Data Privacy and You
Data privacy is not a new topic. This aspect of data protection has been a focal point in the WordPress space since the GDPR was announced in 2017. We’ve written about it both prior to it’s adoption, and then again as it relates to advertising privacy.
However, data privacy is more relevant now, than ever. Since the GDPR (which protects the European Union) was enacted, three states have added privacy legislation. Another 15 states have pending legislation. Additionally, one of the underlying factors, cookies, are going through a paradigm shift which changes the landscape further.
Whether you’re a site owner or a site builder, understanding data privacy is becoming more complex.
Data Privacy Legislation
Much of our discussion started with the adoption of the GDPR by the European Union (EU). This regulation provides protections for visitors to your site in a variety of areas. Everything from consent to information collection, to the right to request removal of that data, to feedback when there is a compromise in data is covered in the GDPR. The regulation was a far reaching plan. The ramifications of this are still unfolding as parties file new lawsuits. It’s important that the regulation impacts all sites that are visible in the EU, not just companies based there.
In 2020, California’s CCPA (AB 375) went into effect and enforcement for the law kicked off in July of 2020. While less protective than the GDPR, many of the same provisions were put in place for websites available in California. In November of 2020 Californians voted to approve the California Privacy Rights Act (CPRA) which goes into effect in 2023. This related set of protections expands on the CCPA and provides additional breach protections and data regulations.
Nevada and Maine are the two additional states that have put legislation in place. Nevada’s SB220 went into effect in October of 2019 and Maine’s Act to Protect the Privacy of Online Consumer Information went into effect on July 1, 2020. Each of these is focused on a different set of protections and even who is responsible for upholding the protection outlined in the laws. Additional legislation is being developed in several other states.
Unless you’re blocking access to your site on a state by state basis you’ll want to plan for the most aggressive combination of protections. The key takeaway is that privacy legislation is fluid. You should be planning for the most aggressive compliance or planning to revisit this issue as laws change.
Data Privacy and Third Party Cookies
An extra wrinkle in the data privacy landscape is the changing role of cookies.
Changes to how browsers are recognizing third-party cookies have been happening since 2013. Safari and Firefox both ignore third-party cookies by default. The reason that we’re seeing more about the death of the third-party cookie is that Chrome (which accounts for over 50% of the browser share) is adopting the same standard in 2022. Third-party cookies are what make profiling and remarketing efforts easier online. Basically, if you visit one site that places a cookie in your browser other sites will no longer be able to read that cookie.
You can rest assured that Google has taken steps to make sure that its advertising empire isn’t going to crumble when this happens, but it does mean that we’re going to see a very changed landscape going forward. Many smaller advertising platforms that have relied on third-party cookies are having to make significant changes.
You can already see some signs of this change in the new Google Analytics 4. Google is moving to measuring users in cohorts. Instead of tracking an individual user the theory is anonomzing a user in a group provides more protections. Google’s Federated Learning of Cohorts (FLoC) hopes to serve as a replacement to third party cookies.
Data Privacy is Good Right?
Theoretically, yes. Protecting user’s data is a great step forward. Unauthorized user profiling and targeting has led to a proliferation of predatory behaviors and the spread of false or misleading news. However, there are some negatives.
First, while it’s no small undertaking to change technology practices, Google has some big advantages in a pivot like we’re seeing in the cookie space. Since they have the biggest browser share and the largest advertising platform they are able to coordinate the infrastructure needed to enact that change. Smaller companies have to go into “wait and see” mode for adoption of these changes. Google may see the change as an advantageous way to strip some of the value from Facebook and similar social media platforms as they won’t be able to put third party cookies on websites which helps them flesh out their profiles. However, not everything is smooth sailing even for Google. Recently, two notable CMS systems have come out against FLoC. It will be interesting to see how WordPress decides to proceed with FLoC adoption.
Finally, there’s the potential for misuse of the legislative protections. Similar to some of the predatory practices we see with accessibility legislation, privacy legislation may become rife with potential legal shenanigans.
Data Privacy’s Future
Overall, we see these changes as positive over the long term. A federal compliance, or better yet, a “united nations” of internet privacy would go a long way towards standardizing expectations and best practices in terms of privacy protection. Whatever the third party mechanism that makes analytics and advertising attribution available, having the conversation is a positive step forward.
If you need assistance making changes to your site to tackle legal compliance or assistance with your cookie situation please reach out. We’re happy to walk through the process with you.