An analysis on how online privacy matters for both consumers and marketers.
Presentation for the course "Digital Technology an Design"
Lecturer: Eoghan Nolan
Students: Eiva Orce, Matteo Balzarini and Lara Zaccaria
UCD Smurfit presentation: Cookies & Online Privacy
1. Presented by
Lara Zaccaria
Eiva Orce
Matteo Balzarini
COOKIES PRIVACY
MKT42050
Digital Technology & Design
UCD Michael Smurfit
Graduate Business School
2.
3. 1.Browser request a web page
2.Server sends page + cookie
3.Cookie back when requesting another page
Set Cookie: value[; expires=date][; domain=domain][; path=path][; secure]
EXPIRE OPTION Set-Cookie: name=optimizelySegments; 19 FEB 2025 17:33:58 GMT
DOMAIN OPTION Set-Cookie: name=optimizelySegments; domain=zara.com
PATH OPTION Set-Cookie: name=; optimizelySegments; path=/
SECURE OPTION Set-Cookie: name=optimizelySegments; secure
Encoding cookies: Zara.com
4. The Cookie Trial
businessconsumer
Navigation
experience
Effective functionality
of website
Interaction between
user and website
Analytic data
Insights of user
Improve
Browsing experience
Maximize advertising
effectiveness
Privacy
Inaccuracy
Big data
Obey the law
5. EU Digital Agenda 2020
Action 28
Reinforcing
network and
information security
policy
10-year strategy
plan
A single digital
market
Pillar III
Trust
and Security
Future
Considerations
6. Online Privacy
Proliferation of means
to store data in browsers
To amplify UX and
marketing
Trade off:
Personalized UX
Privacy
Websites
privacy policy
Protects against physical
psychological and
financial harm
businessconsumer
Local history accessible
via CSS and Js
Webbugs with trakcing ids
Difficult to guarantee
Fast innovation
7. Difficult to opt out
You have the right to reject
and delete the cookies
Google case: how much
they know about you?
Compulsory with cookies,
remarketing and Analytics
Always include what cookies
are present and what
information they gather
Iubenda: Privacy Policy
generator
Legal document that states what kind of information
are being collected, for what purposes, who it may
be shared with and for how long it will be retained
businessconsumer
Website Privacy Policy
8. No opt out
Data stolen: with
and without permission
MyPermissions app
Compulsory to have
You must Decide what
data do you want
TRUSTe mobile privacy
policy generator
businessconsumer
Mobile Data Policy
9. businessconsumer
EUUS
The Right to be Forgotten
More control
Federal Trade
Commission
Less control
European
Cookie
Law
Privacy Policy: EU Vs. US
10. Tracking & Fingerprinting
Behavioural tracking
Third parties gain
more access to data:
Analytics
Advertising
Social elements
New browser extensions
to protect data
transmission
Security reasons
Data retention
Spam
businessconsumer
Fingerprinting is hidden
11. Safe & Anonymous Surfing
Freedom of access
to information
businessconsumer
Security breaches
& Identity theft
Remarketing
Ads preferences
Behavioural tracking
User location control
Presenting the cookie
Back to 1994- Netscape creates the “magic cookie” to maintain browser state during connection problems. Its implemented and stored without public knowledge in 1995 and becomes public in 1996 with an article from the financial times.
Describing a cookie in few words; it’s a small text file (4KB) each where the server asks the corresponding browser to store the cookie on your computer or mobile device.
The cookie will allow website to remember your actions and preferences overtime. With regards to numbers, the browser is able to store 3000 cookies, 50 per server.
Sources:
http://www.allaboutcookies.org/
http://en.wikipedia.org/wiki/HTTP_cookie
How do we encode cookies?
We will use ZARA.COM to explain how to encode a cookie. Zara is a spanish clothing and accesory global retailer, starting offering online shopping since 2010 with the use of cookies.
First step to encode a cookie: Understanding the Functionality- in our example we have used firefox as our web browser.
Firefox will request a web page to zara.com. Zara.com will send the browser the page requested + cookie. If brower requests another page, cookie will be send back to the server in order to record preferences and send the new requested page.
Second step to encode a cookie: Currently Zara.com uses 13 types of cookies. We can classify the cookies used by theme, lifespan and domain.
By theme:
1)Technical cookies: they help zara.com identify the user ID. With this cookie user can create an account, sign in and manage shopping activity. An example of this cookie: JSESSIONID.
2)Functional cookie: they help zara.com identify your preferences such as language, country, currency etc. The website will be more effective and efficient.
3) Analytics cookie: they help zara.com gain user insights, find out what works and what doesn’t and best ways to optimize website to ensure it’s always interesting and relevant for user.
4) Commercial cookie: they are third party cookies.
By lifespan:
Session cookie
Persistent cookie
By domain:
First party cookie
Third party cookie
Third step, encoding cookie: Server sends cookie with HTTP header called set cookie. The set cookie is composed of a value and 4 optional elements. The value will be the name of the cookie. If there are multiple cookies for same request:
Cookie= value1, value2
Name1=value1, name2=value2
Expire option: Indicates when the cookie should no longer be sent to the server and deleted by browser. Format with screenshot: 19 FEB 2025 17:33:58 GMT
Domain option: Indicates the domain for which the cookie should be sent. With our example its domain= zara.com
Path option: Indicates another option where the cookie will be sent. Path= /
Secure option: There is no added value specified. By default a cookie will be sent only when request is using SSL and HTTPS protocol
Example of zara.com cookies with screenshot
Sources:
http://www.nczonline.net/blog/2009/05/05/http-cookies-explained/
http://static.zara.net/static//pdfs/CH/privacy-policy/privacy-policy-en_CH-20131125.pdf
http://en.wikipedia.org/wiki/HTTP_cookie#Setting_a_cookie
What are the benefits of using cookies?
For consumers/users
1. Improve navigation experience
Example: the use of functional cookie- it will remember your preferences such as language and location. Besides user preferences, there is no storage of sensitive data.
2. Improves website functionality by delivering the right content to the user.
3. Offers a faster and easier interaction between user &website. The browsing experience is enjoyable and efficient- plus saves time.
For marketers/business
Great tool to gain customer insights- understand customer’s shopping behaviour
Improves browsing experience- understand customer’s journey
Helps advertising effectiveness- offering the right content/product/service to the right user in the right time and place.
What are the drawbacks of using cookies?
For consumers/users
1. Privacy concerns- where’s the limit of use of data?
2. No real choice to disable cookies- affects the functionality of website
3. Inaccuracy of data
For marketers/ business
Big data- understand how to analyse big data
The need to obey with EU laws
Digital agenda for Europe 2020- Driving European growth digitally
The digital agenda’s main objective is to develop a digital single market in order to generate smart, sustainable and growth in Europe- Includes: 101 Actions/ 7 Pillars
III Trust and security
Key objectives:
Reboot EU economy and enable EU citizens and business to get most out of digital.
Recognition of fundamental right of protection of personal data
They conducted market research in EU towards the attitude on Data Protection and electronic Identity- EUROBARAMETER 359
Key highlights- Scenario:
-70% of Europeans are concerned that their personal data held by companies may be used for a purpose other than that for which it was collected.
-As regards the “right to be forgotten”, a clear majority of Europeans (75%) want to delete personal information on a website whenever they decide to do so.
-Only 12% of European web users feel completely safe making online transactions.
-Personal data would be better protected in large companies if these companies were obliged to have a data protection officer (88%).
Actions taking place: example: Action 28- Reinforcing network and information security policy
In 2012: Established CERT-EU, a computer Emergency response team for the EU institutions, on a permanent basis.
In 2013: Present a proposal, for a cyber security strategy of the European union
In 2014: Work with European parliament and council (action 123)/ implement the EU cyber security strategy (action 124)
Future considerations to keep ongoing growth in the digital era.
The need to reinforce trust- we believe by launching a EU awareness campaigns throughout the year and the need to promote e-Skills for 21st century.
Sources:
https://ec.europa.eu/digital-agenda/sites/digital-agenda/files/report_eb_743_eid_just_jrc_en_full_report_final.pdf
With the huge growth of internet usage for a variety of activities, online Privacy it’s gaining more and more importance
As the focus of online activity migrates from desktop and laptop computers to smartphones and other mobile devices, the mechanisms for protecting your privacy continue to evolve.
As discussed in the previous lecture online privacy aims to protect consumers against physical, psychological and financial harm, by imposing rules on how businesses communicate and use the data they collect from users. Terms of services present on websites generally state the policy of use.
The more technology evolves, the more we assist to an important trade-off between the need and request form savvy and evolved consumers for a personalized user experience, and the necessary data collection and use by companies to develop products able to satisfy these requests. All this, often to the detriment of online privacy, since the same data is often used to build a more effective marketing communication with consumers (i.e. remarketing)
Moreover, as often happens with technology and its fast innovation pace, governmental regulations tend to become quickly outdated leaving consumers on their own when trying to deal with privacy risks.
The Privacy Policy should state what broad classes of information are being collected, for what purposes, who it may be shared with and for how long it will be retained.
It is a nice to have to create a better environment online and to protect your business from lawsuits (http://www.opentracker.net/article/how-write-website-privacy-policy )
On the user side:
1. It is hard to opt out: (https://ssd.eff.org/en/module/protecting-yourself-social-networks)
Sometimes could be hard to access a website without accepting the cookies because they don’t have pop ups or there is no option to reject them.
2. But you have the right to reject and delete cookies, for example with Chrome PlugIns
3. Google (http://www.stayonsearch.com/does-google-have-a-record-on-you-how-to-protect-yourself): how much they know about you? (http://www.google.com.ng/goodtoknow/online-safety/security-tools/)
• position
• IP address
• email conversations
• personal data from Wallet
• personal details
• preferences and interests
• google+
So how to protect yourself?
• sign-out when you use search and maps
• set your browser to block the cookies
• check Google’s privacy tools page
• use two gmail accounts, one for business and personal branding, and one for personal stuff
From a marketer side:
Compulsory when your website:
• is on WordPress or other CMS
• has Google Analytics or other analytics
• has flash
• Google AdSense or AdWords
• Shopping basket
• Cookies
• targeted and retargeted ads
• “contact us” form
• support transactions
• customized user experience
• log in portals
• email subscription
- Always include:
• what cookies are
• what info is collected
• what is done with info
• how to reject / delete / accept cookies
• explain there are no harmful technical consequences or risks
The most important thing to do is to follow your privacy policy and store the data in a secure way. (http://www.socialmediaexaminer.com/how-to-craft-a-privacy-policy-for-your-website/)
3. Iubenda (http://www.iubenda.com/it) or Privacy Policy Generator (http://www.freeprivacypolicy.com/)
privacy policy generators but it is better to contact a lawyer or use an EU form.
Mobiles are compact storehouses of personal data.
2. Stolen Data:
They theoretically can track all movements.
- the microphone and camera can be activated remotely.
apps can access every phone call, email or text sent or received, as well as every site visited and every tweet tweeted. Some can even send messages under your name without your knowledge (http://www.computerworld.com/article/2487422/data-privacy/evan-schuman--what-to-include-in-your-mobile-privacy-policy.html)
Examples of apps that retain your data:
• Foursquare (Email, Phone Numbers no warning)
• Instagram (Email, Phone Numbers, First, Last warning)
• Facebook (Email, Phone Numbers, First, Last warning)
Twitter for iOS (Email, Phone Numbers, warning)
(http://gizmodo.com/5885321/how-iphone-apps-steal-your-contact-data-and-why-you-cant-stop-it)
3. MyPermissions app: get alerts when apps (and websites) steal your data (http://mypermissions.org/)
From a marketer side:
3. TRUSTe: free mobile privacy policy generator but it is better talk with a lawyer. (https://mobile-store.truste.com/customer/free-account)
The right to be forgotten:
User: http://searchengineland.com/google-right-to-be-forgotten-form-192837
Marketer: http://www.searchenginejournal.com/google-updates-right-forgotten-notification/117714/
If you de-index the URL it’s back on SERP with that content with a rapid recovery of the previous value and position. (http://moz.com/blog/we-deindexed-followerwonk )
TOR / VPN
Our classmates already spoke about Tor and how it works, so today I’d like to show you Private Internet Access, which is a VPN service.
VPN stands for Virtual Private Network, which essentially is a network of computers who filter your traffic in order to make you anonymous.
VPN can be used to encrypts your connection with an anonymous IP, to protect your privacy. Your traffic is encrypted and passes through
This is beneficial if you want to access content which has been restricted by government censorship (i.e. Facebook and part of google in China), geographic censorship or simply to have a more secure ocnnection when using internet in public places (i.e. Starbucks, Airports etc.). This prevents your ISP (when you are at home) or Starbucks to log your traffic data and know what you do online
The peculiarity of PIA is that they don’t log any traffic data form you, making it one of the most secure.
BLUR
ABP + PRIVACY BADGER