Privacy Governance for Cookies and other Digital Technologies
Join Teresa Troester-Falk and Ben Isaacson expound upon the privacy considerations that in the adtech space when using digital technologies such as cookies and pixels. Listen to the recording here. Transcription below:
Hi, everyone, and welcome to today’s PrivacySnapshot. And we’re back here with Ben Isaacson, who is a luminary in our field of data privacy. We’ve known each other a long time going back to I think my days at DoubleClick when we first connected. So Ben, you have had a lot of years working very specifically within adtech for companies who are trying to figure out the maze of regulations in this space. And one of the things that we’ve all noticed after the GDPR was the ubiquitous cookie banner. And it didn’t necessarily pan out maybe for consumers the way we might have expected but it became a useful tool to manage cookies and pixels and those kinds of technologies. So the same thing is now happening with the CCPA where companies are looking at “Do I need a banner or don’t I and how am I going to this whole world of digital technologies” — with the regulator’s focused on it and a bit of uncertainty about what I need to do. And you and I’ve talked about this, and you’ve distilled four key areas that you walk through with companies and have them think about so I’m just going to hand this over to you. We could talk about this for a few hours, but just give a high level overview of those four areas and what the key points that companies should be thinking about.
Thanks, Teresa. It’s great to be here. Thank you for having me. So the first thing to keep in mind are there’s amazing tools out there now that we just didn’t have, you know, a few years ago, even. The first one is tag managers. And in the old days, whenever you wanted a cookie to be placed on your website, you had to hard-code a pixel into the HTML into the website itself. And those days are now gone, or can be gone. We still see a lot of old publishers doing it the old way. But there are a lot of tools like Google’s Tag Manager like Tealium that it becomes a bottleneck, for use of a single point of, you know, governance from all the pixel tags on your website, and they can go dig and change any page to another page, but is still goes through that same Tag Manager. So the privacy professional can say, Yes, I want this company to be on this page and not that company on this page and actually play a role in in managing privacy in real time. And those same tag managers — also many of them offer the consent management tool in a consent management platform, as they’re now called CMPS that go with GDPR, or in some cases with CCPA. To say, we want to present this type of cookie banner to this this type of user. And you know, with the GDPR is an evolution over the last couple of years, we’re now seeing a requirement to really create preferences that go beyond just opt in or opt out, but rather personalization, advertising and analytics. So, you know, even granular, you know, Cookie specific preferences. So, the tools are extremely important to have both a Tag Manager and a content management platform to be able to help you do global pixel and cookie compliance.
The second thing is to really vet each partner, that you’re allowing to place a pixel tag on your website, and specifically, whether they have sub processors or partners that they work with — the key term of art is piggybacking. You don’t want any cookie, you know, pixel partner of yours to allow a third party to also place a pixel because they can just automatically enable that to happen. And I’ve unfortunately seen a number of cases where it was unknown to a publisher or advertiser that some other company was sitting on top of their website collecting data potentially for retargeting on another media. So getting a list of those partners and an understanding what really what their core purposes are, and if there are tertiary purposes, beyond just what you’re hiring them for that, that could be that data could be used for. And again, coming back to this notion of within the California law in particular, is this partner a vendor? Or are they like a service provider? Or are they a third party? And this is a very important distinction to make. And that’s why the third category is contracts.
So, in the contract, that must be crystal clear. Is this a service provider relationship? Or am I essentially selling my data to you under the CCPA? And how do we work through managing that opt out or, you know, or data deletion or any other kind of sales requirements that that are now inherent in the CCPA, which is adtech really the federal law at this point?
Then the last thing is, auditing and tracking. So, tools like Evidon lets you audit the pixels on your website. So you can actually go to covid.com, and, you know, test and plug in, you want to see, you know, all the different, partners that show up and hopefully all of them are under contract. But then you can also test that, with different tools, , that the consent management process, and getting it from, you know, a lower percentage rate to a higher percentage rate simply by changing the positioning of the banner, changing the text of the banner, changing the creative and looking for trends in how your consent is working. For the most part, we’re seeing cookie consent, at least, even for Europe in the 90% range, which is pretty great, depending on the publisher, but for most, you know, trusted publishers, they’re getting a high quality consent. Same with the CCPA. And the opt out is extremely low that people are actually opting out. So trying to benchmark your own website versus these others, is it a good thing to do.
So thank you. That is certainly excellent advice. To sum up: Using tag managers and content management platforms. And there’s lots of tools out there now to help organizations do this. Vetting your partners — that is so critical. We’re just seeing so many privacy problems emerge because of those third parties, right? Looking at your contracts, and finally auditing and tracking your website itself.
And so you spoke a lot to the use of tools. And I think this is, this is new for us, right? You and I have grown up in this space, have been in it for 20 plus years. We didn’t have the luxury of automated tools. We were using Word documents and spreadsheets and policies and procedures. And so it’s not a panacea and it doesn’t solve all the issues, but it’s solving a lot of a problems and creating more efficiency. At BlueSky Privacy we do view it as our job to stay on top of this ever changing privacy tech ecosystem and help you properly evaluate tools out there and effectively optimize your use of them so that they don’t end up being shelf ware. So thank you, Ben, for joining us. Again, this is excellent. And for those of you looking for compliance support, we’re here to help you.
Let’s talk about Privacy and the Governance of Cookies, pixels and other digital technologies.
Are you ready to demonstrate compliance with the CCPA, the GDPR, or other privacy laws? The key is operational know-how, a practical plan, and privacy expertise.
Ask us how we can help you feel confident and at ease with your privacy compliance efforts.