Each week we look at the most recent events and trends related to data security and privacy. This week we’re going to talk about those annoying cookie preference notices that pop up when you visit a website. The Weekly Breach Breakdown is possible thanks to the support of Experian.

Show Notes

Learn more about ITRC's new data breach dashboard here: notified.idtheftcenter.org/s/

Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter

Show Transcript

Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for July 2nd, 2021. I’m James Lee and our podcast today is possible thanks to support from Experian.

Each week we look at the most recent events and trends related to data security and privacy. This week we’re going to talk about those annoying cookie preference notices that pop up when you visit a website.

Back in 1958, filmmaker Louis Malle released The Lovers; a movie so racy that it was banned in some states as “obscene.” That didn’t stop a theatre owner in Ohio from screening the film…leading to his arrest and ultimately what is believed to be the most quoted line from a US Supreme Court ruling. 

The question before the court was how to define “obscene?” That prompted Justice Potter Stewart to write in his opinion overturning the criminal conviction – and I’m paraphrasing – I don’t know how to define pornography, but I know it when I see it.

That’s kinda how it is with cookie notices and other privacy notices on websites these days. I don’t know how to describe what’s a good one, but I know one when I see one.

Cookie preferences can be traced directly to the European Union’s now three-year-old privacy law, the General Data Protection Regulation or GDPR. It requires knowing and informed consent before data can be collected about an EU resident by a company anywhere in the world.

That provision has doomed some kinds of cookies and data collection practices in the EU such as web tracking cookies since it’s impractical to get permission from a website visitor each and every time a tracking cookie is ready to attach…BEFORE…the snippet of code is launched to collect your information. 

For the remaining forms of allowable cookies, that’s where the cookie preference notice comes in – you have to give your permission if you are in the EU and in the US, many companies who have to be GDPR compliant and give you the chance to set your own cookie preferences, even though they don’t have to.

Other companies in the US try the old “negative selection” approach for non-EU visitors. That is to say you’ll see a notice that says something to the effect of “if you continue to use our website, you are agreeing to our policies including the use of cookies.”

That’s not allowed under the GDPR for EU residents, but it’s fair game in the US for now. Increasingly, states are giving consumers the right to opt out of data collection and use under new privacy laws. 

Some web browsers – including SafariFireFoxDuckDuckGo, and Brave – allow you to block most cookies, too, even if the website owner does not give you any cookie control.

Notice I said, “block most cookies.” There are cookies that are beneficial and do not collect mass amounts of data about you and where you go on the web. They are known as “essential” and “performance” cookies and they help ensure you have a good website experience. When given the choice of allowing those kinds of cookies, you’ll be fine if you accept those.

The key here is consent. Giving you the ability to decide for yourself if you want to load up on cookies so you can see more ads about Nike Air Force One sneakers as you travel the interwebs.

So what makes a good cookie preference notice? One that starts with all cookies being turned off so you can choose to enable them. That makes it easy to know “it” when you see it.

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org where you’ll find helpful tips. You can also sign-up to receive our regular email updates on identity scams and compromises …and…look for our analysis of data breaches in the first half of 2021 that will be released on July 7th.

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next. You can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours. 

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast – the Fraudian Slip – and we’ll be back next week with another episode of the Weekly Breach Breakdown. Thanks for listening.