Many companies participate in behavioral advertising networks. In order to participate in a network, a company places code on its website that permits a third party (the behavioral advertising network) to either (1) place tracking technology (e.g., a cookie) on the computer of people who visit the website, or (2) receive information that a visitor’s computer transmits to the website that the visitor intends to visit. This might include, for example, a GET request whereby the consumer’s computer asks the website to load a webpage, or a POST submission whereby the consumer transmits information about themselves (e.g., email address, search query, etc.) to the website. The third party behavioral advertising network collects and aggregates the information in order to monitor a consumer (or at least the consumer’s computer) across all of the websites that participate in the network and to build a profile from which the behavioral advertising provider can discern characteristics about the consumer to help deliver targeted advertising.
In order to benchmark the use of advertising cookies, BCLP reviewed the websites of each company listed on the Fortune 500.1 Among other things, BCLP’s full analysis, which is available to firm clients, includes the quantity of advertising cookies identified between and among industries. BCLP also looked at the degree to which cookie usage patterns varied within industries. For example, BCLP reviewed the standard deviation between the number of advertising cookies utilized by the participants within a single industry. A low standard deviation indicates that industry participants’ usage of advertising cookies tended to be close to the average; a high standard deviation indicates that the values are spread out over a wider range.
The following industries had the greatest standard deviation (i.e., the greatest discrepancies between and among members): retailers, manufacturers of paper products, sellers of computer and peripheral equipment, and insurance companies (property and casualty). For example, among property and casualty insurance companies, some members were deploying 37 advertising cookies whereas others chose not to deploy any cookies.
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. Websites of each company were reviewed during the first quarter of 2020 from an IP address associated with Los Angeles, California, using Chrome for iOS Version 79.0.3945.88 (official build) (64 bit). Advertising cookies were identified using Ghostery for Chrome Version 8.4.4. In situations in which a Fortune 500 company was a holding company that did not operate a significant website, the website of one of the holding company’s operating units was examined.