Previously in Go Ride News

• GDPR compatible on cross -border EC sites for Europe
   

• CCPA compatible at cross -borders for the United States

I featured about it.

Reference article

Be careful if you advance to Europe! Let's know about the EU's unique personal information protection law (GDPR)

Is your company okay? California's Shinshu Law CCPA

This time, in June 2022

Revised Telecommunications Business Law (June 2022)

I would like to confirm.

This is because the revision of the Telecommunications Business Law has been promulgated in June 2022 and will be enforced within one year of promulgation, which includes the business operator's third -party cookie obligation. (Scheduled to enforcement in June 2023)

Why is third -party cookie regulated in the first place?

It will be a textbook, but let's check the page of the Ministry of Internal Affairs and Communications.

about it. If you chew it very easily

There is a situation where the data is transmitted externally and used for various purposes including advertising before the user does not do it, so it will be obligatory to provide an opportunity to confirm.It is enacted for the purpose.

After the enforcement in June 2023, it was obliged to respond to one of the following three.

1. Notify and publish information related to the prescribed matter in advance
2. Get user consent in advance (opt -in)
3. Introducing a mechanism (opt -out) that can be rejected later

 In the case of the web

In the case of an app

reference:Ministry of Internal Affairs and Communications | If you send information about yourself to a third party, you will be able to confirm yourself.

If you can select multiple methods, the rules will seem close to CCPA.

Even in this revisionNo fines will be imposed even if they violate them, and the Minister of Internal Affairs and Communications will only publish the order of business improvement measures and the name / name of the offender.So this is very different from CCPA, GDPR.

When the store is deployed in multiple countries, the system selection is selected at the cross -border or the cross -border -North American crossing for the EU, and how to process data in the system configuration to make it a GDPR Compliant (compliant) state. You may receive an inquiry.

GDPR, CCPA, Revised Telecommunications Business Law Comparison Table

HereAccording to the survey, as of May 2022, about 77%did not support the new site category.

It seems that most sites are still not supported in the news site category, whether the penalties are not strictly enacted.

In Europe, META has been fined $ 1.3 billion and a data deletion order, so you can see the difference in state of the country.

https://digiday.jp/platforms/eu-regulators-fine-meta-1-3-billion-but-some-say-potential-data-losses-could-be-even-harsher/

The other day, Irish Data Protection Committee (hereinafter referred to as DPC) imposes a clinter of $ 1.3 billion (180,856 million yen) to Meta as a violation of the Privacy Protection Law related to data transfer between Europe and the United States. It was announced. Furthermore, if the meta stops all data transfer between the EU and the United States within 5 months and do not make changes within 6 months, it will be forced to delete 10 years of EU user data. 。

The point is that this time is not a business operator but a service.

1. Mail service, direct message service, web conference system, etc.
2. SNS, electronic bulletin boards, video sharing services, online shopping malls, sharing services, matching services, etc.
3. Online search service
4. Send information at the request of an unspecified user and provide online provision services for browsing information

Reference sourcehttps://www.soumu.go.jp/main_sosiki/joho_tsusin/d_syohi/gaibusoushin_kiritsu.html

again,"Telecommunications business entry manual (supplementary edition) Guidebook"The following cases are also applicable.

• When the company's products and services themselves are provided via the Internet
• When operating various information provision sites using advertising and affiliate programs for the purpose of making profits as a sole proprietor

SaaS and web media are also considered to be the "online services of various information".。   

however,It seems that it will not be legal if there is no media elements on an e -commerce site that sells its own products and does not provide services as a business as a business.

However, many EC operators think that it is an opportunity to actively appeal to consumer protection.

It is likely that many companies will select "Prior Acquisition".

On the EC site, the most orthodox method is the user consent in advance, but this can be used with app implementation.

First party cookies are used for login information and product information in carts with cookies issued from the domain of the site they visited.

The advantage of convenience as a user is great, and there is no concern that it will be blocked at this time.

From the point of view of the company (EC operation, advertising distribution), tracking the domain cannot be tracked

That is the characteristic.

On the other hand, third -party cookies are cookies provided by the advertising media domain.

The purpose of use in advertising distribution of third -party cookies is as follows.

1. Retering advertisement
2. Attributation analysis
3. Web advertising effect measurement
4. Affiliate ads

From the company's perspective, it was useful for analyzing how the user is doing CV, but from the user side, cookies are given and information is absorbed, so it is a problem from the viewpoint of personal information protection. It is coming.

Chrome

Chrome had foretold the abolition of third -party cookies within 2022 in January 2020, but as of June 2023, it is gradually abolished in the latter half of 2024, and the direction has been abolished. However, it has been postponed.

In the future, it has been announced that it will be replaced by a third -party cookie and shifts to a privacy sandbox that works for advertisers and publishers while maintaining anonymity.

It seems that the rating and testing of this privacy sand box took longer than expected.

Safari

Beginning with ITP 1.0 updated in September 2017, the third party cookies begin to block.

ITP is an abbreviation of Intelligent Tracking Prevention, a site tracking prevention function that has been installed in browser safari from Apple iOS 11.

• ITP 1.0 September 2017

It will be invalid 24 hours after issuing a third party cookie. It will be deleted 30 days later regardless of validity or disabled.

• ITP2.0 September 2018

In ITP2.0, the third -party cookie restrictions are further enhanced, and even for users who have never visited the site in the past, if they return without the site transition, the third party Cookie will be deleted immediately.

This makes it impossible to return to users who have no site transition.

• Third Party Cookie Complete Block March 2020

Third party Cookie has become completely blocked.
In addition, if the site does not have a 7 -day transition, the available storage data (Session Storage, etc.) will be deleted immediately.
 

In 2024, Third Party Cookie will be heading for the final chapter, and CV analysis in advertising operation is even more difficult.

LP advertising improvement by advertising operation that does not rely on Third Party COOKIE targeting and customer journey designFor further information, please contact us

Reference site

https://webtan.impress.co.jp/e/2023/05/25/44864

https://japan.zdnet.com/article/35204555/

https://webbu.jp/itp-update-6777