The Cookie Monster—Is it Eating Your Privacy?
ADOTAS — Cookies are a foundational part of accurate web analytics. They let us marketers recognize returning visitors and allow us to perform some very useful tasks, such like as user segmentation and path analysis, without which we’d have to consider ourselves rather primitive digital marketers indeed.
Take away cookies on your computer , and suddenly every user is a stranger—a first time visitor with no history. Without cookies, a web analytics measurement product would be less a power tool and more an invalid — unable to recognize patterns, or even familiar faces. It might not be too bold to say that without cookies, web analytics, and web marketing in general, would be dealt a blow serious enough to cripple it for a long, long time — or at least until someone came up with a cookie-substitute (and that is not on the horizon).
Cookies are also foundational to the user experience. We all want to read our favorite on-line newspaper in the morning. But we don’t want to have to log in each time (and probably we would not). Anyone who doesn’t have to log in every time they go to the sites they’ve registered at needs to say thanks to those crumbly, round morsels called cookies.
Of course cookies are really not made of oatmeal and sugar. They are small lines of developer code and when you go to certain sites, they are “given” to you by the site’s server. They remain on your computer in a special place reserved for them until you delete them. When you go back to that site, the site’s server searches that special “cookie jar” where all of your cookies are kept, and notices the one they gave you, and — suddenly you are recognized.
Most users take little note of the role cookies play. Nor of the role web analytics plays in optimizing sites. But some people do. And some of these people — I will call them Privacy Zealots — don’t like cookies (or web analytics) at all. They think cookies and the marketing efforts associated with them as little short of evil invasions of personal space — less like optimization tools than wasps crawling into the cracks of your house. I have heard them called the equivalent of Wal-Mart putting a billboard in your yard after you went there and bought some cheap shampoo. I believe these types of claims to be blinkered, unrealistic and mostly paranoid.
That said, there has also been a continuing policy debate about privacy, web analytics and cookies, and often enough these items are considered by Ccongress for some type of action. This summer, privacy groups such as Center for Digital Democracy, Electronic Frontier Foundation and others
have been lobbying These days it takes the form of legislation designed to either restrict or abolish the use of cookies at federal web sites. If successful, this could have dangerous ripple effects and be used as a wedge to , or attempts to regulate their use altogetherp — and as the thin forefront of the wedge, to potentially drive a stake through the heart of on-line marketing intelligence.
I should make careful note here that I am not against vigilant privacy protection, especially when it comes to sites where one has registered (and provided personal information), and more especially to the government’s collection of personal data. I believe in robust privacy protocols that restrict unwarranted sharing and use of personal information. and that there are bad actors out there that may need to be reigned in. Personally I believe the sharing of personal information by credit-score companies as it relates to web analytics is both complex, under-investigated and in most ways deleterious to the end-user. I believe there are many gray areas where companies share data through ad-serving companies that, if the end-user knew all, would make their hair turn — well, gray.
But we need to be careful not to kill the wasp with a predator drone and wipe out the entire house in the effort. Those who argue for a ban on cookies and severe restrictions on analytics in general are arguing for user rights not recognized in the physical real world.
For example: Iif the Privacy Zealot had his/her way, there would be no tracking of any user usage; no cookies; no visibility into audience behavior via web analytics (I am presuming for the moment they would have no trouble with focus groups, but that is a different story). To claim this is the desirable standard is tantamount to claiming that a shopkeeper has no right to see who is entering the store, nor to take note that they have been there before, nor to notice whether they are buying face cream with diapers on a regular basis, nor whether they just come in, try on all the lipstick, and then leave without making a purchase. To claim this level of privacy is to go beyond privacy. It is to claim the right to invisibility. Invisibility is not a right commonly expected during real-world interactions. It should not be held up as a model for on-line interactions.
Certainly there are some risks to personal information when improperly protected. I have not engaged in a scientific study of this, but I am willing to bet that Fidelity Investments is not trafficking in my personal information in a way that might harm me. The risk to them of doing so is rather large. Most companies put considerable effort (as they should) to make sure their users’ privacy is adequately protected.
But the web analytics world should not take for granted its right to place cookies and track usage — for while I believe it has this right, improper attention paid to real concerns can backfire. Inattention to the way on-line relationships are described and managed can give Privacy Zealots plenty of fuel for their fires.
We don’t want to burn our tray of cookies. Properly baked into the on-line marketing mix, they have proven awfully helpful to both marketers and end-users (who benefit not just from not having to log-in, but from better designed, more useful sites). In my opinion, cookies need to be part of every on-line measurement experience.
Let’s not let anyone pretend cookies are monsters — while acknowledging that there are cases where the protection of personally identifiable information — PII — needs to be more vigilant.
Even in an environment where cookies have significant detractors it is not impossible, I believe, to have our cookies and eat them too.
Reader Comments.
The suggestion that the country’s leading consumer and privacy groups are “zealots” because they want to ensure citizen/user control over online data collection, profiling and targeting is absurd. Consumer groups merely want to strike a balance between the powerful marketing realities made possible by digital media and the ability of users to remain in control over their financial, health, and other personal transactions conducted online. We all want to see e-commerce prosper, inc. digital advertising. The current economic crisis that was made possible due to the absence of regulation and oversight should be a reminder that reasonable consumer protection for this most important medium will–in the long run–benefit us all.
It would be helpful to end with some thoughts about steps marketers/analytics people could take to do some of what they want but not user-identifiable tracking by default. For example, make most cookies session cookies and for persistent cookies have a time-out of a few weeks? Have clear policies about how you share and use tracking information with other companies (as cross-site tracking is a severe impact on personal privacy). Anyway, here’s one vote, at least, for “so what can either side do to come to terms with each others’ concerns?”
This is exactly why I keep an accurate log file analyzer on my PC for clients with cookie deletion issues – or no page-tagging solution in place. Come to think of it, log file analyzers can also give you insights into search engine spider behavior that page tagging methods can’t.
A bit disingenuous, don’t you think, to not explicitly distinguish between varying kinds of cookies: session cookies used for good user experience, 3rd-party tracking cookies (evil, BTW, and always blocked by me), and cookies that hold login credentials to trusted sites?
You also forgot to mention Flash cookies (LSOs), and the practice of re-populating deleted cookies from cache or LSOs.
There are a range of uses, and a range of objections. The biggest problem is that to most people, the usage and opt-outs are not well understood and not very visible or easy.
The real world analogy doesn’t hold up very well either. I may expect a local shopkeeper to recognize me, but I would object strenuously if a store used facial recognition or cell phone signals to track my path and return visits.
Instead of focusing on cookies and online behavioral targeting – which are for the most part, fairly innocuous and anonymous – whether cookies last for 10 days or 10 years you can quite easily delete them too – we should rather probe data practices relating to PII data, both offline as well as online.
Much more worrying from a privacy perspective is the trend of lots of user-provided data which can be combined with other information to create detailed profiles of consumers that are then used for marketing and INCLUDE things like their home address, name, purchasing patterns, birth date/age, gender, reading preferences etc. — oh wait, this has already existed offline for 10-20 years and is used in direct mail campaigns…
That online is held to a different standard is troubling given the historically questionable practices of many in the “offline” data industry.
Interesting perspective Andrew – I have just written my own article on putting web analytics privacy into perspective with what is currently happening with mobile apps:
http://www.advanced-web-metrics.com/blog/2009/08/18/your-mobile-apps-are-spying-on-you/
Personally I would like to see 3rd-party cookies deprecated by browsers so the debate becomes simplified and everyone knows where they stand. If a world of only 1st-party cookies existed, the privacy issue of using them, all but disappears.
However, as mentioned by other commentors here, Shared Objects (i.e. Flash cookies) are flying completely under the radar as the browser does not control them. In my view that’s a no-no. The end-user should have complete control of their privacy settings in one place.
Best regards, Brian
Author: Advanced Web Metrics with Google Analytics
Interesting discussion — all of these viewpoints need to be considered and there will need to be compromises.
It would help a lot if websites did a better job letting users know what policies apply when third-parties collect information by cookies. At privacychoice we allow sites and users to see that information on one page. Take a look at the one for this site, adotas.com:
http://www.privacychoice.net/adotas.com
Is everyone comfortable with those companies and those policies?
Leave a Comment
Article Sponsor
More Features
-
Loading ...
Latest News
- BlueKai Report Explains DMPs to Publishers February 10th 2012 ADOTAS - BlueKai released a report this week on the [...] more »
- Funding in Brief: $10M for Spongecell, $8M for Prolexic February 9th 2012 ADOTAS – Rich media ad company Spongecell has raised $10 million [...] more »
- Google AdMob Axes Minimum Bids, Targeting Fees February 9th 2012 ADOTAS - As of Feb. 15, Google will change its [...] more »
- Infographic: HootSuite Analyses Social Media Impact of Super Bowl Ads February 7th 2012 ADOTAS - So, it’s the Tuesday after the Super Bowl, [...] more »
- Facebook to Serve Mobile Ads in Coming Weeks February 6th 2012 ADOTAS – According to a Financial Times report, Facebook will [...] more »
- Survey: 39 Percent of Mobile Users Responded to Super Bowl Ads Via Mobile February 6th 2012 ADOTAS - During the Super Bowl yesterday, mobile ad network [...] more »
- Sponsormob Leads the Way Into RTB for Mobile February 3rd 2012 ADOTAS – For more than half a decade, Berlin-based tech [...] more »
Features
- BlueKai Report Explains DMPs to Publishers February 10th 2012
- Attribution Online: Introducers and Influencers and Closers… Oh My! February 9th 2012
- With gTLDs, Global Branding Starts with a Name February 9th 2012
- Rethinking the Online Advertising Ecosystem, Part One: Independent Publishers February 8th 2012
- Case Study: Social Ad Effectiveness February 8th 2012
Spotlight
Sponsormob Leads the Way Into RTB for MobileADOTAS – For more than half a decade, Berlin-based tech firm Sponsormob has remained relevant in an industry characterized by [...] more...
Reader Favorites
Classifieds
- PS Technical Writer - SEO Data Analyst
- Interactive Project Manager
- Media Buyer
- PHP Software Engineer (Facebook Platform/Social AP
- SEO/Marketing Internship at Green Education Startu
Recent Comments
- HootSuite Social Media Management » More Apps, Open API, and the Solution Partner Program ~ News Roundup: [...] mentioned in our HootSuite’s Super Bowl XLVI Social Media Recap, adotas and MediaPost analyzed our
- News about Google Adwords issue #412: [...] ads for AdWords to adCenter and align with industry standards, adCenter has chang
- VB: What exactly makes an ad "high quality"?
- Survey: 39 Percent of Mobile Users Responded to Super Bowl Ads Via Mobile - ADOTAS | Mobile2 | Scoop.it: [...] background-position: 50% 0px; background-color:#222222; background-repeat : no-repeat; }
