This story is all about cookies!
But these cookies aren’t quite your grandma’s cookies. Unless of course, your grandma enjoys disguising oatmeal raisin cookies as chocolate chip.
Cookies, as we will be discussing them, are little bits of data that websites leave on your computer, phone, tablet or wherever you browse the internet to track how you use the site.
There are a lot of harmless uses for cookies, but when used for advertising, cookies are intrusive. Cookies are still completely unregulated in the U.S.
The simplest cookies track how long you remain on a page. Some more obvious uses for cookies are remembering your username and password for websites so you don’t have to log in again, or remembering the items you left in your shopping cart from the last time that you should have been doing something productive.
Targeted ads, that are curated specially for you, sound intriguing at first. You stop getting ads for things that you wouldn’t ever buy and start getting ads for things you do want. It all works great until you spend a little bit too much time looking up James Patterson books to get your mom something for her birthday and every single ad you see for the next week is a Barnes & Noble ad with the same three books.
In order to make those targeted ads happen, advertisers leave cookies on your computer that track your activity across all the websites you use. Some cookies can stick around in your browser for years collecting data about the websites you visit, purchases you make, your IP address and your geographic location.
This data can be sold to other groups, leaving you vulnerable to identity theft, scams and hackers.
At first, advertisers were able to do this completely without users’ knowledge. Now, in some cases, they have to at least get users’ permission.
In 2011 the European Union passed a directive that gave users the right to refuse the use of cookies by a website. This directive brought cookies into the light and forced websites to get users’ consent before tracking their data.
In January 2020, the California Consumer Privacy Act went into effect and has a similar requirement for gaining users’ consent as the EU directive.
There are three criteria, of which a business must only meet one to be subject to the CCPA: have a gross annual revenue over $25 million, participate in the propagation of data of over 50,000 California devices or have 50% of revenue come from the selling of Californian’s data.
These criteria limit the scope of California’s legislation to just California. The internet doesn’t follow our arbitrary political boundaries, so California can’t make a law that affects people outside their borders even if that law is good for everyone.
Anytime you see a banner asking you to accept or reject cookies, it probably came out of one of these two pieces of legislation.
Too often our online data gets collected and then sold to random companies across the internet. None of us have any idea the amount that the internet knows about us. Your behavioral profile created by cookies using your usage patterns and location could be anywhere.
In an era where nearly every person uses the internet, to the point where numerous different industries and jobs are built around it, the United States government should protect its internet users with legislation similar to the CCPA or EU directive.
Cookies aren’t inherently harmful, secrecy about cookies is.
This story was written by John Gunville. He can be reached at j[email protected] or on Twitter @GunvilleJohn.