8 min read

Vellir #22 → The cookies are crumbling

How sensible policy is paving the way for a new data revolution, with ownership at its core.
Vellir #22 → The cookies are crumbling

Welcome to new readers of Vellir - we're glad you're here!


Most people who are even vaguely interested in technology and business are generally sceptical about the role of government and regulation more generally.

This hasn’t been helped by the nature of the policy debate in the UK or US. Whether related to Brexit in the UK or the general dysfunction in the US Congress, with ever more polarisation and stories about arcane laws, including my personal favourite that you can be fined for sending someone an unsolicited pizza in Louisiana.

But regulation matters.

We all know that there’s no such thing as a truly free market and I’m yet to hear anyone campaign that we should go back to enabling child labour rather than restricting Dickensian era practices. So the debate will always be about the right balance and the nature of specific rules: as ever, the devil is in the detail.

History also suggests that when governments get it right there can be transformational impacts on business and society more broadly. Just think about aviation and e-commerce. Only with sensible regulatory frameworks and trusted security practices did these industries reach a mass market. Until then, they were only for the brave, when you didn’t know whether a plane would be safe or how it would manage potential collisions, or the protocols around which money would be used to pay for goods and services online, and the rights that you would have as a consumer.

Most industries would benefit from improved regulation. But in one arcane corner of the regulatory landscape related to consumer data, new rules are paving the way for a fairer and more inclusive internet. And one that could open up new business models too, including creating real use cases for crypto too.

The data economy

As it stands, the digital advertising market is vast. Meta’s ad revenue in 2021 was nearly $115bn, while Alphabet's ad revenue for Q4 2021 alone was over $61bn.

It is now a common refrain that if something is free on the internet, you are the product. This process has been enabled, in large part, by third party cookies. When most people think of cookies, they think of the dreaded banner that continually pops up while browsing, a GDPR-induced blight on our digital lives. But cookies have also been a central part of the internet ecosystem by tracking and monitoring user browsing history, enabling advertisers to show products and services related to browser history from completely different websites. Think of them like a trail of breadcrumbs that enable personalised advertising, and a core driver of revenue for Google and Meta.

About 80% of advertisers rely on third party cookies and proponents of the current system are likely to say something like: a) but users benefit from targeted ads, they’re way more helpful, and/or b) advertising means that we don’t have to charge for all the things you use everyday for free, like Google Maps.

Privacy advocates have long campaigned for restrictions on third party cookies and this has started to bear fruit:

  • Apple and Mozilla have blocked third party cookies on their Safari and Firefox browsers;
  • Apple’s iOS 14.5 update last year effectively ended third-party monitoring via apps, and Google has said it will take the same approach for Android; and
  • in 2023, Google will stop Chrome from allowing third party tracking via cookies – given 60% of people use Chrome, this is a major change.

But it is unclear exactly what will follow this crumbling of the cookie ecosystem. The only thing that’s certain is that the need to understand consumer demand will not go away, and tech giants will be reluctant to give up on their treasure trove of data. According to David Temkin, who is in charge of this transition for Google: “We’re looking to make advertising both private for users and effective from a monetization and marketing standpoint. We don’t see [it as] two worlds that shall never coexist – we think that we have the right recipe to bring them together.”

Google announced its intention to use what it calls a Federated Learning of Cohorts (FLoC) solution that would provide more privacy, but retain the ability to give advertisers access to user behaviour. But after considerable backlash, including from DuckDuckGo, Amazon, GitHub and others who said that they would block the technology, this approach has evolved into what has now been branded Google Topics. The intention is that rather than track specific website browsing, it will categorise this into topics, which would still enable advertisers to differentiate between users. But this too remains under scrutiny, including from the UK’s Competition and Markets Authority (CMA).

Power to the consumer

In addition to privacy concerns, there is another shift underway as consumers begin to understand the power and financial worth of their personal data. According to the UK’s Data and Marketing Association:

Since 2012 there has been a clear shift towards a UK consumer who is more likely to view personal data as having an intrinsic value that can be utilised for personal advantage. In 2022, 61% view their personal information as an asset that can be used to negotiate better prices and offers with companies, up from 40% in 2012.

What Google and Meta are really worried about (or rather they should be) is a more radical change to the way that our online data is gathered and shared. A system which could mean greater privacy and more user control and reward, while still enabling a fully functioning advertising sector. One where instead of big tech companies having a monopoly over collecting and monetising personal data, users have the option to control where their data goes and gain a meaningful share of the monetary upside.

In this scenario, users could be empowered and encouraged to make their data available to a registered third party who could monetise it on their behalf. This could be data collected from mobility apps like Google Maps and sent to advertisers looking to understand geographic spending patterns; from a smartwatch that research organisations tracking health metrics might want to use; or from a connected home device that could be of interest to insurance providers or manufacturers aiming to improve efficiency. In fact, this data could come from any device or platform that people use every day, and might be sent to any third party who would reward them for allowing access to the data.

Alongside giving users more control and transparency over who uses their data and a financial return, this approach could also enable new combinations of data that haven’t been straightforward to splice together before. For instance, drawing data from a diverse set of sources could mean combining insights across mobility, media, geolocation and finance, which could provide a rich source of new analytics.

The future is here

This vision of consumer data ownership and control is within reach. And in a twist of fate, despite all its shortcomings (including the nightmarish cookie banner), the EU’s GDPR is partially coming to the rescue.

Data portability has long been a core pillar of the EU’s GDPR and under Article 20, ‘Right to data portability’, it states that:

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

New rules are giving this idea of data portability a new lease of life. The EU’s Digital Markets Act, which is due to come into force in early 2024, will mean people using apps like Facebook, Google and Amazon, or smart devices including cars and watches, will have the right to transfer their data, “continuously and in real time”, to any third party that they want.

However, as Benedict Evans has warned, data isn’t a single thing and takes many different forms. Data often has meaning in its interactions with other people or things – by liking someone else’s photo on Instagram, the data for my ‘like’ is meaningless without the context of the photo itself. And data about my electricity usage isn’t particularly meaningful in isolation, unless it’s been sufficiently aggregated for trends or insights to be drawn.

So there remain questions for how successful data portability could be around a) what data can be ported in a meaningful way and b) where this data is going, given that an individual’s data alone isn’t that valuable.

Part of the answer is likely to be found in data unions. Data unions aggregate user data and sell it to third parties on their behalf, providing users with a share of the financial return. Think of it like crowdsourcing data, but getting paid for the insight that it provides.

Private firms collecting and analysing user data haven’t thus far had a brilliant reputation. Think of Cambridge Analytica for one… But under a different EU regulation called the Data Governance Act that is also due to be implemented in the next couple of years, these data brokers will also have a legal duty to protect user data in the same way as other professions that interact with personal data have to, such as healthcare and finance.

A host of startups are already exploring the space, but expect more to follow as the regulations come into force. Swash is a data union that works through a browser extension that gives permission to aggregate user data. The Brave browser works in a similar way, but built into the browser itself: by opting in and viewing ads, users can earn a crypto token called the Basic Attention Token (BAT). Re-public works via an iOS or Android app and Dimo provides users with rewards for collecting their car data. Streamr allows developers to integrate its client into their decentralised apps (dApps) running on Ethereum sidechain xDai, enabling users to join their data union. While Pool is building a marketplace that will enable data unions to sell their aggregated data to data buyers like advertising agencies.

You’ll notice a common thread – these startups are being built with or around web3. Why? The most obvious reason is that making a high volume of micro-payments to data providers using traditional financial rails would be prohibitively expensive. Crypto enables near zero cost payments due to lower transaction fees and is opening new ways to transfer value online. But another reason is governance, where some data unions are being constructed as DAOs themselves, providing even greater ownership over the process and financial returns to a particular community.

You may also be asking, how much money is this really going to generate for each user? It’s hard to know, and I've not seen robust figures or modelling, although the founder of Re-Public Keith Axline suggested it could be as much as $1000/month (large pinch of salt required). But in a previous government role, I worked on what has become known in the UK as ‘levelling up’ – the idea of trying to raise prospects and improve outcomes in some of the less prosperous parts of the country. It doesn’t take much consumer research to understand that for many people living on limited means, having any free cash flow would be beneficial. For some, £5 or £10/week may not be incentive enough to join a data union, but for many people it could be the difference between providing food for their kids or not – and critically, without having to do anything more than use the same apps that they were before. In crypto language, think of it as being closer to ‘live-to-earn’.

As this panel at EthDenver noted, data unions could be the most compelling way to on board the next set of users into crypto. If 2020 was DeFi summer and 2021 was NFT mad, once we’re through the current crypto winter, perhaps the next breakthrough will be the rise of the data union.

The takeaway

For all the mistrust of government regulation, sometimes it can be necessary, and even net positive. In this case, the EU is regulating in a way that is pro-competition and pro-technology (which isn’t always the case). And in doing so, it is creating space for new markets that have the potential to be fairer and more inclusive. A world of portable and private personal data could be as significant as the advent of third party tracking in the first place. There is much to learn for the US and UK.

Government is easy to criticise – it often gets things wrong. But when regulation is progressive and thoughtful, we should be just as ready to celebrate it as we are ready to criticise when things go wrong.


Thanks for reading. If you enjoyed it, please share it with your friends and colleagues!

And sign up for the Vellir community if you haven't already...