Intersection of Cookies & Privacy

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 41 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Transcription
00:01
welcome everyone to module six of 10.
00:05
I wish we were going to be able to talk about baking and other fun things, but instead we will be talking about ad technology and cookies. Let's jump right into it.
00:15
This is where we are in our course outline.
00:17
We began this course by reviewing the history of the C C p A. In the scope of businesses that are subject to the law.
00:23
The next four modules, including this one, are dedicated to reviewing the substantive privacy obligations that the CCP established.
00:31
Once we finish ad tech and cookies, we are done.
00:35
We will have covered all of the real world obligation companies now have.
00:39
Then we will jump into enforcement CCP A in action and other items that are important for you to understand. As you pursue mawr education on what the C C p A. Is and how it means for businesses
00:51
less than 6.1.
00:53
We will review the intersection of cookies, what they are and how they are relevant to the world of data privacy and, by extension, the California Consumer Privacy Act,
01:03
our learning goals and objectives for less than 6.1
01:06
first we will provide an overview of the different types of cookies that exist, so we better understand what we're talking about.
01:12
Objective number two.
01:15
We will then review how certain types of cookies keyword there. Certain. Not all cookies.
01:19
Impact users. Data privacy,
01:22
then item number three.
01:23
We will review how cookie deployment essentially is the same thing as selling personal information.
01:30
If you have a marketing team that you are trying to convince to re evaluate their vision towards data privacy risks, I would strongly recommend you include them in this module.
01:38
This is a conversation that I have frequently with the marketing teams that I T and privacy professionals are not able to fully complete.
01:47
I strongly recommend including your marketing team. If they are open to it.
01:52
Here's a quick overview.
01:53
Let's kick this off with two different types of cookies.
01:57
I know there are other types of cookies that exist, but
02:00
there's two that are relevant to the CCP. A course
02:02
on the left side of your screen. I've created a category here of necessary slash essential cookies.
02:08
This is, ah, loose term, although I will note that under the GDP are it is actually defined as necessary or essential.
02:16
Either way,
02:17
these are the types of cookies that a website simply needs to function.
02:22
User authentication, session management, other things like that. Those are the cookies that a website or including an I T team will deploy in order for the business and the website just to operate at its core,
02:34
you need to be ableto have those cookies operate.
02:37
You cannot disable them in order for your website to function.
02:40
But
02:42
those types of cookies we're not talking about in this course
02:46
I'm actually talking about ad tracking and monetization cookies. Please do not confuse this. If you have other cookies on your website,
02:53
that is fine.
02:54
We're talking about ad tracking.
02:58
These are the types of cookies that deliver ads to individuals who have previously visited your businesses website,
03:02
purchase their products or use an app or interacting with the website in some kind of way.
03:08
Let's explain this a little further by identifying what targeted digital marketing is.
03:14
If you are watching TV and you happen to see a commercial, that commercial is being targeted to everyone who happens to be watching the TV in that moment.
03:22
Targeted digital marketing is very different
03:24
cookies will collect your personal information, including, most notably, your personal interests, your age, your gender and, as well your location to help provide to you a more personalized ad.
03:37
If there's a specific product that someone knows is going to be particularly interesting to someone like you,
03:42
cookies and the personal information that they collect is how they get that done.
03:49
On the left side of your screen is the second generation of targeted digital marketing.
03:53
To be completely honest with you,
03:55
this fuel didn't even exist 10 years ago.
03:59
It essentially comes down to this.
04:00
Individuals are retargeted targeted a second time based upon their interactions with other websites, including search engines, social media, even the behavior on your website.
04:12
This is a type of activity that the privacy advocates who are pushing for the C C. P. A were extremely concerned about.
04:17
This is the source more or less for 90 plus percent of the revenue large American social media companies make.
04:26
You can understand why this type of activity is something that's going to catch the attention of regulators.
04:30
Please keep an eye on what targeted digital marketing is, and if your company is deploying cookies that perform one of these functions
04:38
again. We're not talking about the necessary or essential cookies. I'm talking about cookies that helped complete targeted digital marketing activities.
04:46
Hopefully, that makes sense.
04:49
The reason why cookies are so relevant to the C C P A is because they are how your information gets sold to a third party.
04:57
Let's start on the left side of your screen and follow the timeline. If you would,
05:00
the user visits your website website being in the middle of your screen.
05:04
Their information will be collected at the website by a cookie.
05:08
It is then sold to a third party.
05:11
It's either another retail company, a data broker or, frankly, any third party those cookies air interacting with.
05:18
Because that happens, that third party is then able to redirect customized marketing materials back to the user
05:26
very frequently with the blessing of the central website.
05:30
But it doesn't matter.
05:30
The information is being sold to a third party.
05:33
Why?
05:34
Because the cookies are deployed and then advertisements produced revenue. As a consequence of that.
05:41
In many cases, there is, even if there isn't a specific dollar amount that changes hands,
05:45
there is something called valuable consideration that the website enjoys because cookies are deployed on the website.
05:51
We discussed that when we were reviewing the definition of selling.
05:55
In practical terms,
05:57
if you have a marketing based cookies on your websites, you're engaging in third party selling.
06:01
That's the rule.
06:03
That's the way the California attorney general is going to view it.
06:06
We'll discuss more about enforcement in Module seven
06:10
punch line Here.
06:12
Marketing cookies is the same thing as selling personal information.
06:16
Now
06:17
on the topic of selling personal information.
06:20
How much is all of this worth?
06:23
I thought it was important to include an additional slide on this toe, really drive this point home,
06:29
according to recent market research, and this lines up with what I've seen in my personal experience.
06:33
The weighted average for an American adult is $420 a year.
06:39
That's how much their personal information is worth.
06:43
How do we know that
06:44
were able to take the total monthly ad revenue that is generated in the U. S market and divide that by the total number of unique monthly adult users
06:54
that comes out to about $420 a year?
06:59
That's how much cookies and other companies make off of your personal information a year
07:03
$420 a year.
07:08
Interestingly, enough,
07:10
cookies have actually gotten to the point where they can engage in what's called micro bidding,
07:14
where they can bid on certain people. So individuals who are urban, college educated and even there are tragically large disparities among certain regions in the United States,
07:25
race and gender,
07:26
those individuals personal information is actually valued much higher.
07:30
This is obviously an area that concerns a lot of privacy advocates when individual user data is actually being pinned to be of a different value than others.
07:40
This is a new area that people are concerned about,
07:42
and hence why the C C. P. A. Is trying to restrict third party selling by providing users away to opt out of it.
07:48
We discussed ping walls in Europe and how they identify where users are visiting. But this is a big topic.
07:54
I'd love to discuss ITM or if we had the time
07:57
in summary,
07:59
we do need to identify here for a moment what cookies are
08:01
we're talking again about essential versus marketing cookies.
08:05
If you have essential cookies on your website.
08:09
You need not be concerned with how that impacts CCP, a based privacy.
08:13
You might need to be worried about it from a GPR compliance perspective, but not the CCP, where you're talking about marketing and tracking cookies
08:22
moving on
08:22
the way cookies were
08:24
personal. Information flowing from one website to a third party
08:28
is going to count a selling.
08:30
You need to be aware of that because you are monetizing the personal information via cookies.
08:35
This is a great opportunity to have a heart to heart with your marketing team because they are generally those who are responsible for deploying the actual cookies
08:45
that summarizes everything we need to know on less than 6.1.
08:48
I'll see you in the next video.
Up Next