Essential Terms and Acronyms in Online Privacy and Online Advertising
As online privacy and advertising continue to evolve, understanding the key terms and acronyms used in this field is essential. Here’s an expanded list of important terms and their meanings, including those specific to Google:
1. GDPR (General Data Protection Regulation)
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
The rules on cookies are covered by the Privacy and Electronic Communications Regulations 2003 (PECR). PECR also covers the use of similar technologies for storing or accessing information, such as ‘Flash cookies’ and device fingerprinting.
The ICO is responsible for enforcing these rules.
Source: ICO -What are Cookies
21. Contextual Advertising
1. GDPR (General Data Protection Regulation)
- Definition: A comprehensive data protection law implemented by the European Union in 2018. It regulates how personal data of EU citizens must be collected, processed, and stored by organizations, regardless of where the organization is based.
- Key Points: Requires explicit consent for data processing, grants rights to data access and deletion, and imposes significant fines for non-compliance.
- Source: Official GDPR Website
- Definition: A state law enacted in California in 2020 that gives residents of California enhanced privacy rights and control over their personal data.
- Key Points: Grants rights to know what personal data is collected, delete it, and opt-out of the sale of their data. Applies to certain businesses that meet specific criteria.
- Source: California Attorney General's Office - CCPA
- Definition: Any data that could potentially identify a specific individual. This includes information such as names, addresses, email addresses, Social Security numbers, and more.
- Key Points: Protecting PII is central to many privacy laws and regulations around the world.
- Definition: A role mandated by GDPR for organizations that process large amounts of personal data. The DPO is responsible for overseeing the organization's data protection strategy and ensuring compliance with GDPR.
- Key Points: The DPO serves as a point of contact for data protection authorities and data subjects.
- Source: EU GDPR Portal - Data Protection Office
- Definition: An EU directive that complements GDPR by specifically regulating privacy and electronic communications, including cookies and tracking technologies used in online advertising.
- Key Points: Focuses on confidentiality, security of communications, and the regulation of tracking technologies such as cookies. Often referred to as the "cookie law," it requires user consent for most types of cookies and similar tracking technologies.
- Definition: A comprehensive data protection law enacted in Brazil in 2020, closely modeled after GDPR, that regulates the processing of personal data within Brazil.
- Key Points: Grants rights to data access, correction, and deletion, and imposes requirements on data controllers and processors to protect personal data. The law applies to both public and private entities processing data within Brazil, regardless of where the company is based.
- Definition: A data protection technique that replaces identifying information with pseudonyms, reducing the likelihood that data can be traced back to an individual without additional information.
- Key Points: Pseudonymization is encouraged under GDPR as a way to protect personal data while still allowing for its use in research or other legitimate purposes.
- Definition: A U.S. federal law enacted in 1998 that imposes certain requirements on operators of websites or online services directed to children under 13 years of age, including the need to obtain verifiable parental consent before collecting personal information from children.
- Key Points: Aimed at protecting children's privacy online, COPPA requires clear privacy policies and parental consent for data collection.
- Definition: A framework developed by the Interactive Advertising Bureau (IAB) to help digital advertising companies comply with GDPR and ePrivacy Directive requirements.
- Key Points: TCF provides a standardized way for companies to obtain, manage, and communicate user consent for data processing in digital advertising.
- Definition: The process of removing personally identifiable information from data sets so that individuals cannot be identified.
- Key Points: Anonymized data is generally not subject to GDPR, as it is no longer considered personal data.
- Source: UK Information Commissioner's Office (ICO) - Anonymisation: Managing Data Protection Risk
- Definition: The process of converting data into a code to prevent unauthorized access. Encryption is a key tool for protecting personal data, particularly during transmission.
- Key Points: GDPR and other privacy laws encourage the use of encryption to protect sensitive data.
- Definition:
- Opt-In: Requires users to actively consent to data processing or the receipt of marketing communications.
- Opt-Out: Allows data processing or communications by default, but provides users with the option to decline or stop it.
- Key Points: GDPR generally favors the opt-in model, particularly for marketing purposes, while CCPA allows for opt-out mechanisms.
- Definition: A principle that requires data protection to be considered from the outset of any new product, service, or business process. It involves integrating privacy features directly into the design and development stage.
- Key Points: Privacy by Design is a core principle of GDPR, ensuring that privacy is built into systems and processes, rather than being an afterthought.
- Definition: The principle that organizations should only collect and process the minimum amount of personal data necessary for a specific purpose.
- Key Points: GDPR and other privacy regulations emphasize data minimization to reduce risks to individuals and enhance privacy protection.
- Source: ICO Guide to Data Minimisation
- Definition: A method of online advertising that uses information collected about an individual's web browsing behavior to display targeted ads that are more likely to be relevant to that individual.
- Key Points: This type of advertising relies heavily on cookies and tracking technologies, which are regulated by laws like GDPR and the ePrivacy Directive.
- Source: Network Advertising Initiative (NAI) - Behavioral Advertising
- Definition: A Google initiative aimed at developing web standards for websites to access user information without compromising privacy. The Privacy Sandbox includes proposals like FLoC (Federated Learning of Cohorts), which groups users into cohorts based on similar interests rather than tracking individual behavior.
- Key Points: The Privacy Sandbox is designed to phase out third-party cookies while still allowing for personalized advertising, balancing privacy with the need for effective ad targeting.
- Source: Google Privacy Sandbox Overview
- Definition: A component of Google’s Privacy Sandbox, FLoC is a proposal to replace third-party cookies with a system that groups users into cohorts based on similar browsing behavior, reducing the need for individual tracking.
- Key Points: FLoC is intended to provide a balance between privacy and personalized advertising, though it has faced criticism and concerns from privacy advocates.
- Source: Google Privacy Sandbox - FLoC
- Definition: A tool developed by Google that allows websites to adjust how Google tags behave based on the consent status of users. This means that ads, analytics, and other tags can be automatically adjusted depending on whether the user has given consent for cookies.
- Key Points: Google Consent Mode helps businesses remain compliant with GDPR and other privacy regulations while still gathering useful data for analytics and advertising.
- Source: Google Consent Mode Overview
- Definition: Data collected directly from users by a website or application. This data can include information like purchase history, user preferences, and interactions with the website.
- Key Points: First-party data is becoming increasingly valuable as privacy regulations restrict the use of third-party data. It is seen as more reliable and privacy-friendly.
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
The rules on cookies are covered by the Privacy and Electronic Communications Regulations 2003 (PECR). PECR also covers the use of similar technologies for storing or accessing information, such as ‘Flash cookies’ and device fingerprinting.
The ICO is responsible for enforcing these rules.
Source: ICO -What are Cookies
21. Contextual Advertising
- Definition: A type of online advertising that targets ads based on the content of the web page being viewed rather than the personal data of the viewer.
- Key Points: Contextual advertising is often considered more privacy-friendly than behavioral advertising, as it doesn’t rely on tracking user behavior across different sites.
- Source: Interactive Advertising Bureau (IAB) - Contextual Advertising
- Definition: A framework used to regulate transatlantic exchanges of personal data for commercial purposes between the EU and the U.S. It was invalidated by the European Court of Justice in 2020.
- Key Points: The invalidation of Privacy Shield has led to ongoing discussions about cross-border data transfers and the need for new frameworks to protect data privacy.
- Definition: A request made by a data subject to access their personal data held by a company. Under GDPR and other privacy laws, companies are required to respond to these requests within a certain timeframe and provide the requested data.
- Key Points: DSARs are a critical component of GDPR, ensuring that individuals can exercise their rights over their personal data.
- Source: UK ICO - Subject Access Request