Cookies: from trash to cash.
Neuron - Data Science and Artificial Intelligence | USP-RP
Grupo criado com o objetivo de difundir Data Science e Inteligencia Artificial
How this online feature made some of the biggest companies lose millions and simultaneously created new business opportunities.
Cookies are small packets of files that store information about your web browsing. Thus, it's not surprising that this tool is used by many companies as a powerful source of data about their consumers. However, due to abuses, many of these companies have been fined millions of dollars. At the same time, new companies emerge daily, offering services focused exclusively on this tool. And precisely, this is the theme of this Newsletter: to show how a company's relationship with cookies can lead them to lose or gain millions.
Created in 2002 and amended in 2009, the European Union's Privacy and Electronic Communications Directive 2002/58/EC was a pioneer in regulating online privacy and continues to serve as an inspiring model for each place to develop its own legislation. It was already stipulated in it that for a company to use cookies on its website, it is necessary to inform the user beforehand about the general purpose of the feature. With this awareness, the user must provide authorization for their use. This rule has an exception for mandatory cookies that are essential for the proper functioning of the website (such as cookies that remember user logins or keep them logged in).
Another important legislation in effect on this topic is the California Privacy Rights Act (CPRA) of 2020, which came into effect on January 1, 2023. Unlike the European regulation, CPRA does not require user consent for the use of cookies. However, it mandates that users have the option to opt out of the sale or sharing of personal information. It's important to note that in the U.S. context, each state has the freedom to establish its own legislation on the topic. CPRA is the rule applied in California, the state leading the discussion on this issue in the country.
In Brazil, the current law on this subject is Law 13.709/2018, with the aim of regulating the processing of personal data, whether held physically or digitally. This law also encompasses all types of data usage and defines what constitutes personal data. The logic follows that regardless of the location of the institution using such data, if they are using information from Brazilian citizens, they must adhere to the provisions of Law 13.709/2018, known as the General Law for the Protection of Personal Data (LGPD). Similar to the previously mentioned regulations, LGPD mandates obtaining user consent for data processing. Thus, the main premise of the law is transparency ensured through user consent for the collection of their data.
?
Based on these and other legislations that share the same profile of protecting user privacy, some major companies have been penalized for violating these regulations. For instance, Facebook was fined €60 million on January 6, 2022, by the French regulatory agency for making it difficult for users to refuse the use of cookies with their personal data. On the same day, the same agency issued a fine of €150 million to Google for similar reasons of lacking ease in refusing these features on the Google.fr and YouTube sites. Both fines were based on European regulations. Another significant case of penalties faced by companies occurred in Korea, where Google and Meta (the company owning Facebook) were fined $50 million and $22 million, respectively, for not obtaining legitimate consent in the process of collecting user information.
?
In the Brazilian context, an example is the case where Facebook is being fined based on Laws 12.965/14 (about internet use in the country) and 13.709/18 (personal data processing). In this specific case, the company received a court order in 2022 to provide conversations within its social networks as evidence for a labor lawsuit. After 8 months without responses to this request, the company began to be fined R$5,000 per day for non-compliance with the court order, and the fine has now exceeded R$850,000. In this case, the company is not being judged for creating difficulties for users to manage their data collection; rather, it started making it difficult for the government to access previously collected information. Since the company collected information from a Brazilian citizen, falling under the jurisdiction of Law 13.709/18, it's also obliged to cooperate with the justice system if the transmission of this information to the government becomes necessary.
On the other side of the spectrum of the relationship between companies and cookies, there are examples of companies that benefit from data collection on social networks and platforms like Google.
?
Shopback focuses on using data-driven marketing to enhance customer engagement in online shopping. It also assists in the process of facilitating the recovery of users who abandoned their online shopping carts without completing the purchase. This way, it can track the behavior of users, including those still unknown to the selling platforms.
?
FX Flow Intelligence, on the other hand, primarily focuses on providing data to shopping centers and stores frequented by customers. This includes information such as the number of visits and zones with the highest customer traffic, enabling the creation of insights for companies based on this behavioral customer information.
?
The existence of a privacy policy based on data protection laws creates opportunities for new companies in the field to ensure compliance. One example is One Trust, a company whose values are trust and impact. It leads the data privacy management market, guaranteeing the security of data collected by cookies and ensuring that they are stored within the country's defined norms. There are other companies similar to these operating in the same area. They are classified in the market by the IDC Market Share report, which informs how the market performed throughout the year, indicating the companies that stood out the most in the sector.
Another business sector that relies on cookies and their acceptance is cookie management services, particularly in terms of analysis and advertising. In this case, an example of a company providing such a service would be Quantcast. Through an artificial intelligence and machine learning platform, it offers advertising solutions to agencies and brands to target their specific audience, aiming to boost their clients' business growth. However, they have recently realized that at least half of the users are no longer reachable through third-party cookies. Therefore, non-cookie-based alternatives are now being recommended for broader marketing reach.
?
Another company taking advantage of opportunities in this area is LiveRamp. It operates globally, ensuring access and utilization of acquired data to add value to their clients' businesses, while also creating an ideal user profile for the best user experience. It focuses on developing marketing campaigns through the use of cookies and other tracking tools, managing data to segment the audience and personalize campaigns.
?
In summary, there are numerous opportunities in the technological landscape when it comes to cookies, especially for companies aiming to assist in utilizing this tool. The activity in this area is quite vigorous, with various prominent names in the market serving as aids to agencies and brands seeking to expand their businesses and provide personalized services. The objective is similar across all these companies. Consequently, it's up to the client, whether it's a brand, agency, or any other entity, to decide which one aligns the most with their objectives in order to achieve their goals.
REFERENCES
Enzuzo. 7 Cookie Banner Fines: When Companies Violated Cookie Consent Laws. 2023. Available at:
?
Cloudflare. O que é a Diretiva de Privacidade Eletr?nica?. Available at:
?
Securiti. CPRA Cookie Consent – All You Need To Know. 2023. Available at:
?
ReedSmith. Cookie fines in France in January 2022: is it the beginning of a “Cookie Gate”?. 2022. Available at:
?
Techcrunch. Google, Meta fined $71.8M for violating privacy law in South Korea. 2022. Available at:
<https://techcrunch.com/2022/09/14/google-meta-fined-71-8m-for-violating-privacy-law-in-south-korea/>
?
Gov.br. Lei Geral de Prote??o de Dados Pessoais (LGPD). Available at:
?
MPF. O que é a LGPD?. Available at:
?
Rede Brasil Atual. TRT refor?a multa contra o Facebook por negar resposta a ordem judicial. Valor agora supera R$850 mil. 2023. Available at:
?
Migalhas. Juiz multa Facebook por n?o fornecer conversas em processo trabalhista. 2023. Available at:
领英推荐
?
Marketing por dados. 4 empresas que utilizam o Marketing por dados em suas estratégias. 2017. Available at:
?
OneTrust. OneTrust é líder no Relatório da IDC sobre Participa??o de Mercado em Software de Privacidade, mais uma vez!. 2021. Available at:
?
Quantcast. The Quantcast Monthly. 2023. Available at:
?
OneTrust. Plataforma Tecnológica Líder em Gest?o de Privacidade, Seguran?a e Governan?a. Available at:
?
Quantcast. We are the leader in measurable advertising outcomes. Available at:
?
LiveRamp. LiveRamp aspires to make it safe and easy for companies to use data effectively. Available at:
?
Picture 1
HSC Brasil. LGPD: Lei Geral de Prote??o de Dados do Brasil. 2019. Available at:
Usercentrics. The lastest ePrivacy Regulation: when will it come, what will change, and how can companies get prepared?. 2021. Available at:
Mandatly. CPRA – California Privacy Rights Act. Available at:
Picture 2
Pngplay. Available at:
Vecteezy. Available at:
Wikipedia. Available at:
Picture 3
Quantcast. We are the leader in measurable advertising outcomes. Available at:
Businesswire. LiveRamp e Carrefour fazem parceria para entregar ofertas de varejo de próxima gera??o. 2021. Available at:
Onetrust. Make trust your competitive advantage. Available at:
FX Data Intelligence. A loja física também deve ser orientada por dados!. Available at:
Google Play. ShopBack – Shop, Earn & Pay. Available at:
?
Picture 4
OneTrust. OneTrust é líder no Relatório da IDC sobre Participa??o de Mercado em Software de Privacidade, mais uma vez!. 2021. Available at:
#innovation? #data? #datascience? #cookies #webcookies #LGPD #CPRA #ePrivacy #enterprises