippets of data added to users’ browsers and hold data about their browsing behavior. The data that 3P cookies hold about users is not in and of itself a problem; the problem arises with how it is collected and used. With 3P cookies, data about an individual’s browsing history is collected via online apps or services and then sold to other companies that use it for their own marketing purposes. On the plus side for advertisers, 3P cookies allow them to reach their audience with relevant ads at scale. On the negative side for users, they’re a significant invasion of privacy. For example, companies use 3P cookies to determine search queries, purchase history, device location, etc. In addition, they’re a security risk. Cyber criminals can hijack 3P cookies and then use them to impersonate a user and gain unauthorized access to websites or commit various cyber crimes such as sending malicious ads.
A cookieless future
Concerns and controversy over the use of third-party cookies in relation to cybersecurity and privacy risks have grown so much that Chrome and other web browsers have decided to phase out third-party cookies. Yet, while the phasing out of 3P cookies seems like a good move for privacy, the likelihood that doing away with them will stop all covert tracking is small; marketing technology will undoubtedly find other ways to follow us around. In terms of cybersecurity, therefore, a cookieless future doesn’t change much. The job of stopping trackers is far from over. Ad and content blockers, browser plugins and extensions, anti-spyware, anti-adware, and other anti-tracking technology will still be necessary to ensure user privacy. In addition, software developers must ensure that cookies are used securely by taking steps to mitigate vulnerabilities. Businesses also continue to have a responsibility to avoid security and privacy risks that could cause them to run afoul of regulatory requirements or have the potential to compromise customer trust. Finally, Internet users must also do their part by keeping their browsers updated and using anti-tracking software.
And that’s the way the cookie crumbles