According to Pinsent Masons, there is no specific data protection law covering all of the UAE currently available. Although a patchwork of other laws provides some rights to privacy and prohibits certain actions, including the disclosure of data obtained electronically in an unauthorised manner.
As reported by Tech Radar in 2019, a data protection law will be drafted for the UAE to support the TRA’s new national cybersecurity strategy for 2020-25. Not sure if this has been approved and implemented by Dubai Data Establishment (DDE) & Dubai Data Strategy furthermore.
However, today I have discovered that Microsoft Teams is forcing users to allow third-party cookies to make Teams load as a web app in Chrome.
Highly appreciate Microsoft Teams if you can make your web app work in any browser without having to permit third-party cookies or at least tell users which third-party cookies you are using so we can open up for those. Just enabling third-party cookies, in general, is insane!
Cookies can store a wealth of data, potentially enough to identify someone without their consent. MicrosoftTeams should cover a piece of basic information to educate, explicitly mention (on the same error page) why users have to enable the third-party cookies, the purpose, how it will benefit users when trying to access Teams application.
- Strictly necessary cookies — These cookies are essential for users to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow webshops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do, and why they are necessary should be explained to the user.
- Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.
- Analytics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.
- Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.
As these are the main ways of classifying cookies, although there are cookies that will not fit neatly into these categories or may qualify for multiple categories. When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies. These cookies can hold significant amounts of information about our online activity, preferences, and location.
Strongly urging TRA-UAE, Dubai Electronic Security Center (DESC), and the UAE federal government to implement data protection law similar to GDPR as personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. User consent must be freely given, specific, informed, and unambiguous. Microsoft Teams Stop forcing users to allow third-party cookies!
As the third-party cookies crumble and in the wake of privacy regulation coming into effect, the online advertising industry is facing an identity crisis. They are in search of a new identity and one possible solution is people’s email addresses and phone numbers.
At the Interactive Advertising Bureau’s Annual Leadership Meeting in Palm Springs, California, on 10th February, the IAB wants to partner across brands, agencies, publishers and tech companies to develop new means to power digital advertising.
“Project ReArc”, a chosen name for re-architecture, a critical part of their multi-phase plans to build a replacement for the third-party cookies presently blocked by Safari and Firefox browsers and Google Chrome to follow soon.
IAB Tech labs proposed to build a new identity based on e-mail addresses or phone numbers, which provide a constant and rational way of recognizing someone than the third-party cookie did, without giving up on user’s privacy.
The IAB and all the involved entities are supporting the future of online advertising based on email advertising and phone numbers. They have witnessed Facebook and Google dominate the online ad world thanks to their platforms logged-in user bases and see e-mail addresses and phone number identifiers as a way for the open web to rival the walled gardens.
However, Megan Pagliuca, Chief Media and Data Officer at Hearts & Science says the people with signed-in users are going to win. If grounding the identifier on first-party data will create a disadvantage for long-tail and mid-tier publishers as they don’t have a sizeable number of registers. It is also unlikely to benefit the open web as a whole.
To protect the advertising business, if publishers are pressured to compel users to provide their email address or phone numbers, it is highly possible that many sites will put content open after registration so that only logged-in users can access it. While this can be a precarious situation for publishers to gain user registries, it could also lead them to lose a part of their audience. As a result, there is a potential negative impact on the small and mid-sized publishers leading to an unanticipated consequence.
A publishing executive asked earnestly, “Do ad networks have a chance of returning?”
Ad networks started for small publishers like individual bloggers and act as mediators between publishers and advertisers to curate ad inventory from publishers and sell to advertisers. Eventually, supply-side platforms came up and replaced ad networks with third-party cookies on these sites to auction off their inventory to sell targeted ads. However, without third-party cookies, these small publishers will face difficulties to collect email addresses or phone numbers and once again will have to be under the umbrella of the ad network.
The primary reason for ad networks struggles to attract advertisers is generally they are not transparent about where an advertisers’ ad appeared. However, this is not true in the case of brand advertisers who care about the context in which their ads appear while performance advertisers care whether the ad drove sales or any conversion event.
I could see a world where performance buyers return to using ad networks because they don’t care about transparency,” said the unnamed SSP executive to Digiday.
The return of the ad network is a concern for publishers because of the possibility for ad networks to siphon some of their revenue. While some ad buyers direct their money to big publishers as they have signed-in users, others may see ad networks offering a lower price and move their money in that direction to become cost-effective.