TrustArc Webinar - Cookie and Trackers: Understanding the Technology and Regulatory Landscape
TrustArc
550 views
25 slides
Sep 17, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Businesses utilize cookies and other forms of online tracking technology for various purposes, including personalizing advertising, optimising functionality, gaining feedback, and helping ensure internet users’ interactions are simple, secure, personalized, and meaningful.
As the privacy landscap...
Slide Content
© 2024 TrustArc Inc. Proprietary and Confidential Information.
Cookie and Trackers:
Understanding the Technology
and Regulatory Landscape
Cookie and Trackers:
Understanding the Technology
and Regulatory Landscape
2
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
Legal Disclaimer
The information provided during this webinar does
not, and is not intended to, constitute legal advice.
Instead, all information, content, and materials presented during
this webinar are for general informational purposes only.
3
Speakers
Joanne Furtsch
VP, Privacy Knowledge
TrustArc
Pape Nicholls
Strategic Partner Development Manager
Google
Christian Cockcroft
Data Lawyer
Shoosmiths
Adam Osbourne
Principal Technical Account Manager
TrustArc
Speakers
Joanne Furtsch
VP, Privacy Knowledge
TrustArc
Pape Nicholls
Strategic Partner Development Manager
Christian Cockcroft
Data Lawyer
Shoosmiths
Adam Osbourne
Principal Technical Account Manager
TrustArc
Agenda
Types of online trackers & how they work1
Current privacy regulation insights for ad tech & marketing
2
Considerations & best practices for managing online trackers
& vendors with current regulations
3
Types of online trackers & how they work1
Current privacy regulation insights for ad tech & marketing
2
Considerations & best practices for managing online trackers
& vendors with current regulations
3
5
Types of online tracking & what they are used for
Cookies
A widely used internet tracking technology. They are used to for a variety of functions including authentication of
users, personalization of content and delivery of targeted ads. Typically, a cookie is a cookie is a small
text file that a web server places on the user’s computer.
Local Storage aka HTML5 Storage
These are used by web pages to store named key/value pairs locally, within the client web browser. This data
persists even after you navigate away from the web site, close your browser tab, exit your browser and can be
retrieved by the storing entity.
eTags
These are HTTP headers that sent-behind-the-scenes between web browsers and
web servers. ETags are often used to can be used to track unique users, as HTTP cookies are often deleted by
privacy-aware users.
Beacons aka Pixel Tags or Clear Gifs
These are clear graphic images delivered through a web browser as part of a web page request. The beacon
operates as a tag that records a user’s visit to a particular web page. It is also used in conjunction with a cookie
and provided as part of a third party tracking service. They are used to build specific profiles of user behavior.
Common uses include ad impression counting, file downloads, monitoring, and ad campaign management.
Types of online tracking & what they are used for
Cookies
A widely used internet tracking technology. They are used to for a variety of functions including authentication of
users, personalization of content and delivery of targeted ads. Typically, a cookie is a cookie is a small
text file that a web server places on the user’s computer.
Local Storage aka HTML5 Storage
These are used by web pages to store named key/value pairs locally, within the client web browser. This data
persists even after you navigate away from the web site, close your browser tab, exit your browser and can be
retrieved by the storing entity.
eTags
These are HTTP headers that sent-behind-the-scenes between web browsers and
web servers. ETags are often used to can be used to track unique users, as HTTP cookies are often deleted by
privacy-aware users.
Beacons aka Pixel Tags or Clear Gifs
These are clear graphic images delivered through a web browser as part of a web page request. The beacon
operates as a tag that records a user’s visit to a particular web page. It is also used in conjunction with a cookie
and provided as part of a third party tracking service. They are used to build specific profiles of user behavior.
Common uses include ad impression counting, file downloads, monitoring, and ad campaign management.
Cookie Privacy Laws in Europe
and the US
and the US
7
•Cookie Law established in ePrivacy Directive (ePD) and governed by legislation that transposed it into Member State (and UK law)
•Breach of Cookie Law carries penalties of up to £17.5m/€20m or 4% WW turnover, whichever is greater
•The baseline position regarding the use of cookies (Reg 6, UK PECRs), is as follows:
•Interplay between ePD and the GDPR – lawful basis for processing
Summary of European Cookie Law
•Cookie Law established in ePrivacy Directive (ePD) and governed by legislation that transposed it into Member State (and UK law)
•Breach of Cookie Law carries penalties of up to £17.5m/€20m or 4% WW turnover, whichever is greater
•The baseline position regarding the use of cookies (Reg 6, UK PECRs), is as follows:
•Interplay between ePD and the GDPR – lawful basis for processing
Summary of European Cookie Law
8
•You must obtain consent from the user for any non-essential cookies
•You must inform users if you set cookies, including strictly necessary cookies
•Non-essential cookies should not be dropped until action taken by user
•Users should be able to identify the CMP module and know how to access it
•Enforcement action suggests if “Accept All” you must have “Refuse All” – Facebook (CNIL - €60 m); Microsoft/bing.com (CNIL - €60m)
•No dark patterns or nudge tactics – but A/B Testing is generally permissible
Consent Capture – Requirements in Europe
•You must obtain consent from the user for any non-essential cookies
•You must inform users if you set cookies, including strictly necessary cookies
•Non-essential cookies should not be dropped until action taken by user
•Users should be able to identify the CMP module and know how to access it
•Enforcement action suggests if “Accept All” you must have “Refuse All” – Facebook (CNIL - €60 m); Microsoft/bing.com (CNIL - €60m)
•No dark patterns or nudge tactics – but A/B Testing is generally permissible
Consent Capture – Requirements in Europe
www.shoosmiths.com 9
European Developments
•Regulatory scrutiny of personalized marketing and targeting activities:
oMeta Decision – consent over legitimate interests
oCriteo
oIAB Europe Case & TCF 2.2
•EDPB Cookie Task Force
•Regulatory and NGO action – ICO Cookie Challenge, NYOB, Privacy Not
Included!
•Website scrutiny - recent fines
•The DMA and DSA
•Is Pay or Ok, Ok?
•Class actions back on the table
European Developments
•Regulatory scrutiny of personalized marketing and targeting activities:
oMeta Decision – consent over legitimate interests
oCriteo
oIAB Europe Case & TCF 2.2
•EDPB Cookie Task Force
•Regulatory and NGO action – ICO Cookie Challenge, NYOB, Privacy Not
Included!
•Website scrutiny - recent fines
•The DMA and DSA
•Is Pay or Ok, Ok?
•Class actions back on the table
www.shoosmiths.com 10
US Legislative Developments
•US State Privacy is beginning to compensate for lack of Federal
Framework
•Cookies are PII under US State Privacy legislation
•Opt-out rights and ‘sales’ of data
•Conduct-specific controls/restrictions
•Use of geolocation data
•Universal opt-out mechanism – 2025 and beyond
•Use of wiretapping lawsuits – move to an opt-in regime?
US Legislative Developments
•US State Privacy is beginning to compensate for lack of Federal
Framework
•Cookies are PII under US State Privacy legislation
•Opt-out rights and ‘sales’ of data
•Conduct-specific controls/restrictions
•Use of geolocation data
•Universal opt-out mechanism – 2025 and beyond
•Use of wiretapping lawsuits – move to an opt-in regime?
www.shoosmiths.com 11
Key takeaways to de-risk your Martech
•Implement a CMP with a reputable provider
•Bundling jurisdictions by common requirements
•Use of geolocation tools within your CMP
•Consider interplay between your CMP and tag manager
•Can you harmonize your Privacy & Cookies Notices?
•Vendor Management
•Audit Third-party Providers
•Education
Key takeaways to de-risk your Martech
•Implement a CMP with a reputable provider
•Bundling jurisdictions by common requirements
•Use of geolocation tools within your CMP
•Consider interplay between your CMP and tag manager
•Can you harmonize your Privacy & Cookies Notices?
•Vendor Management
•Audit Third-party Providers
•Education
12
How does Consent Manager actually work?
How does Consent Manager actually work?
13
Best practices for managing online trackers & vendors
1.Clients should set aside time to regularly review the scans TrustArc provide
a.Are the trackers found those they expect to see?
b.Are they classified correctly?
2.Where possible deploy trackers through a tag management tool (TMS)
a.Integration with a TMS provides a better user experience and can also prevent non required
trackers from loading before consent in regions such as the EU.
b.The Consent Manager/TMS integration should be reviewed at regular intervals to ensure that
firing rules are applied to all trackers that need them.
3.Consider implementing Auto Block
a.Auto Block can be used as a safety net to catch trackers that are not inside the TMS, or do not
have firing rules applied.
b.It can be used alongside a TMS if needed.
c.This tool can be particularly useful in decentralised organizations.
Best practices for managing online trackers & vendors
1.Clients should set aside time to regularly review the scans TrustArc provide
a.Are the trackers found those they expect to see?
b.Are they classified correctly?
2.Where possible deploy trackers through a tag management tool (TMS)
a.Integration with a TMS provides a better user experience and can also prevent non required
trackers from loading before consent in regions such as the EU.
b.The Consent Manager/TMS integration should be reviewed at regular intervals to ensure that
firing rules are applied to all trackers that need them.
3.Consider implementing Auto Block
a.Auto Block can be used as a safety net to catch trackers that are not inside the TMS, or do not
have firing rules applied.
b.It can be used alongside a TMS if needed.
c.This tool can be particularly useful in decentralised organizations.
Google Consent Mode
Pape Nicholls
Strategic Partner Development Manager
Strategic Partner Development Manager
Proprietary + Confidential
We're in a pivotal moment for advertising
AI creating new
opportunities
Technology &
platform changes
We're in a pivotal moment for advertising
AI creating new
opportunities
Technology &
platform changes
Proprietary + Confidential
Source: Google/Ipsos, Holiday Shopping Study, Oct 13 2022 – Jan 4 2023, Online survey, US,
n=8,467, Americans 18+ who conducted holiday shopping activities in past two days
Take advantage of this opportunity
Consented Data is the fuel that powers your AI
High-quality, consented data
Durable measurement and
audience solutions
Your Business Growth
Source: Google/Ipsos, Holiday Shopping Study, Oct 13 2022 – Jan 4 2023, Online survey, US,
n=8,467, Americans 18+ who conducted holiday shopping activities in past two days
Take advantage of this opportunity
Consented Data is the fuel that powers your AI
High-quality, consented data
Durable measurement and
audience solutions
Your Business Growth
The future is
consented.
It’s first-party.
It’s modeled.
consented.
It’s first-party.
It’s modeled.
Proprietary + Confidential
Regulatory Changes
Regulations are impacting
how user data can be
captured and used
Technology Changes
Increased restrictions are
impacting traditional data
collection (e.g. mobile ad
identifiers)
User Expectations
Users are demanding more control
and transparency over data
collected and used for ads
personalization
Key drivers for change
Googler
Regulatory Changes
Regulations are impacting
how user data can be
captured and used
Technology Changes
Increased restrictions are
impacting traditional data
collection (e.g. mobile ad
identifiers)
User Expectations
Users are demanding more control
and transparency over data
collected and used for ads
personalization
Key drivers for change
Googler
Proprietary + Confidential
We are making product upgrades throughout 2024
that will aim to ensure high standards for user consent
Some of these upgrades will
require your actions right now
to ensure durable marketing
performance
Googler
We are making product upgrades throughout 2024
that will aim to ensure high standards for user consent
Some of these upgrades will
require your actions right now
to ensure durable marketing
performance
Googler
Leverage Consent Mode
to automatically communicate
consent signals for online data to
Google’s advertising platforms for
Web & App
App only: also pass consent signals via our App
Attribution Partners solutions available in Q1’2024
Upgrade Google APIs
to pass consent signals for offline
data to Google’s advertising
platforms for Web & App
Collect user consent for European Economic Area (EEA) users
preferably via one of Google’s Partner Consent Management Platforms (CMP)
Make sure you respect the existing Google EU User Consent Policy
Migrate to Google
Analytics 4
(if using Universal Analytics 360) to
maintain remarketing, audiences &
conversion export, and bidding
optimization.
What this means for you: 4 steps you need to take
Advertisers should implement these steps as soon as possible to preserve audience features
2 3 4
1
to automatically communicate
consent signals for online data to
Google’s advertising platforms for
Web & App
App only: also pass consent signals via our App
Attribution Partners solutions available in Q1’2024
Upgrade Google APIs
to pass consent signals for offline
data to Google’s advertising
platforms for Web & App
Collect user consent for European Economic Area (EEA) users
preferably via one of Google’s Partner Consent Management Platforms (CMP)
Make sure you respect the existing Google EU User Consent Policy
Migrate to Google
Analytics 4
(if using Universal Analytics 360) to
maintain remarketing, audiences &
conversion export, and bidding
optimization.
What this means for you: 4 steps you need to take
Advertisers should implement these steps as soon as possible to preserve audience features
2 3 4
1
Proprietary + Confidential
Implement or upgrade your website
and app consent banner faster
Navigate consent requirements across
different regulations
Pass consent signals back to Google
using Consent Mode
Technical support
We recommend you use a Certified Consent
Management Platform to simplify consent work
Implement or upgrade your website
and app consent banner faster
Navigate consent requirements across
different regulations
Pass consent signals back to Google
using Consent Mode
Technical support
We recommend you use a Certified Consent
Management Platform to simplify consent work
What is Consent Mode?
Recovers on average 65%
of ad-click-to-conversion
journeys lost due to
unconsented users
Model to retrieve lost
conversions
Tags/SDK behave in a
consent-aware way,
respecting user choices made
on consent banners
Consent mode is a tool that communicates users’ consent choices to
Google tags/SDK so that they can adjust their behaviour accordingly and
enable modeling to recover for lost conversions
Respect User Consent
choices
User consent is collected and
communicated in a robust
and auditable way
Pass consent signals to
Google
Recovers on average 65%
of ad-click-to-conversion
journeys lost due to
unconsented users
Model to retrieve lost
conversions
Tags/SDK behave in a
consent-aware way,
respecting user choices made
on consent banners
Consent mode is a tool that communicates users’ consent choices to
Google tags/SDK so that they can adjust their behaviour accordingly and
enable modeling to recover for lost conversions
Respect User Consent
choices
User consent is collected and
communicated in a robust
and auditable way
Pass consent signals to
What is changing?
1
ad_storageanalytics_storage
Web: Controls whether cookies pertaining to
advertising can be read or written
App: Controls whether device ID can be
collected for advertising purposes
Web: Controls whether cookies pertaining
to analytics can be read or written
App: Controls whether app instance ID can
be collected for analytics purposes
2 4
1
NEW
ad_user_data
Controls whether user data can be sent
to Google for advertising purposes
3
ad_personalization
Controls whether personalized
advertising (i.e. remarketing) can
be enabled
We are introducing two new parameters to Consent Mode, required for
personalised advertising from March 2024
1
ad_storageanalytics_storage
Web: Controls whether cookies pertaining to
advertising can be read or written
App: Controls whether device ID can be
collected for advertising purposes
Web: Controls whether cookies pertaining
to analytics can be read or written
App: Controls whether app instance ID can
be collected for analytics purposes
2 4
1
NEW
ad_user_data
Controls whether user data can be sent
to Google for advertising purposes
3
ad_personalization
Controls whether personalized
advertising (i.e. remarketing) can
be enabled
We are introducing two new parameters to Consent Mode, required for
personalised advertising from March 2024
25
Thank You!
Thank You!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 550
- Slides 25
- Age 442 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views