Home Data Privacy Roundup Why Are So Many US Companies Using Cookie Banners On Their Websites?

Why Are So Many US Companies Using Cookie Banners On Their Websites?

SHARE:

Most people would agree with this statement: “Pop-ups are annoying.”

A rather amusing article in The Verge laments the recent unfortunate revival of website pop-ups, which the author describes as dogging them through the hellscape of their internet experience with messages pushing them to like, subscribe, click, listen, sign in and accept all.

But some pop-ups aren’t just detrimental to the user experience of a website – they’re worse than pointless from a privacy perspective.

Under fire

Although it’s not legally required, many websites in the US have started using cookie banners in a misguided attempt to protect themselves from lawyers who smell blood in the water.

The plaintiff’s bar is well known for getting creative with their application of the law to support often tenuous class-action claims, including the 1998 Video Privacy Protection Act (VPPA) and state anti-wiretapping statutes. Both are increasingly used as the basis for privacy-focused lawsuits.

The VPPA, for example, is a law that was passed back when Blockbuster was still a hot commodity. It prohibits “video tape service providers” from sharing personally identifiable information about the videos someone has watched without their permission.

Several years ago, a wave of lawsuits attempted to extend the definition of “video tape service provider” to any business that has a website capable of playing video, such as Hulu. More recently, lawyers have been trying to broaden the definition even further to include social platforms.

According to an analysis by Bloomberg Law, at least 47 proposed class-action lawsuits were filed between October and February 2022 claiming that Meta is in violation of the VPPA because its tracking pixel shares personal video consumption data with Facebook without consent.

These suits have met with mixed success. Some have been thrown out, some were voluntarily pulled, and others have been allowed to proceed. But companies are still nervous.

And so some are using cookie banners and tracking consent pop-ups on their websites as an ill-conceived shield from frivolous lawsuits.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Comic: Bark PatternsThe “cons” in consent

But there are a lot of problems with that “strategy.”

One: It’s reactive to lawyers as opposed to laws, at least in the US. There’s no legal basis for cookie banners outside of Europe. Most cookie banners are designed to address EU data protection obligations (and not all that effectively, if we’re being honest).

Unlike GDPR, which is an opt-in law, US laws mostly take an opt-out approach (other than for certain types of sensitive information).

Two: Cookie banners don’t help companies comply with US state privacy laws, none of which require consent pop-ups.

“These banners are regularly repackaged and marketed by consent management platforms as US privacy-complaint,” Daniel Goldberg, a partner at Frankfurt Kurnit Klein & Selz, told me. “Companies that deploy cookie banners may believe that they have satisfied ‘Do Not Sell’ and other opt-out obligations under US law when they actually have not.”

Three: People hate pop-ups, and the more they’re forced to see them, the less they register. Decision fatigue is real.

Four: Cookie banners are open to misinterpretation.

At an IAB Tech Lab Rearc privacy event in New York City in February, Jessica Lee, a partner and chair of the privacy, security and data innovation practice at Loeb & Loeb, told a story about her mother, who once commented that only websites that display cookie banners actually use cookies. Which is, of course, not the case. All websites use cookies.

Five: Companies need to be careful about the language they use in a cookie banner and the choices they offer. If a website gives someone the opportunity to opt out of all cookie tracking, for example, then that site is on the hook to honor the opt-out, even though it wasn’t legally required to ask.

“If someone clicks your opt-out and leaves your site with the impression that they’ve successfully been opted out of cookies and they haven’t been,” Lee said, “I think there’s even some risk of deception there.”

Well then. 🤯

Speaking of consent, I’d like to say thanks for opting in to receive this newsletter. Let me know what you think of it! Drop me a line at [email protected].

Must Read

Comic: Off-Platform Media

How RMNs Use MFA And Cheap Inventory To Game Attribution Rules

Retail media is built on its attribution quality, but real purchases can be gamed by programmatic metrics and create perverse incentives for RMNs to serve ads across low-quality inventory.

There’s A Lot Wrong With Google’s And Meta’s Non-Transparent ‘Refund’ Practices

Google and Meta are playing with fire. Their opaque refund practices have already exposed them to customer blowback – and could lead to class-action lawsuits by disgruntled advertisers.

Comic: The Great Online Privacy Battle

How US Intelligence Agencies Buy And Use Programmatic Data For Surveillance

Mike Yeagley, an independent contractor who has scouted and acquired commercial data and technology on behalf of intelligence agencies, is one of the earliest evangelists of using ad tech tracking information to identify and surveil government targets.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Comic: The MFA Cafe

Adalytics Report Torches Ad Tech For Touting MFA Prevention While Scarfing MFA Supply

Practically every ad tech vendor has put out a press release in recent months full of bluster about cutting out made for advertising sites – and yet supply sources remain oversaturated with garbage inventory.

Cloud-Based Collaboration Is Ad Tech’s Post-Cookie Lifeline – But Will It Last?

Cross-cloud data collaboration technology is the best bet for a post-cookie solution. But it’s vulnerable to similar privacy concerns.

Topsort Raises $20 Million To Seize The Post-Cookie Market Opportunity This Year

Topsort raised $20 million, with plans to seize the 2024 opportunity for post-cookie ad tech.