GUEST TRIAL: An Overview of the Degrees of Privacy Privacy Tech Companies Give to Your Digital Fingerprints



In recent years, brands have started to hit the line between convenience and privacy. Buyers love the convenience of the personalized experiences their data powers, but horror stories like the Cambridge Analytica scandal are making people skeptical about how much information companies should be collecting and sharing.

Related: Apple fights Facebook for consumer privacy

Basically it comes down to the identity of the underlying user, what data it contains, who generates that data, and where.

Here, we’ll discuss the implications for third-party tracking and data that have been most affected by recent privacy regulations and protocols. First of all, it is important to understand the different degrees of data privacy.

Degrees of confidentiality

Customers share their information either explicitly through forms and transactions, or implicitly through behaviors such as searches and click streams. Data explicitly provided by the user is considered zero-party data.

In e-commerce, this usually comes in the form of a sign-up, review, or purchase. This is used for communication, personalization and the targeting tactics that the user primarily engages in when submitting their information. Check out the examples below from the Forrester blog.

First-party data is different from zero-party data. The first part data is based on inferences collected from implicit or explicit events collected internally. Examples of this are user insights or cue-based personalization such as searches and clickthroughs. The user probably does not know what kind of behavioral information is being collected about him or how he is actively used. Users concerned about this tracking can turn off tracking and unsubscribe.

“Second party” data is essentially first party data from another organization. Marketers frequently buy or share first-party data from another partner organization. Another common scenario in e-commerce is multi-brand or multi-site situations where the customer profile is shared between sites.

Data collection red flags

All of this brings us to “third party” data. Third party data is generally collected, used and shared implicitly by a third party on the sites. A third party system could use a combination of a remotely hosted tracker and third party cookies for the web or MAIDs (mobile advertising identifiers).


These have been used by ad networks to retarget the user across multiple touchpoints across the web. The end user generally does not know what information is collected about them, how their information is used, or by whom. This raises a major red flag when it comes to privacy. Device fingerprint data is a good example of information that could be automatically shared without the user’s knowledge.

Of course, retargeting a user based on their interactions on other sites can help warm up a personalized experience and generate more relevant ads, but doing so without the user’s consent is a big no-no. . Regulations such as the California Consumer Protection Act (CCPA) in the United States and the General Data Protection Regulation (GDPR) in the EU address this issue, particularly where Personally Identified Information (PII) is involved.

It also prompted companies like Apple to build significant privacy protection into their Safari browser in 2017, which has now become standard in most major browsers. ITP not only restricts the tracking, but also the storage of user data in the form of third-party cookies or MAID. This has created a challenge for organizations relying on third parties for features like analytics and personalization.

Electronic commerce impacted

Third-party data restrictions primarily affect e-commerce marketing, personalization, and analytics functions. For example, remarketing through an ad network based on cross-site behavior will be a challenge. Likewise, building campaigns around third-party audiences will no longer be possible.

From a personalization perspective, retargeting experiences based on cross-site behavior will no longer be possible. The collection of analytical data requiring third-party trackers will be blocked, as well as the ability to generate information using third-party data.

As more e-commerce experiences leverage Customer Data Platforms (CDPs), CDPs that are not based on first party data will no longer be useful. Finally, by storing all third-party PII data, you put your business at risk in performing audits such as SOC?, ISO 27001. etc.

Some known workarounds exist, including:

• Hosting a tracker locally, for example on a subdomain or your main domain so that all traffic and storage are treated as third parties

• Use of server side API interactions to exchange data

• Integrate additional customer touchpoint data both offline and online into your business to increase your customer intelligence

• Using only zero and first party data only

First party superiority

Here are the big five that make first-party data superior to others we’ve discussed:

• Control: dictate what data you want to collect and how to collect it

• Context: Further enrich your data with additional environmental and situational data specific to your touchpoints

• Freshness: important for continuous, real-time 1: 1 experiences across touchpoints

• Accuracy: collected directly from your customers compared to third parties

• Low cost: no need to pay a third party for the data

A balancing act

Consumers now expect personalization, but they don’t want their every move tracked. Numerous studies show that predicted experiments based on first party intent are significantly more effective than prescriptive approaches based on calculated third party intent. Predictive approaches are possible by combining first party data with ML-based models.

Regulations and protocols go a long way in protecting consumer privacy without restricting the ability of organizations to deliver a phenomenal digital experience. Invest in technology that can collect first-party data and turn it into insights to deliver a better digital experience, without the creep factor.

About the essayist: Sanjay Mehtha is the Industry and E-Commerce Manager at Lucidworks, a San Francisco-based e-commerce solutions provider that enables personalized search, navigation and discovery.

*** This is a syndicated blog from The Last Watchdog’s Security Bloggers Network, written by bacohido. Read the original post at:


Leave A Reply

Your email address will not be published.