Never Mind Google’s Crumbling Cookies, It’s Retailers Who Are At Risk
Written by Frank HayesIn the wake of Google’s latest privacy fiasco, is it time to give up on cookies? Last Friday (Feb. 17), a Stanford University researcher reported that Google and three other advertising companies use cookies on Apple’s Safari Web browser even when it’s set to block cookies. The backlash has increased scrutiny on how Google uses cookies—but any new regulations will affect cookie-using E-tailers, too. That same day—coincidentally—Facebook was sued for its own cookie mishaps.
With cookies already under tighter controls in the U.K. and the European Union, and the near-certainty of some sort of U.S. Congressional hearings, retailers should be making new customer-tracking plans—plans that don’t include cookies.
The Stanford research, by grad student Jonathan Mayer, called out Google, Vibrant Media, Media Innovation Group and PointRoll as having circumvented Safari’s cookie policy, which by default blocks third-party cookies. Within days, Microsoft also accused Google of sneaking cookies past the defenses of Internet Explorer. (That finger-pointing is a little harder for Microsoft to support, because Amazon and at least 11,000 other sites have also used the same trick on IE—a trick that, according to Google, was originally recommended by Microsoft to work around an IE bug.)
The uproar has had the usual results, thus far including a class-action lawsuit, a proposed Federal Trade Commission investigation and a probe by the U.K.’s Information Commissioner’s Office. All that is happening in the context of Google’s plans to merge the data it has collected on each user on March 1, which already had privacy proponents complaining.
But it’s cookies that get most of the privacy attention. Lawmakers and regulators are skittish about any broad ban on the collection of data about customers, because the government types know that would make modern retailing almost impossible and cripple many other types of businesses. But cookies are specific and something that Web browsers are already supposed to be able to block. They make an easy target.
And because almost all online retailers use cookies to track customers, any real results from a Google backlash will require retailers to make changes in the way they use cookies. Cookie regulation is already in place in Europe, and it is written so that it’s illegal to place most cookies on a European customer’s PC without an explicit, informed opt-in.
The Facebook lawsuit, filed in a California federal court, accuses Facebook of using its cookies to track the Internet activity of consumers after they have logged out of Facebook, even though its terms of use promise it wouldn’t.
The lawsuit said that a Facebook engineer, Gregg Stefancik, confirmed the problem after a security researcher reported it. The lawsuit quotes him as saying there was a bug where the cookie data “was not cleared on logout.”
All of which should spell the death of cookies in E-Commerce. Yes, they’re an easy way to track customers as they wander through your Web site and to collect CRM data along the way. But as they’re increasingly regulated, cookies will become less and less useful to retailers, because there will be fewer things you can do with them—and increasing numbers of customers who can actually block them.
What may be just as problematic is the fact that cookies can no longer give a retailer a competitive advantage.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
