Whilst browsing on the Etsy iOS App, I was recently recommended some products. I had neither purchased these products nor had I browsed for them, anywhere. I wanted to better understand my privacy settings. In fact, Etsy’s privacy policy is amongst the most cryptic and difficult to read policies online. The most alarming sentence, buried deep within the Etsy privacy policy reads:
“Voice-activated assistants may send identifiers, analogues or other data to web browsers or mobile SDKs”
In this blog, we’ll cover everything from cookie tracking and SDK’s to the Internet of Things Identifiers and privacy policies.
As a leader in the Digital Marketing industry, we think it’s important for our customers and readers to understand how cookies and other similar technologies are used across apps, websites, brands and software. These technologies help applications function, allowing them to understand how your customers behave and have a number of purposes (beyond just advertising) that we’ll cover in this blog.
Privacy Policies aka The Data Market
A good privacy policy should help users to understand how exposed they are. For example, if you know that your weather app is constantly tracking your whereabouts and selling your location data as marketing research, you might want to turn off your location services entirely, or find a new app. Someone’s always watching.
Most privacy policies are incomprehensible disasters, as stated by The New York Times after they debunked over 150 of them from popular websites and apps. Put simply, privacy policies are used to establish companies’ justifications for collecting and selling personal data.
The 21st Century data ‘meat farm’ has become the engine that drives the internet, and these privacy policies we agree to, but don’t fully understand, are feeding it.
The reason we so willingly agree to these privacy policies is because they’re long, cryptic, full of jargon and mind-boggling. A research study conducted by New York times showed that the vast majority of privacy policies exceed the average college reading level. This means a significant chunk of the data collection economy is based on consenting to complicated documents that many consumers can’t actually understand.
Interestingly, Google’s privacy policy has evolved over two decades, from a two-minute read in 1999 to a peak of 33 minutes by 2019. Perhaps it has something to do with its increasingly complicated data collection practices
Types of Cookies – We Don’t Mean Chocolate Chip!
Cookies store data about your user behaviour, giving you a customised experience on the web.
More specifically, cookies are small data files sent from a computer program to your device. They are stored temporarily on that device, allowing a website or an app to recognise you. There are three primary types of cookies: session, persistent and third-party cookies.
- Session cookies are specific to a particular visit and carry information as you view different pages, this means users don’t have to re-enter information every time you change pages or attempt to checkout. Session cookies expire and delete themselves automatically in a short period of time, for example after you leave the site or when you close your web browser.
- Persistent cookies remember certain information about your preferences for viewing the site, allowing websites to recognise you each time you return. Persistent cookies are stored on your browser cache or mobile device until you choose to delete them.
- Third-party cookies are placed by someone other than the website you are browsing on, and may gather browsing activity across multiple websites and across multiple sessions. They are usually a type of persistent cookie and are stored until you delete them or they expire. Third-party cookies are a huge part of how companies (typically advertising and social networks) track traffic, behaviour and usage, even when you’re not directly using their website. Etsy provides a disclosure list of all third-party cookies and how long they are stored for, ranging from one day to 5 years.
Cookies allow websites and apps to build an extended profile of your browsing habits, no matter where or what your browsing. Your ‘virtual persona’ is ever-growing, made up of various different cookie files.
Most often, you can configure your desktop or mobile browser’s settings to reflect your preference to accept or reject cookies, including how to handle third-party cookies.
What Are The Purposes Of Cookies?
Now that we understand the difference between the types of cookies out there, what are they actually used for? The possibilities are endless, and generally the role of cookies is beneficial, making your interaction with frequently-visited sites a better experience – for no extra effort on your part.
Identify
By identifying specific users, cookies can determine your preferences for page layouts and colour schemes. They can also be used to store data on what is in your ‘shopping cart’, adding items as you click.
Improve
By identifying and storing your preferences, cookies can improve your web browsing experience by making transactions a quicker and easier process.
Intelligence
Particularly for e-commerce customer journeys, cookies can predict and recommend products based on previous shopping habits. This means that the interaction between you and the website is much faster and easier.
Interesting
Some websites will also use cookies to enable them to target their advertising or marketing messages based for example, on your location and/or browsing habits. This makes your online experience more interesting and relevant.
“Do Not Track” Disclosure
“Do Not Track is a technology and policy proposal that enables users to opt-out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.” http://www.donottrack.us/
- On your computer, open Chrome.
- At the top right, click More More and then Settings.
- Under “Privacy and security,” click Cookies and other site data.
- Send a “Do not track” request with your browsing traffic on or off.
When you tick the Do Not Track box in your browser’s settings, your browser adds an HTTP header to all of your web traffic. This lets websites know that you don’t want them to track you. You don’t wish for tracking cookies from analytics or advertising networks, and you don’t want information about your browsing transmitted to social networks.
Unfortunately, this can be ignored by websites. Nothing is stopping an organisation from tracking you, even after you ask nicely. Below is a statement taken from Outbrain’s Privacy Policy that states just how much they care about DNT requests.
“Because there is no common understanding of how to interpret the DNT signal, Outbrain does not currently alter, change, or respond to DNT requests or signals from these browsers. We will continue to monitor industry activity in this area and reassess our DNT practices as necessary.”
Other Technologies and Services in Apps (SDKs)
In addition to cookies, there are other ‘similar technologies’ used by websites and mobile ecosystems that users should be aware of. <
Web beacons
These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with a unique identifier that is used to understand browsing activity. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are rendered invisibly on web pages when you open a page. For example, web beacons can track how users travel among a website and interact with the content.
Social widgets
These are buttons or icons provided by third-party social media providers that allow you to interact, share content with the social networks and log in with the social network. These social widgets may collect browsing data, which may be received by the third party that provided the widget, and are controlled by the third parties.
UTM codes
These are strings of numbers and letters that can appear in a URL. These strings can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
Application SDKs
These are mobile application third-party software development kits that are embedded in the Apps (and are used in many mobile applications). These app SDKs allow the collection of information about the app itself, activity in the app, and the device the application is running on.
Internet of Things identifiers
Perhaps the most interesting of them all, like mobile identifiers, internet-connected devices such as voice-activated assistants or smart TVs may send identifiers and other data analogous to web browsers or mobile SDKs.
Deep Data capture
Enable the capture of a wide range of data, including both structured and unstructured data such as operational, transactional, network, dialogue and web data. Some websites and apps support the collection of big data, giving them the ability to capture, store, and manage very large data sets from multiple data sources.
Humanising Privacy Policies
The General Data Protection Regulation was implemented in May 2008 (after it had been two years in the making). The European privacy protection regulation includes a clause requiring privacy policies to be delivered in a “concise, transparent and intelligible form, using clear and plain language.”
Many consumers don’t need a deep technical understanding of data collection in order to protect their personal information.
Instead of explaining the complicated inner workings of the data marketplace, privacy policies should help users to decide how they want to present themselves online. We tend to go on the internet privately – on our phones or at home – which gives the impression that our activities are also private. But, often, we’re more visible than ever.