Wednesday, March 19, 2014

IAB’s Future of the Cookie Working Group Addresses Privacy and Tracking in a Post-Cookie Environment

For a long time now, majority of what we do online has been governed by the use of HTTP cookies – from tracking user preferences, to remembering browsing histories, and even storing of usernames and passwords. I recall reading an article in PC Mag in 2000, despairing over the ubiquitous use of cookies. Fourteen years later, the use of cookies is endemic. Cookies are useful in compiling long term records of individuals’ activities and identities online, which is a privacy concern regardless of how useful it was for marketing and advertising agencies. It is this concern that has prompted the International Advertising Bureau (IAB)’s Future of the Cookie Working Group to publish a white paper titled ‘Privacy and Tracking in a Post-Cookie World’ (

‘Privacy and Tracking in a Post-Cookie World’ addresses the problems and concerns that have arisen from the use of cookies throughout the years, but focuses more on explaining why their use is no longer needed in the digital environment, followed by a proposal consisting of several alternatives to the traditional http cookie. It is immediately relevant to Australia with the changes to the Privacy Act about to take effect (what happens to cookie-acquired information, especially if it is conveyed offshore?), and relevant to the EU because of proposed EU data protection regulation will impose strict rules on consumer profiling.

Concerns Over Cookies

The IAB has two major reasons as to why the cookie is fast becoming obsolete and is ultimately more problem than they are worth. First is the sheer amount of cookies that are being used by different companies – either they accumulate over time and slow down people’s computers, or people block them entirely, negating their purpose as tracking and database-building tools.

What this means is that the advertisers fail to target potential customers with relevant content, while publishers lose revenue from the potential sales that could have occurred when a relevant ad is served to a visitor.

Additionally, informed consumers are paranoid about cookies. There is an undeniable growing distrust of what data aggregators are doing with personal information. This increased awareness of the data trail that people create online is tempered by an inversely limited understanding of how their private information is used. This leads to many users opting out of tracking altogether (either by means provided by the website, or by blocking cookies at their end).

Regulators are starting to take a much closer look at the current practices and considering ways to address consumer concerns. Increased intervention by regulatory bodies could significantly increase the operational and compliance costs for the digital advertising industry.

The other problem with cookies cited by the IAB is the ever-increasing diversity of Internet-connected devices. In the past, majority of consumers only accessed the Internet through a desktop PC at home and/or at work. Nowadays, a person can access the Internet from a wide variety of devices – from smartphones, to tablets, to laptops, game consoles and TVs. Cookies are not transferable from one device to the other and don’t normally interoperate with other cookies. So, there is a lot of fragmentation and many of the benefits that cookies originally provided are no longer available. Users have to log in to their accounts everytime they use a different device, as cookies only store login information on a “per device” basis, and so website cookies are thereby stumped on the identity of the user.

Proposed Alternatives to Cookies

The Future of the Cookie Working Group proposed the following alternatives to cookies:

  • Device Approach – Using statistical algorithms to infer a user’s ID from information provided by the connected device, browser app or operating system.
  • Client Approach – Tracking and management of user information and preferences is handled by the client (a browser, an app, or an operating system), and the resulting information is then passed along to third parties.
  • Network Approach – a third party server acts as intermediary between the user’s device and the publisher’s servers. A good example of this approach is Facebook and Google, both of which allow the use of an end-user’s respective accounts on their network as a way to retain login information and preferences to other websites.
  • Server Approach – This is similar to what is being used at present, with the cookies being set between server domain and browser client through web beacons or pixels.
  • Cloud Approach – This depends on a centralised server to manage state and preferences through the use of IDs set and agreed upon by all concerned parties.

The Future of the Cookie Working Group concludes their white paper by positing that all of the solutions provided above will work better than the current Cookie-based method, because not only are cookies becoming obsolete but also because of changes to privacy laws.

No comments:

Post a Comment