.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
Bucking industry trends (and its own plans), Google has announced that it will not be phasing out support for third-party cookies after all. For any Lord of The Rings fans out there, I’m reminded of when Bilbo hesitates to leave the ring to Frodo after his birthday party in The Fellowship of the Ring. “After all, why not?” said Google (more or less) in its blog post. “Why shouldn't I keep [third-party cookies]?"
The announcement comes after multiple postponements of its third-party cookie deprecation. Now, it appears that Google will be taking a hybrid approach that “lets people make an informed choice that applies across their web browsing,” combining its proposed alternative, the Privacy Sandbox, with third-party cookies. Google’s post isn’t exactly clear on what this approach will look like in practice, but more details will surely come in the future.
So, what does this mean from a consent management perspective?
Not much! Third-party cookies can violate data privacy rights but are perfectly fine when managed correctly. At the same time, first-party cookies still collect personal information that requires consent under data privacy regulations. If you choose to use third-party cookies on your website, you’ll just need to configure your consent management solution appropriately.
Meanwhile, other browsers’ decisions to drop support for third-party cookies and Google’s wavering on this subject have encouraged businesses to seek new and more privacy-conscious approaches for data collection and advertising. Regulators, too, seem to be ramping up enforcement across industries and jurisdictions. For consumers, it seems unlikely that this news will result in any rollback to their data privacy protections.
So ultimately, while the headline may have given you whiplash, it may not amount to all that much change in terms of the state of data privacy. That, of course, depends on what Google chooses to do next.
Best,
Arlo
P.S. Speaking of the rapidly changing data privacy landscape, if you’ve been feeling a bit overwhelmed by the tangle of data privacy regulations your organization is subject to, we’ve got just the webinar for you. “Navigating the Regulation Jungle: Be Compliant, Work Efficiently, and Stay Sane” goes live August 1st at 1 PM EST!
Top Privacy Stories of the Week
Google Won't Be Scrapping Third-Party Cookies on Its Chrome Browser Anymore. Here's What That Means
Google has decided to keep third-party cookies in its internet browser after years of pledging to scrap them. In an announcement on its blog, the internet company said it would not be "deprecating third-party cookies” anymore. Instead, Google promised to introduce a new feature of its internet browser that "lets people make an informed choice that applies across their web browsing.”
AI Mass Surveillance at Paris Olympics—A Legal Scholar on the Security Boon and Privacy Nightmare
During the upcoming 2024 Paris Olympics, government and private companies will be using advanced AI tools and other surveillance tech to conduct pervasive and persistent surveillance before, during, and after the Games. The surveillance plans are so extensive that the country had to change its laws to make the planned surveillance legal. In the article below, a legal expert breaks down the ramifications of this plan.
Oracle Coughs up $115M to Make Privacy Case Go Away
Oracle has agreed to a $115 million settlement to end a two-year class action lawsuit that alleged misuse of user data. The settlement ensures Oracle commits to addressing the alleged privacy violations through binding promises that it will "not capture certain complained-of electronic communications and will implement an audit program to review its customers' compliance with contractual consumer privacy obligations."
Health Data in the Cloud—New Law in Germany Raises the Bar
Effective immediately, processing German health-related personal data may only be carried out in Germany, the EEA, or in a third country that provides adequate protection as per a European Commission decision. If data processing is carried out in a third country providing adequate protection, providers of cloud computing services are further required to have a residence within Germany. In short, this means that other safeguard mechanisms such as the execution of Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCR) will no longer be considered an adequate guarantee for global companies that provide cloud computing services when carrying out some and/or all of the healthcare-related data processing for German clients in a third country that currently does not provide an adequate protection as per a European Commission decision today.
Senate Majority Leader Chuck Schumer Tees Up Vote on Children’s Online Safety Bills
Senate Majority Leader Chuck Schumer will soon bring two key kids online safety bills up for a vote after securing enough support for passage, his office said. Specifically, the chamber will vote on Sens. Richard Blumenthal and Marsha Blackburn's Kids Online Safety Act and Sens. Ed Markey and Bill Cassidy's Children's and Teens Online Privacy Protection Act.
Osano Blog: First-Party vs Third-Party Cookies: What's the Difference?
In the wake of Google’s announcement that it will no longer be phasing out third-party cookies, you might be wondering: what exactly is a third-party cookie anyhow? Our blog covers all the basics.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!