[Action] What is the butterfly effect of the Internet cookie I spilled?

What do you, readers, think about keeping your personal records on the Internet?

When you browse the Internet, your browser has no choice but to record what websites you visit and what words you search for.

People who don't like leaving personal information on the Internet, for example, use the incognito mode of their browser or periodically clear their browsing and browsing history.

Today's topic in Mabu News is Internet cookies that contain personal records.

Cookies are indispensable when using the Internet.

We summarized with data how big a typhoon can be with the flap of the wings of a cookie we spilled.

This is the question Mabu News asks its readers today.

What Exactly Are Internet Cookies?

To explain cookies, we need to briefly review the history of the Internet and the web we use.

The web we use is built on the rules of HTTP.

yper

ex

, an abbreviation of protocol, is a kind of guideline that sets out how to exchange information on the web.

The fact that the Internet addresses we use start with http:// are a sign that we are exchanging information using HTTP promises!

Cookies, as defined in HTTP, are small text files that web servers can store in your browser.

It contains little information, like this.

What page did I log in to, what products I put in my shopping cart at the shopping mall, and whether I had already visited a specific page…

Well, that's some simple information.

By loading these pre-stored cookies, we can use the Internet more comfortably.

Even if you log in once and close the window, the login status is maintained, links you have already visited are displayed as purple hyperlinks, items in your shopping cart remain as they are, and so on.

Cookies that contain information from the Internet are called first-party cookies.

Enlarging an image

However, as time passed and the Internet became more sophisticated, web pages became more complex.

As a result, multiple domains began to be included on one page.

Just like when you enter a news page, there are not only news articles, but also comments and advertisements.

Although the domain of the portal and the domain of the advertisement are different, they are put together in one news page.

Cookies stored by a web server in a domain other than the web server you access are called third-party cookies.

The problem is that third-party cookies are used for the purpose of collecting user information, unlike first-party cookies.

Where do you use this collected information?

It's just advertising.

Third-party cookies can track what type of person you are and what you like, so we can use it to send you ads that are just right for you.

This is the reason why Internet platform companies are paying attention to third-party cookies.

The butterfly effect of accidentally spilled cookies

If so, Mabu News personally analyzed how many cookies are being collected.

The third-party cookies were analyzed for the major sites the Mabu News crew visited to create this letter.

The shopping mall and SNS below are at lunch time, so you don't have to suspect 'salary Lupine' :)

and 

is to find articles related 

to basic cookies,

, 

, a 

spare for a classy company life, 

 tab

is also a search

topic 

 to find foreign news articles  . Enter the

 site. You should also

and 

SNS  for

child shopping  . Open the

and 

 tabs

. 

13 sites including YouTube, Google, Naver, Naver News, Naver Sports, Daum, New York Times, Korea Internet & Security Agency, SSG, Coupang, facebook, instagram, and Namoo Wiki are displayed on the Google Chrome tab, and third parties through lightbeam.js Cookies have been analyzed.

The analysis result is shown in the figure below.

Enlarging an image

In the network graph, you can understand the corporate logo as the first party and the orange dot as the third party.

See how complicated it is?

A total of 237 sub-party domains were found on the network.

The number of cookies they were collecting was 93.

Of these, 42 cookies were for user tracking, nearly half of them were followed by advertisements.

There were 25 advertisement cookies, accounting for 26.9% of the total.

When tracking and advertising are combined, it accounts for 72.0% of all third-party cookies, showing an overwhelming proportion.

If you look at the network graph, you can see that different sites are connected by third-party domains.

Look at SSG.com and Coupang and you'll understand.

If the dots are connected like this, even if you go to the Coupang page from SSG.com, the advertisements can be displayed continuously under the influence of third parties connected to the two pages.

For reference, there are 41 third-party domains and 56 SSGs attached to Coupang, and there are a whopping 27 third-party domains that overlap between the two pages.

If you analyze the overlapping ones, there are many domains of digital advertising companies such as criteo and smaato.

If you look at only 13 sites, this is enough, but what if you look at the entire Korean website?

In 2017, a research team at Seoul National University found data that analyzed cookies on 91 sites visited by domestic Internet users the most.

In 2017, an average of 57.8 cookies were collected on desktop and 54.1 on mobile.

Let's compare it with the 2013 survey to get an idea of ​​how big this is.

In 2013, an average of 20.9 cookies were collected from the desktop environment.

It has more than doubled in 4 years.

Mobile is growing much faster.

In 2013, only 4.7 cookies were collected on mobile, but in 2017 it increased by 11.5 times!

Why the hell has cookie collection increased so much?

Cookies that grow along with the advertising market

The reason for the increase in cookies is the growth of the online advertising market.

We took data from 2015 to 2022 (estimated) of the Korea Broadcasting Advertising Promotion Agency, which shows the flow of the Korean advertising market.

In 2015, online advertising expenditures totaled KRW 3,42,781 and 14 million, accounting for only 29.1% of total advertising expenditures.

At this time, among all the advertisements, the broadcast advertisement was ranked first.

However, in 2020, online advertising will account for 53% of the total advertising market, exceeding 50% for the first time.

Although it is a provisional estimate for 2022, the growth rate is not so great that it is predicted that for the first time ever, the size of online advertising will exceed 10 trillion won, accounting for 59.3% of the total.

As the market for online advertisements grew, the size of customized advertisements also increased, and there was no information as large as cookies to create more sophisticated advertisements.

Enlarging an image

It is Internet platform companies that benefit from this large market.

As mentioned in the network graph, the main entity that collects cookie information is Internet platform companies.

You can easily find the names of large platform companies such as google and facebook by looking at third-party domains.

Large platform companies collect users' cookies to make advertisements more user-friendly, and make a living from advertisements created in this way.

The graph above is a graph made with data from the report of Alphabet, the parent company of Google, for the second quarter of 2022 (April to June).

Alphabet's Q2 revenue was $69.685 billion, of which $56.288 billion came from advertising.

80.8% of Alphabet's total revenue comes from advertising.

It's not just foreign companies.

The same is true of Naver, Korea's leading IT company.

If you look at the 2022 semi-annual report, the revenue earned from the search platform service, which is a search and display advertising business, is 1.75 trillion 379 million won, accounting for 45.1% of the total revenue.

If you include commerce ads here, the percentage will be much higher.

Before cookies become a bigger storm

Cookies that eat our personal information and grow, the advertising market that eats those cookies, and IT companies that grow by eating the advertising market.

Before cookies trigger a bigger butterfly effect, governments are regulating IT companies.

Just two weeks ago, on September 14, the Korea Personal Information Commission imposed a fine of 62.9 billion won on Google and 30.8 billion won on Meta.

It is a withdrawal from the use of cookies to collect personal information without the user's consent.

Google and Meta reacted immediately, and a lawsuit is being considered.

It's not just our country.

Earlier this year, France imposed fines on Google and Facebook for the same reasons as Korea.

With Google 150 million euros and Facebook 60 million euros, the total amount is over 200 million.

In particular, the fine imposed on Google is the highest ever imposed by the French National Freedom of Information Commission.

The two companies are also considering lawsuits in France.

Enlarging an image

Europe, including France, has strict regulations on personal information.

Have you ever heard of GDPR?

GDPR is a law adopted by the European Parliament in 2016 called the General Data Protection Regulation, which obliges all European companies to protect the personal and privacy information of European citizens.

Not only European companies, but all companies that do business in Europe must pass the strict regulations of the GDPR.

The goal of this measure is simple.

“Personal data empowers individuals to have control over their personal data.”

To achieve this goal, companies that deal with data will need to manage personal information responsibly more than ever before.

The EU's GDPR also treats Internet cookies as personal data.

Cookie data alone cannot identify an individual, but it is included as personal information because it is possible to identify individuals sufficiently by combining cookies or referring to other information.

Businesses need to obtain the user's permission to use cookies on their websites and explain how they will be used.

That's why the cookie policy banner appeared.

This is why recent sites have displayed banners explaining their cookie policy and asking for consent.

Q. Cookie banner, is it okay if I just put it on?

An organization that works to protect personal information, noyb (none of your business) is working to find a design that hides users in cookie banners, so-called dark patterns, and to fix them.

Examples of dark patterns include not intentionally placing a deny button on the first page of a banner, or coloring only the allow button in green to convince people to click the allow button.

It is difficult to see that cookie banners with this design are fairly presenting the user with two options: consent/disagree.

noyb looked at more than 500 cookie banners, most of them violating the GDPR.

Of these, 81% did not have a reject button on the first page, and research shows that banners that do not have a reject button on the first screen get 22~23% higher user consent than banners with a reject button on the first page.

Aside from that, 73% of banners use deceptive colors and contrasts to entice them to click an allow button, and 90% do not provide an easy way to revoke consent.

I hope our readers will also take a look at the design of the cookie banners we face in the future.

I decide my personal information

As the issue of personal information leakage erupts due to the indiscriminate collection of cookies, and legal regulations appear one after another, platform companies are also taking measures.

In particular, Google has made a bombshell declaration that it will not use third-party cookies in Chrome in the future.

Other web browsers, such as Safari and Firefox, already block third-party cookies, so you will be able to escape the fear of personal tracking in the future.

However.

However, it is not completely safe.

The Chrome browser will support new technologies created by them instead of third-party cookies.

As a result, some point out that Google's regulation of third-party cookies only hurts the advertising business of third-party companies, but the personal information of first-party cookies that Google secures still exists and will only worsen the imbalance in the advertising market. That's it.

Enlarging an image

The right to self-determination of personal information that I, the subject of information, must decide for myself.

Although it is not written in the Korean Constitution, the Constitutional Court has already ruled in 2005 that it is a 'basic right not specified in the Constitution'.

As more companies deal with data in the future, the need for privacy will increase.

In the process, we should have the right to self-determination and have a voice.

NGOs are increasingly trying to protect personal information.

The Ministry of Justice provided 170 million facial data of Koreans and foreigners to 24 private companies to develop an AI identification system.

Recently, a civic group filed a constitutional complaint that it is unconstitutional to provide personal information to a private company without the consent of the data subject.

I do not know what the outcome will be, but it can be seen as a process of raising our voices little by little about the right to self-determination of personal information.

This is the letter Mabu News has prepared for you today.

Today, we summarized how personal information is leaked through Internet cookies.

The question Mabu News asks its readers today is their thoughts on personalized advertising.

Do you, readers, find personalized advertising convenient or offensive?

If you have an experience where the item you need just keeps appearing in the advertisement, please let Mabu News know!

Thank you for reading this long post today :) (*This article is an edited article from the Newsletter.)

Enlarging an image

Subscribing to our newsletter ​→ https://page.stibee.com/subscriptions/56136

 : Hye-Min Ahn    

 : Jun     -Seok Ahn

 : Do-Yeon Kim, Hae-Ram Joo