The Cookie Breakdown
23 June 2021
WHAT ARE COOKIES, HOW DO THEY WORK AND HOW ARE THEY REGULATED
Cookies have been on everyone’s mind lately. And no, not the gooey chocolate chip kind we love to indulge in on our cheat day. Cookies, or small data files stored on your computer, have opened up huge discussions relating to consumer data protection and privacy regulation. They have also been the main tracking technology used by advertisers and brands to better understand consumers and provide them with targeted, relevant messages to create a personalized web experience.
In this article, we will discuss what cookies are and how they work, while also taking a deeper dive into how cookie regulation is evolving and transforming today’s digital landscape.
WHAT ARE COOKIES?
Cookies are small files of data that contain random alphanumeric text used for a variety of functions from ensuring a website’s proper function to storing a user’s browsing data.
There are two types of cookies: a “session cookie” and a “persistent cookie.”
“Session cookies” only last as long as your session on the website and expire as soon as you leave. They are used to facilitate your activity within that site; for example, they enable you to successfully complete a checkout process on an e-commerce site.
The second type of cookie, a “persistent cookie”, collects data and lasts way longer than your individual web session, sometimes for months or years. The contents are determined by the specific website that created that cookie and are then stored on your computer or device.
“Persistent cookies” provide convenient and rapid access to familiar objects, which enhances the user experience (UX)” according to technopedia.com’s definition. In other words, they enable the site to offer a customized experience tailored to that specific user.
“Persistent cookies” are usually the cookies being referred to when discussing subjects like cookieless targeting, user experience and privacy as they recognize user preferences, settings and information for future visits.
Going forward in this article, we will be referring to “persistent cookies” when we sling around the phrase “cookies.”
HOW DO COOKIES WORK?
A cookie is designed to remember and tell a website useful information about the user.
For example, when you visit a website that sells athletic gear, a cookie will record the specific running shoes you were looking at. When you return to the website, your browser lets the site read the cookie and consequently show you similar athletic products related to the running shoes.
These are known as first-party cookies — they are put on your device directly by the website you are visiting.
This type of targeting has been invaluable for brands, tech firms, and advertisers alike, making it possible to reach individuals based on browsing history.
COOKIES AND DATA REGULATION: WHAT IS CHANGING?
With heightened awareness and increased privacy concerns, many people have raised concerns about how their personal data is being used.
While “session” cookies will continue to be used to ensure proper website function, any type of cookie used for targeting now requires explicit consent from the user (under the General Data Protection Regulation and similar sister regulations). Cookies used for analytics, advertising, and functional services, like survey and chat tools, which identify specific users, are seen as the “bad guys” here. Organizations need to either stop collecting the offending cookies or find a lawful way to process the data.
Cue the various regulations that have gone into effect like GDPR in Europe, the CCPA (California Consumer Privacy Act) in the state of California in the United States and Brazil’s LGPD (Lei Geral de Proteção de Dados Pessoais) federal data privacy law.
THE END OF A COOKIE ERA
Another big shift that is already taking place is the abolition of third-party cookies. Web browsers Safari and Mozilla Firefox have already done away with third-party cookies in 2020, and by 2022, Google Chrome, the world’s most widely used web browser, will start blocking third-party cookies as well. Read more about the “cookiepocalypse” in our blog article where we go into more detail on the death of the third-party cookie and some of the alternatives.
ShowHeroes Group Country Manager Spain, Cayetano Chimeno, elaborates on what targeting will look like without cookies by saying,
Chimeno continues by underlining,
WILL CONSENT STILL BE NECESSARY EVEN AFTER COOKIES ARE PHASED OUT?
Even after third-party cookies are abolished, it will be absolutely necessary to ask for user consent regardless of the tracking technology being used – be it alternative IDs, Local Storage or trust tokens.
When used to identify users, “[cookies] qualify as personal data and are therefore subject to the GDPR. Companies have a right to process their users’ data as long as they receive consent or if they have a legitimate interest,” as specified on the www.gdpr.eu website.
Consent will be integrated even more closely and seamlessly with future alternative tracking technologies, and will remain the main focus for worldwide data protection laws like GDPR and sister laws like Brazil’s LGPD and California’s CCPA.
Websites will continue to be required to inform users about the technology being used to collect personal data, including the provider, purpose and duration, and the documentation of obtained consent – requiring at least annual renewal.
Consent not only remains fundamental to most data privacy laws, it is also becoming more and more central to the ad tech industry itself. Many top tech players are focusing their services to combine compliance and tracking with consent. For example, Google launched Google Consent Mode in September 2020 in order to allow websites to run all Google-services based on consent of their end-users.
With an inevitable cookieless future, there is a huge focus on new targeting alternatives that advertisers, brands, and ad tech industry leaders are already implementing in order to remain relevant.
In fact, we go into more detail on what we are doing at ShowHeroes Group with our Semantic Hero and contextual targeting capabilities here to provide both publishers and advertisers efficient solutions.
Specifically for publishers, first-party data sources will be key. The IAB suggests that email addresses or mobile numbers will be the next best thing once third-party cookies are abolished. This is great news for larger websites that can request a login for access to content or support newsletters and frequent communication.
For smaller sites with loyal users who visit often and consume a lot of content, but don’t rely on registered users, the best option will be to find a first-party data partner.