Roundup of Privacy Initiatives, Effect on Ecommerce Merchants

There has been much activity in the privacy space in the last few months, including changes that could impact how consumers shop and how retailers collaborate with their business partners. In this article, I will present an overview and analysis.

1. New Privacy Law in California

On September 27, 2013 California approved a new law, AB370, that requires retailers to add two new privacy policy disclosures for handling personally identifiable information, as follows.

  • Disclose whether the retailer honors the “do not track” setting from web browsers.
  • Clearly identify the practice of allowing third parties to collect personally identifiable information from the website.

The law also suggests that sites include a hyperlink within their privacy policies that leads to a description of any program or protocol that allows users a “do not track” option. This means that retailers have to review all third party relationships and assess if there is a need to capture consumer data and disclose that in the privacy policy. Additionally, if there are reasons for your site to ignore the “do not track” setting, it needs to be clearly described in the privacy policy. Even though this is a California law, it applies to all sites that are visited by California residents and hence will require every site’s privacy policy to be updated. View the full bill here.

2. Digital Advertising Alliance Opt-out Cookie

Digital Advertising Alliance (DAA) has launched an initiative to allow consumers to opt-out of online behavioral advertising from participating companies by storing an opt-out cookie using the consumer’s browser. This cookie can be set by selecting the option from the Ad Choices icon shown on the top right corner of an ad, as seen in the image below.

Ad Choices example for Practical Ecommerce

“Ad Choices” example.

This has little impact on retailers except for allowing consumers to make a choice to stop personalized advertising for all companies that are part of DAA. So, if an online retailer is part of DAA, it will have to honor the opt-out cookie and stop all behavioral advertising to that consumer. The list of companies and advertising networks that are participating in this initiative are listed here. This online privacy initiative requires consumers to keep the setting “on” for accepting third-party cookies in their browsers.

3. W3C ‘Do No Track’

“Do Not Track” is a new browser setting that has been proposed by World Wide Web Consortium — “W3C,” the primary standards organization for the web —  that will be managed by consumers to turn on and off tracking by websites. This is very similar to the DAA Opt-out cookie except for the following difference: Do Not Track is a browser setting that, once turned on or off, applies to all third-party sites, not just the sites and companies that are part of DAA. Online retailers will have to honor this setting and will lose the ability to offer personalized promotions and ads to consumers if a consumer has turned on this setting. This could reduce revenue for retailers that rely on advertising or third-party content to generate sales, as advertisers will be unable to personalize the content to the visitor if this setting is turned on.

The Tracking Protection Working Group within W3C is leading this initiative and more details are here.

4. Stanford’s Cookie Clearinghouse

Cookie Clearinghouse (CCH) is an initiative by Stanford University that provides information “for users to make choices about online privacy.” CCH is developing block-lists and allow-lists to determine if a browser should accept a cookie from a site. CCH’s approach is based on the following four presumptions for the operation of a web browser if a site is not listed in the block-list or allow-list:

  • If a user visits a website, set the cookies from that site;
  • If a user does not visit a website, do not set the cookies from that site;
  • If a site is trying to save a DAA opt out cookie, set the opt out cookie from that site;
  • If a user consents to setting a cookie, set the cookie.

These presumptions mean that only first-party cookies will be set when a user visits a site versus third-party cookies. This rule can be overridden if the user decides to accept a cookie. This is how the Safari browser functions and Firefox’s new Aurora version has implemented the same functionality.

Similar to W3C’s Do Not Track setting, this initiative might impact online retailers that generate a portion of their revenue from advertising or third party content providers. The first release of CCH will be launched around end of 2013 and only then will we know the true impact of this new privacy feature.

Cookie Clearinghouse

Cookie Clearinghouse will presumably allow web users to better control cookies.

5. Mozilla’s Plan to Block Third-party Cookies

Mozilla’s Firefox browser is planning to block third-party cookies by default. This would mean that advertisers and third-party content providers would not be able to create a cookie unless the consumer directly visits their websites, allowing them to set a first-party cookie. This will have an affect on advertisers that use third-party cookies to track consumer activity across different sites. Disabling third-party cookies by default will impact the retailers in the same way as W3C’s Do Not Track and Stanford’s CCH, as retailers will lose revenue generated by advertisers and third-party content providers.

Adding to the confusion around which cookies are good or bad, Google has recently announced that it will stop using cookies and, instead, use a new ID called “AdId.” We will presumably learn more from Google about AdId soon.

Gagan Mehra
Gagan Mehra
Bio   •   RSS Feed