Tags – Cookie Piggybacking


Cookie piggybacking is a technique used by online marketers to track user behaviour across multiple websites. 

When a user visits a website that has cookie piggybacking enabled, their activity is tracked and stored in a cookie. 

This cookie can then be used by other websites to track the user’s behaviour and serve them targeted ads. 

Whilst this sounds positive, piggybacking is a common web development practice that may expose companies to privacy risks and compliance issues. 

In this post, learn more about cookie piggybacking, why it is an issue, and what your website needs to do to protect against compliance and privacy issues brought on by the practice.


Targeting and Advertising Cookies

Cookies are used to collect information about your website visitors in order to show them targeted ads based on their interests and past internet activity.

Cookies assist digital marketing teams in better understanding consumer behaviours and determining which types of campaigns are most likely to result in good conversion rates for specific demographics and user bases.

In most cases, third-party persistent cookies are used to store user information. This implies that they will follow users around the internet so that relevant advertising may be sent to those who would benefit the most from it. 

For instance, this may be accomplished through a targeting cookie that is activated when a user goes to a website that does not include a particular ad until they have visited a certain social media platform. 

On the plus side, cookies are used by advertisers to collect data about visitors to websites in order to deliver more personalised and relevant advertisements. 

However, cookies do have a dark side that many web owners may not be aware of…


Security and Compliance Issues Caused By Cookie Piggybacking

One of the major problems with cookie piggybacking is that this practice creates the opportunity for third-party advertisers to gain access to your website’s data. This can cause a cascade effect that causes your website’s performance to suffer. 

This is not caused by malware or hacking, but it is a side effect that can occur when an advertiser uses a targeting cookie and the procedure repeats itself again and again, creating a daisy chain effect that continues to clog up your site as more advertisers obtain access to it. 

The more cookie piggybacking that happens on your site, the more likely you are to experience the following undesirable (but avoidable) consequences:

  • Data Leakage: The more cookie piggybacking that occurs on your site, the more likely it is for sensitive data to end up in unauthorised hands. In this way, cookie piggybacking creates a gateway for even worse security concerns such as a data leak that puts your critical, sensitive information at risk
  • Slower Loading Times:  Every time a daisy-chained cookie is activated, even more data is sent to servers that may be located on the other side of the planet. This will considerably slow down the loading speed of your website. If users are not greeted with pages that open as expected, they will leave quickly, and we all know you don’t get a second chance to make a first impression
  • Data Loss: There’s a greater chance for something like a purchase to go wrong as your site slows. This implies that while your customer believes the transaction is complete on your side, you have lost the data needed for delivery, as a result, transactions and profits are lost
  • Issues with Compliance: Since the GDPR, LGDP, and CCPA were implemented, website owners all around the world have been required to comply with new data collection standards. Collecting data such as tags and cookies incorrectly is a violation of these regulations, which may result in significant legal costs


The Bottom Line

Compliance with laws like the GDPR and CCPA isn’t just about privacy; it’s about running a successful business. 

Noncompliance may result in fines up to 4% of annual turnover, as well as loss of consumer trust. 

To enforce users’ privacy preferences and keep cookies, both first and third party, from firing without consent, truly compliant solutions should work independently with no dependencies on other systems.


Please contact us today for more information.


You may also like:

  1. How to Protect Yourself from Smishing Attacks
  2. How to Protect Yourself from LinkedIn Phishing Attacks
  3. Google’s Mobile First Indexing: What It Means for Your Website
  4. Data Ethics – A Case for the Future of Work and Business
  5. The 7 Principles of Ethical Decision-Making