Between convenience and privacy: the double-edged sword of cookies

Privacy under the microscope: Facebook and Cambridge Analytica

Probably, many of us became aware of the importance of the personal information we leave online every day in March 2018, when the Facebook, Cambridge Analytica, and the U.S. presidential election scandal exploded.

If you don't quite remember the details, here's a brief summary: this case exposed a series of questionable practices regarding the collection and use of Facebook users' personal data without their explicit consent.

Cambridge Analytica was a British data analytics company that worked for political campaigns, known for its focus on data modeling and electoral influence. This company acquired data from up to 87 million Facebook users through a personality quiz app called "thisisyourdigitallife". About 270,000 people downloaded the app and consented to it accessing their data.

The British company used the collected data to build detailed psychographic profiles of U.S. voters. These profiles were then used to target misinformation campaigns and highly personalized political ads on the Facebook platform, particularly during the 2016 U.S. presidential campaign.

The scandal resulted in intense public criticism of Facebook for its handling of data privacy and its policies. We all remember the image of Mark Zuckerberg testifying before the United States Congress. As a consequence, in 2019, Facebook was fined $5 billion by the Federal Trade Commission (FTC), the largest fine ever imposed by the FTC. The company also agreed to implement a new privacy framework.

This case was covered by all the media and became a turning point in the collective awareness of online data privacy. It sparked debates about the regulation of social media platforms and the protection of user privacy. But the issue didn’t start there; it had been a topic of discussion in Europe since the early 21st century.

What are cookies and how do they affect us?

Every time you visit a website, the page leaves a small text file stored in your browser: that’s a "cookie". Cookies were created to improve the user experience, such as not having to log in every time you visit your most frequented pages or having the site remember your preferred language for navigation. Cookies also collect data on how users interact with a website, helping developers understand user behavior, improve the site's design, and optimize content.

Later on, that personal information started to be used for advertising purposes and even malicious intents. For example, session hijacking, where an attacker obtains your login cookie from a site and uses it to impersonate you, gaining access to your accounts and private information.

I was one of those who thought there was no problem with companies using the information they collected about me, and that, on the contrary, it benefited me with more ads for products I was interested in and fewer for things that had nothing to do with me.

But over time, I changed my mind, because I learned from technology influencers like Santiago Bilinkis. This week, I watched one of his videos where he mentioned that an app we use to get around the city took the percentage of battery left on your phone as a determining factor to calculate the fare for the trip. If it detected that you were about to run out of battery, it was likely that you were desperate to get the ride quickly, so the cost of that trip would skyrocket. Anyway, they’ve already changed the algorithm, and it doesn’t happen anymore, but it really made me think.

Legislation on the use of cookies

Initially, companies tracked cookies without the user's knowledge, but legislation evolved, and better practices were enforced. Now, fortunately, we have to deal with the annoying pop-ups asking us to accept the use of cookies when we visit a site for the first time.

Concerns about online privacy and cookies began to emerge in the 1990s, when cookies were increasingly used to track user behavior on the internet. However, laws to regulate this didn’t come until 2002 in the European Union, with the 2002 Electronic Privacy Directive (updated in 2009) and the General Data Protection Regulation (GDPR) of 2018, which established strict rules on the use of cookies and user consent.

With the 2018 regulation, the aim is to give users more control over their data and how their online behavior is tracked. Additionally, websites must inform users about the use of cookies and obtain their consent before collecting any data.

For advertisers, the regulation made it more difficult to target specific audiences based on their previous browsing behavior, so they sought alternative methods to collect data and direct advertising. One of the methods is to inform users and ask for consent regarding data collection.

Another way to target advertising to the right people is through "fingerprinting," which collects information about the browser and device to create a unique profile of the user. In my view, this technique, although it does better protect people's digital identity, is not very different from the use of cookies.

Meanwhile, as part of its Privacy Sandbox initiative, Google is developing technologies aimed at enabling personalized advertising without compromising individual privacy, replacing third-party cookies with solutions like FLoC (Federated Learning of Cohorts).

What can we do to protect our online privacy?

The most important point is that there is increasing awareness about the implications of giving away personal information at every moment.

If, like me, you want to start taking better care of your privacy, here are some habits I'm trying to implement:

1. Configure the privacy settings in the browser you use to block or limit third-party cookies and other forms of tracking.

2. Install extensions in your browser. There are some designed to enhance privacy, such as ad blockers, cookie managers, and anti-tracking tools.

3. Keep your browser and operating system up to date, as updates that improve security and privacy are constantly being released.

4. Log out of websites after using them. I know it's very annoying, but this habit can help you prevent session hijacking. In fact, I try not to browse any site that requires login on computers that are not mine.

5. Be careful with public Wi-Fi. Although we constantly hear about the precautions to take when using public networks, many people think, "It won't happen to me." I used to think that way too. We need to be aware of the security risks when using public networks and avoid sensitive activities, such as logging into your online banking using those connections. There is a lot of advertising for VPN tools that claim to protect you in these cases, but I don't know how reliable they are. If someone has experience with this and wants to share it in the comments, it would be really valuable for everyone.

6. Following a tech influencer you like to stay updated on safe online practices and be aware of security threats we may not know about is a great idea.

I’m lucky to work at a company that, among other things, specializes in cybersecurity, which is why I can share this article with them and ask for their expert recommendations. En el en el próximo artículo les comparto sus comentarios.

By Santiago Pennino, CMO of Quantik.

Santiago has a degree in Advertising and has extensive experience in media agencies and the tourism industry. He is currently serving as the CMO of the Quantik group.

Throughout his professional career, he has held leadership roles at Despegar.com and various advertising agencies, focusing on assisting companies with their digital transformation and brand development.