Privacy vs. Privacy

The General Data Protection Regulation (GDPR for short) is intended to protect us from our personal data being processed without our consent. We all feel the effects in the form of the cookie banners, which you now have to confirm on almost every website – honestly, most of them are only clicked away.

What data is being collected?

A legally flawlessly structured cookie notice contains information on all third-party providers represented on a website. This list can be quite extensive and may contain Webanalysis-Services, Advertising-networks, Social Media plugins, Chat-Services for customer support and much more. Each provider must be listed separately – if the site uses multiple advertising networks, they must all be listed individually.

Which data a service collects is explained in the data protection declaration of the respective provider. A user who wants to find follow up the usage of his personal data has to do a lengthy research.

What is always transferred when a third-party script is called:

  • IP-Adress
  • Browser
  • Timestamp
  • in most cases also the referer (site currently visited)

And of course the cookies that have been set by this particular provider. These often contain a unique ID so that the user can be tracked across multiple pages.

Third Party Cookies

Browser manufacturers are increasingly blocking cookies, which allow tech companies to track the user across multiple pages. Safari took this step a long time ago, as did Firefox – and advertising giant Google has now announced the end of third-party cookies in Chrome. The cookie tracking time is running out – and hopefully with it the time of the cookie banners.

Technologies such as fingerprinting are also increasingly being prevented by current browsers, making it more and more difficult for technology providers to clearly identify users.

The browser manufacturers want to show that they take data protection seriously and have earned the trust of users. In the battle for market share, this issue now plays a role that should not be underestimated.

A victory for data protection?

It all sounds like it helps to effectively protect user data. The corporations dutifully implement the instructions of the EU, block the bad cookies and the insidious fingerprinting, create concepts for more data protection and inform the user what happens with his data. Brave new data protection world?

On the contrary, the advertising market in particular fears severe losses due to the elimination of third-party cookies – they have so far been used for retargeting, remarketing, segmentation, interest-based advertising and of course for conversion tracking and campaign control. The fact that Google now wants to focus on more data protection with the Chrome browser and at the same time makes the lion’s share of its sales in the advertising sector should give food for thought.

The goal of the big players in the advertising market is to build closed ecosystems – these make it possible to create user profiles that can then be used for advertising. The most prominent example of this is probably Facebook, when you register you agree to the provider’s conditions and from then on you are also integrated into the Facebook advertising system. Services such as logging in with Facebook on other pages enable even more detailed profiling.

Google’s endeavor not to lose the Chrome browser’s market share due to a lack of data protection is also logical. After all, many Chrome users are also logged in with their Google account and can therefore be clearly identified. The new ad targeting approach with FLoC (Federated Learning of Cohorts), uses data that is collected with the browser. Based on the pages visited, the user is assigned to a segment that can then be targeted with advertising. This is intended to offer better data protection, whilst not being less effective that advertising based on cookies.

Profiles are to replace the cookie

Profiles for logging into various websites such as login with Facebook, Google or the German counterpart netID allow the provider to collect data and at least partially track the user’s path through the web.

Pages on which users spend a lot of time, such as Facebook or Amazon, also have extensive data – who is interested in a message or a product, who buys or comments, who is online at a certain time… These profiles are highly valuable for advertising.

The creation of a profile directly in the browser offers the most comprehensive options – which pages were visited for how long and which search terms did the user type in, for example.

Whether and how this data is used by the companies mentioned above has not been stated – but the possibilities are available and very extensive.

Who are the losers?

It becomes problematic for smaller technology companies who control their advertising service via cookies and do not use any profiles other than the user ID in the cookie. With the elimination of third-party cookies and the suppression of fingerprinting, they will soon no longer have the option of delivering targeted advertising or measuring the success of the advertising campaigns.

The new data protection world doesn’t make everything better for users either – those who “previously” deleted their cookies from time to time have already escaped a large part of the profiling. In the future, you will have to deal with settings in several login portals and of course also in the browser that regulate who can access which data.

What´s the benefit about privacy regulations?

The basic idea of GDPR is good – everybody should be able to control the usage of his personal data. The problem in this case is in front of the screen, in the form of users who would like to have every app for free, who do not want to pay for their email account, who confirm every text containing more than 10 sentences with “Accept”.

“If you are not paying for it, you’re not the customer; you’re the product being sold.” This sentence sums up the problem well – if you are not willing to pay for a product, you have to expect that the provider earns his money elsewhere. In that case with the users personal data.

GDPR has not changed the fact that many services are used free of charge and the providers have to cover their costs. After data protection has made monetization more difficult in many cases, it is now time to find new possibilities. Ultimately, a game of cat and mouse, the legislation tries to protect the user, the industry is exploring the limits in order to still be able to use as much data as possible.

So-called walled gardens, in which the user can only use the service after registering and thus enables extensive profiling, also circumvent many restrictions of data protection law by registering on the platform and agreeing to the terms of use.


Ultimately, data protection should be in the interest of the user, whoever has not dealt with cookies in the past will hardly start to struggle through the data protection settings of various platforms and browsers.

But this is what would be needed to take control of personal data. Legislation can only form a basis but not replace the user engagement for his own privacy. No company that earns its money with advertising has an interest in excluding itself from user data – the settings for data protection are structured accordingly.

If your data is important to you, you should actively deal with the topic and take appropriate measures instead of relying on politics or the data protection promises of companies.

Leave a Reply

Your email address will not be published. Required fields are marked *

Image(s) licensed by Ingram Image/adpic.

Aktuelle Beiträge