The Decline of Third-Party Cookies in the AdTech Sector: Of Data Protection Law and Regulation (I)

62 Pages Posted: 24 Apr 2023 Last revised: 2 Jun 2023

Date Written: December 15, 2022

Abstract

In response partly to the range of data protection law issues raised by the use of third-party cookies or similar technology (TPC) in modern digital advertising, prominent industry players in countries like Europe are starting to block TPC. In anticipation of the upcoming decline of TPC, key AdTech players, with the support of standardisation bodies like the World Wide Web Consortium, are forging the path ahead in various ways including developing and implementing new techniques, practices and processes that do not involve TPC data points, such as mining telco data or using traditional forms of advertising like contextual campaigns in avant-garde ways, to transform and amplify their business intelligence operations (Strategies).

Thus, it is important (1) to fully understand the Strategies used by the AdTech sector and (2) to critically and comprehensively assess, from both legal and regulatory viewpoints, their implications for the level of protection afforded to the individual’s data privacy rights. This report, based on an empirical European project, explores the range of data protection law issues raised by two Strategies, namely, first-party cookies and contextual advertising.

It advances five arguments. First, overall, contrary to current stakeholder assumptions, the upcoming TPC decline renders the ‘regulatory space’ from a data protection law lens, even more complex, unpredictable and fragmented than it was when TPC data fuelled AdTech operations. Second, the burgeoning use of first-party cookies to sustain advertising activities raises complex challenges, across plural, overlapping and distinct data protection law frameworks that must be accurately identified and fully addressed, on a case-by-case basis by all relevant actors to protect the individual’s data privacy rights. Where appropriate, existing regulatory (including legislative) gaps, divergences and inconsistencies concerning key matters including the legality of cookie walls must be urgently and effectively addressed to maintain legal coherence and legal consistency. Third, some European data protection authorities must revisit their assumptions about and assessments of the impact of processing the first-party cookie personal on the level of protection afforded to data privacy rights. Fourth, current divergences between regulatory and policy actors about contextual advertising, including whether they use personal data and/or are forms of targeted advertisements, must be effectively resolved using evidence-based approaches to promote regulatory coherence. Finally, it cannot be assumed, without a contextual analysis, that particular contextual advertising campaigns do not interfere with individuals' data privacy rights.

Keywords: data protection, third-party cookies, cookies, AdTech, profiling, EU GDPR, General Data Protection Regulation, first-party cookies, contextual advertising

Suggested Citation

Vranaki, Asma A.I. and Farmer, Francesca, The Decline of Third-Party Cookies in the AdTech Sector: Of Data Protection Law and Regulation (I) (December 15, 2022). Available at SSRN: https://ssrn.com/abstract=4414566 or http://dx.doi.org/10.2139/ssrn.4414566

Asma A.I. Vranaki (Contact Author)

University of Bristol ( email )

Wills Memorial Building
Queen's Road Clifton
Bristol BS8 1RJ, BS8 1RJ
United Kingdom

Francesca Farmer

University of Bristol ( email )

University of Bristol,
Senate House, Tyndall Avenue
Bristol, Avon BS8 ITH
United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
157
Abstract Views
489
Rank
339,922
PlumX Metrics