While there is plethora of news, insights and great recommendations on this topic; this article is meant to be a starting point for folks looking to acquaint themselves with the fundamentals.
Short summary:
- Significant data is collected about consumers (you!) when they visit websites and apps, not necessarily with their complete awareness or consent.
- There are legitimate reasons for businesses to collect necessary data to optimize experience, drive personalization, learn about customer preferences, run analysis to identify areas that can be improved to enhance customer experience.
[There can be no optimization without data!] - This is often executed with 1st party cookies.
- The are also practices where advertisers, publishers, middlemen collect and exchange data for specifically driving cross site / app targeting use cases, such as:
- A bank may want to target it's anonymous visitors who are "frequent
travelers" - based on data shared by a travel partner.
- A retailer may want to show incentives to recover abandoned shoppers, by targeting them on say news / content sites. etc.
These use cases employ 3rd party cookies / MAID (Mobile Advertising Identifiers - called IDFA in Apple world); which unfortunately can be abused to collect and share data and profile individuals, without their knowledge and consent. - precisely why, these tracking methods are in trouble.
What's the extent of this problem?
See screenshot from a nifty browser extension called Lightbeam (for Firefox):
- I visited 2 popular websites (that shall not be named) -> They are the Circles.
- These 2 websites shared my visit related data with 222 3rd parties (without my consent or knowledge) -> These are all the Triangles.
- Interestingly, there are bunch of 3rd parties that sit in between. They know that I (someone on this browser) visited Site A, and site B, along with details on what I did there on those sites.
- Now extrapolate this with several sites / apps, where over time these 3rd parties can collect and triangulate significant information about us.
With varying degrees of confidence, they can tell our age, gender, interests, internet habits, political affiliations etc.
So who's taking this fight to safeguard consumer privacy? Well, there are bunch of concerned parties; but we have GDPR, Firefox and lately Apple to thank for it, for establishing a standard and paving the way.
What can responsible enterprises do?
- Make a quantifiable impact assessment.
- The industry isn't 100% ready with a solution, but there are significant steps one can take to strengthen the 1st party data foundation.
- Stay informed and do what's right for your business priorities while respecting your customer's privacy and consent.
Interesting detailed whitepaper on this topic:
Comments