Many companies participate in behavioral advertising networks. In order to participate in a network, a company places code on its website that permits a third party (the behavioral advertising network) to either (1) place tracking technology (e.g., a cookie) on the computer of people who visit the website, or (2) receive information that a visitor’s computer transmits to the website that the visitor intends to visit. This might include, for example, a GET request whereby the consumer’s computer asks the website to load a webpage, or a POST submission whereby the consumer transmits information about themselves (e.g., email address, search query, etc.) to the website. The third party behavioral advertising network collects and aggregates the information in order to monitor a consumer (or at least the consumer’s computer) across all of the websites that participate in the network and to build a profile from which the behavioral advertising provider can discern characteristics about the consumer to help deliver targeted advertising.
In order to benchmark the use of advertising cookies, BCLP reviewed the websites of each company listed on the Fortune 500.1 Among other things, BCLP’s full analysis, which is available to firm clients, includes the quantity of advertising cookies identified between and among industries. Based upon BCLP’s review, the retail industry deployed the greatest number of advertising cookies; retailers on average deployed 21.4 advertising cookies, or 232% more advertising cookies than the average deployed by a Fortune 500 company. The greatest number of cookies deployed by a single retailer was 75.
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. Websites of each company were reviewed during the first quarter of 2020 from an IP address associated with Los Angeles, California, using Chrome for iOS Version 79.0.3945.88 (official build) (64 bit). Advertising cookies were identified using Ghostery for Chrome Version 8.4.4. In situations in which a Fortune 500 company was a holding company that did not operate a significant website, the website of one of the holding company’s operating units was examined.