PRIVACY BEAT: Goodbye third-party cookies, hello first-party data and the ‘year of the universal ID’ — predictions for 2020

Privacy Beat

Your weekly privacy news update.

1. Goodbye third-party cookies, hello first-party data and the ‘year of the universal ID’ — predictions for 2020

In the 1990s, engineers at the old Netscape Communications Corp., maker of the first wildly popular web browser, patented an invention that they called a “magic cookie” — a file that could be stored on your computer.

The idea was to overcome a design feature — some might have thought of it as a flaw and others as an important benefit — of the basic World Wide Web — it was “stateless.”  As you traveled from website to website, each new location knew nothing about you or where you came from. Without the “cookies”, you would have to enter your login or preferences over and over again — re-asserting your identity.

At first cookies solved that problem. But then marketers figured out they could “track” you across the web and store information about your web behavior without your knowledge or consent — a third-party cookie practice that helped make Google and Facebook the commercial giants they are today.

Now, the “cookies” feature is increasingly viewed as a “bug” to be fixed, or eliminated:

  • Privacy-first mechanisms are focusing attention on how the web manages identity. In a set of expert predictions for 2020 about identity, ExchangeWire editor Mathew Broughton included a quote from Tom Kershaw, CTO of Rubicon Project, one of the biggest ad-tech companies, who writes that 2020 “will be the year of the Universal ID.” Kershaw continues: “We predict the industry will finally rally around standardized identity solutions and adoption will skyrocket.”

  • Writing on the Nieman Lab website, M. Scott Havens, Bloomberg Media’s global head of digital and media distribution, says it’s time for publishers to solicit  information about their users in an open and direct — “first-party” approach that doesn’t involve targeting advertising through a third-party cookie ecosystem.  (see more at Quote of the Week, below).

  • As a result of European and California law, consumers will be able to “opt out” of third-party cookie tracking, requiring advertising brands to seek other methods to understand consumers, writes Tony Chen, on the VentureBeat website, “Contextual targeting will provide a good alternative to cookies,” Chen writes.  He says new technology goes way beyond just placing ads on a page with relevant (“contextual”) content. “Brands can get very granular with context by targeting video metadata, titles, and descriptions, related keywords, audio transcripts and even comments within and surrounding content.” Chen is founder of a company that offers ad-campaign tech.

  • Publishers who recognize their first-party relationship with users is valuable will align with other publishers around that insight, according to Dr. Jurgen Galler, CEO & co-founder of 1plusX, writing in a year-end ExchangeWire wrapup on the ad ecosystem. “Brands and advertisements placed next to editorial content will benefit from the positive attitude that is fostered through relevant content and a good relationship between publication and reader,” he writes. 


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


‘Sale’ and ‘service provider’ — two key definitions promise legal wrangling as CCPA takes effect

Two key definitions embedded in the California Consumer Privacy Act (CCPA), which takes effect Jan. 1 — are already providing grist for legal wrangling and assertions by Facebook. The words are “sale” and “service provider”. 

If Facebook collects information about your web browsing, uses it to target advertising and charges for that advertising, was your data “sold”?  Facebook says no. Here’s a trickier question — under the CCPA, a “service provider” can receive personal information from another company — where that company has permission from the end user to use the data for a specific purposes — and process the information for that purpose. But if the “service provider” uses the data for some other purpose, that is viewed as a violation of the CCPA’s use restrictions.

Attorney Cynthia J. Larose of the Mintz law firm explained in a Dec. 23 posting that for a vendor to process data as a “service provider” they must (a) have a written contract for the processing (2) not retain the personal information “for any purpose other than for the specific purpose” under the contract and (3) can’t disclose the information for any purpose unless it is “aggregated or de-identified.” (See Mintz’s red-lined CCPA version).




New York Times series on mobile data privacy prompts reports in other publications

The New York Times’ decision to editorially spotlight mobile data privacy concerns is continuing, and other publications are chiming in. The Times started by reporting on its receipt and analysis of 50 billion location pings from the phones of more than 12 million Americans moving about major cities. For example, the PBS Newshour interviewed one of The Times’ writers.

In a Dec. 21 segment, The Times wrote about Pasadena, Calif., a place in and around where, it headlined, “…Even the Children are Being Tracked.” It added the same day an unsigned editorial, “Total surveillance Is Not What America Signed Up For.”

“The biggest difference between then and now, is that people didn’t really think about what companies were collecting on us,” USAToday quoted Chris Jordan, CEO of Fluency, a data-analysis company, as saying. “We weren’t worried about privacy. Now we are.”



MIT Tech Review: Image scrambling startup D-ID raises questions about compliance with GDPR?

A Dec. 20 report in the MIT Technology Review examines the claims of an Israeli privacy company, D-ID, which says it takes video footage of faces and alters the data so that facial-recognition scans won’t identify them. The piece points out the challenges of field privacy-protecting solutions when law and practice are still evolving.

The company says its technology “anonymizes” faces so that consent is no longer needed to capture them. The piece by Angela Chen quotes company-referred experts calling the technology a “win-win” for privacy and business.

“Other experts, however, say that the company misinterprets Europe’s General Data Protection Rule (GDPR), doesn’t do what it’s supposed to, and—even if it does—probably shouldn’t be doing it anyway,” Chen writes in the article.

Ann Cavoukian, a D-ID advisory board member and former privacy commissioner for the Canadian province of Ontario, was quoted as saying she thinks there’s nothing wrong with collecting data so long as people’s exact identities are obscured.

D-ID presented its technology idea at a Sept. 13 session at Mozilla co-organized by the Information Trust Exchange Governing Association (ITEGA).



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Massive investment in first-party data operations?

“Despite some hand-wringing about the future, the industry’s reliance on third-party data has been hugely problematic. Data inaccuracies and imperfections contribute to the messiness of today’s digital advertising marketplace, which needs to be cleaned up in order to justify continued growth. A new cookie-less world will present an incredible opportunity to innovate our digital media ecosystem; a new system rebuilt on a sound foundation of quality, first-party data. This shift will not only enable marketers to finally trust the effectiveness of their targeted spends, but will also allow publishers to strengthen relationships with their readers…In 2020, I predict we will see massive investment into first-party data operations across the industry, and early positive results on those efforts that will buoy publishers, advertisers and customers alike.”

M. Scott Havens, global head of digital and media distribution, Bloomberg Media,  writing at Nieman Lab’s predictions for 2020.

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp