Our mission is very simple; to encourage and support the growth of all things digital and to keep digital technology at the forefront of people’s minds.
Digital DNA HQ, Clockwise Offices, 48-60 High St, Belfast BT1 2BE
Since the 1990s, websites have had a love affair with using cookies to track user behaviour, as strong as that of Sesame Street’s beloved monster.
However with recent moves towards customer privacy, and Google’s plans to phase out third-party cookies on Chrome browsers by 2022, it looks like third-party cookies (i.e. cookies created by parties other than the website that the user is currently visiting) could be on their way out.
In 2018, the EU brought forward plans around e-privacy which were intended to supplement the now infamous GDPR. This ePrivacy Regulation was intended to cover all electronic communications on publicly available services and networks from or by individuals in the EU.
Now, after more than four years of negotiation, it looks like the ePrivacy Regulation is one step closer to being passed, and we take a look below at some of the key differences between the draft text and current legislation.
The exemptions include processing for reasons such as identifying malware, security reasons, or to protect vital interests. Metadata can also be processed for purposes other than those for which it was collected, provided that this new purpose is compatible with the initial purpose, and that safeguards apply.
The offering of little to no alternative services, with inadequate information may ‘deprive’ the users of a free choice, meaning compliance may be difficult for many website providers depending on how websites have been built.
The ePrivacy Regulation is still in draft form, and a transitional period of 2 years means that, at the earliest, it will not become law before 2023.
Although the law would apply directly in the UK post Brexit, as noted above organisations based outside the EU (including NI companies) will be bound by it if they process electronic communications, equipment information or metadata (such as location and time data) about recipients.
With restrictions such as these, many service providers are looking towards alternatives, with one popular alternative being the Unified ID.
Unified ID works on the basis that when an individual logs into a website with their email address, an identifier will be created based on an anonymised version of that email (the Unified ID). This identifier is regularly updated ensuring that it remains both anonymised and secure. When the individual logs on to the website, they will be informed as to why the service provider wishes to create the Unified ID and what it will be used for. At this point the individual can set their preferences regarding their data.
The benefits here allow for anonymisation of the individual, as the Unified ID contains no identifying information and cannot be reverse engineered into the email address used or any other form of identification.
Additionally, Unified ID allows for greater transparency (for example, it allows individuals to better understand how they are accessing sites in return for personalised advertisements) and greater control (as individuals can log into their account and monitor how their data is being used).
Despite the advantages of such a platform and a number of large advertising technology companies signing up, Unified ID is already encountering roadblocks, with Google stating that it has no plans to support any email based identifiers which it considers to mirror the functionality of cookies.
Instead, Google is keen to promote its own third party-cookie alternative, Privacy Sandbox. However with, as of yet, no actual platform or code, it is difficult to assess the usability of Privacy Sandbox as a viable alternative to third party cookies.
Until negotiations regarding the new ePrivacy Regulation have been concluded and the legislation implemented, it is not possible to predict with certainty what the landscape will look like for e-privacy in the UK or EU.
Additionally, it appears that the battle to provide a viable replacement for third-party cookies continues with no real leader yet emerging on the market.
With the ever-changing negotiations, discussions and technical advancements in the field of data protection, service providers would be wise to keep their finger to the pulse so that, whatever the future holds, they will be prepared.
If you or your business requires further advice or assistance navigating data protection or e-privacy matters, please contact:
Partner – Contracts and Technology Department
Tel: +44 (0) 28 9055 3306
The latest updates from Digital DNA
Early access to our events
+ lots more every 1-2 weeks