Closeup of cookies on a computer keyboard showing cookie consent problem

Blocking Cookies is Insufficient

The recent wave of privacy lawsuits and regulatory fines is growing in number and size, and despite the time and effort organizations have put into creating cookie consent notices, these notices aren’t doing enough to safeguard businesses or their customers.

Transparency is unquestionably a positive thing, and as a result, we’re beginning to see more sensible advice emerge, but when employing current consent-focused solutions, businesses are still susceptible to a number of problems that are frequently outside of their direct control.

A prime illustration of this is the recent Meta pixel litigations, which are also having an impact on numerous healthcare organizations in the U.S. (And Meta’s data privacy issues are extending outside of the U.S. as well, with several lawsuits in Europe.)

The issue is inherent in the way websites are created. Except for a few of the biggest tech firms, all businesses construct their websites using third-party cloud services. These services include crucial applications like CRM, analytics, form builders, as well as advertiser-used trackers. The issue is that although the businesses who include these third parties on their websites are liable for their behavior, they enjoy a high degree of autonomy and minimal control.

The Meta pixel is the ideal illustration of this. It acts as a tracker that sends information back to Meta, information that advertisers may use to tailor advertisements to potential clients and gauge the success of their marketing campaigns. However, these trackers also gather extremely specific and detailed personal data that is then added to already-existing data portfolios.

The stakes are significantly higher when you visit a healthcare website, which is the issue. You don’t want to inform Facebook of a medical condition you are researching. Furthermore, you do not want this information to be included in your social graph. This leads us to the core issue raised by these lawsuits: The aforementioned actions are against HIPAA (Health Insurance Portability and Accountability Act), which protects Protected Health Information (PHI). It also highlights how troublesome monitoring may be when seen through the context of healthcare when considering digital advertising.

In the case of financial services, the same is true. Similar to PHI, gathering and unauthorized access to individuals’ identity and financial information can have serious repercussions. We’re already seeing this play out with the recent lawsuit against Meta for including their pixel on tax preparation websites. For good reason, there are aspects of our life that we prefer to keep private. These aspects clash with current digital advertising techniques.

We are better able to comprehend the complexity and size of the issue—which goes far beyond this particular Meta pixel—thanks to two other recent legal battles.

A complaint was filed against Oracle on the grounds that the 4.5 billion records it has (for comparison, there are 8 billion people on the earth) can be used as a stand-in for tracking private information that customers have consciously chosen not to share. Re-identification of de-identified data is an old concept, but it demonstrates why the “random” data being collected is important. Oracle, or whoever ends up having access to the information, can extrapolate the majority of details about a person’s life with astounding precision given enough data, and it is almost probable that this is how the data will ultimately be used.

There was another case recently regarding the usage of online testing tools, which record your browsing activity to assess your website navigation skills. These are very popular technologies that web designers and marketers use to improve user interfaces. Some businesses utilizing these tools are being sued for violating eavesdropping laws since they can secretly communicate much more data than the website owner intended. Who would have guessed? But it becomes very evident that there is a serious issue when you see everything through the lens of sensitive data.

Back to the topic of cookies

Beyond the fact that the majority of people quickly dismiss these cookie consent pop-ups by clicking “Accept all,” neither the businesses soliciting these consents nor their customers are meaningfully safeguarded. Additionally, there are several methods of tracking consumers online that don’t even employ cookies, and these are the problems that are at the center of the most recent legal disputes.

The answer goes beyond simply enhancing cookie consent. The issue is technical. Businesses must be able to observe, monitor, and control the browser-related aspects of website engagement that they do not control now. The new endpoint is that.

There's a need to go beyond simply enhancing cookie consent. Businesses must be able to observe, monitor, and control the browser-related aspects of website engagement that they do not control now. The new endpoint is that. #privacy #respectdataClick to Tweet

The vast majority of businesses desire to act morally, yet they are unable to manage what they cannot see. Even if they are not aware, they could still be held responsible by the public, in court cases, or new rules and regulations. For instance, the homepage of the typical Fortune 1,000 website features over 120 third parties. When you explain the severity of the issue to someone, they become very concerned – as they should.