‘This is scary stuff’: Cookie compliance efforts continue to fall short even three years after GDPR

By Ronan Shields

European Union law on cookie consent is clear: a person should be given a simple choice to accept or reject being tracked by advertisers on publisher sites. The problem is that there are moments when they don’t seem to have that choice.

That’s according to the findings released today from a new study commissioned by Ebiquity which aims to spotlight privacy shortcomings in the ad tech ecosystem.

​​The investigation found the vast majority (92.6%) of websites that attract tier-one advertiser-spend place at least one tracker on internet users’ devices prior to gaining their consent.

Ebiquity partnered with Usercentric’s consent management platform Cookiebot to conduct the study which analyzed almost 200,000 cookies across the 1,000 largest domains based for programmatic ad investments based on Ebiquity’s records of the top 100 global advertisers.

Of the 200,000 cookies analyzed in the study, half were defined as “marketing cookies” by the CMP with 82.4% of these tracking tools determined to have been installed on users’ devices by third parties. A third (32.3%) of those cookies were fired without valid user consent. In addition, researchers also found that 70% of third-party marketing cookies transferred user data outside of the European Union, a practice that is subject to strict regulatory requirements. Put another way: the report suggests that many of the biggest publishers are potentially violating their readers’ privacy and data protection rights by giving them a false notion of control.

“Advertisers want to ensure they fund responsible media outlets, and these numbers clearly show there is a lot of work to do,” said Ruben Schreurs, group chief product officer at Ebiquity. “Particularly in light of recent industry developments, we advise brands to ensure they have full transparency and controls on their investments in programmatic open web activity.”

Unsurprisingly, marketers are concerned. Of course, publishers are more exposed should regulators choose to investigate these findings further — the potentially shady data practices are happening on their site after all. Advertisers, however, are wary of being found guilty by association. So much so that they’re conducting their own investigations into the matter. “We’re going to have to audit our own media buys to see if we’re privacy compliant,” said the chief media officer at a global CPG company, who was not authorized to speak to Digiday. If those buys aren’t compliant, then the marketer can use the audit to consolidate their spending into those publishers working with ad tech vendors that can assure them they have EU-based data centers. “This is scary stuff,” said the marketer.

Granted, those fears aren’t new. In October, ad data detectives shared findings with Digiday which observed a gap between what someone consents to let happen to their personal data versus what actually happens to it three years after the arrival of a law (the General Data Protection Regulation) meant to reconcile the divide. Ebiquity’s study does, however, crank up the pressure on marketers to confront their own role in fueling an ad market where the …read more

Source:: Digiday

      

Aaron
Author: Aaron

Related Articles