Considering Consumer Privacy: Why Third-Party Services Drive Today’s Websites (Part 1)
November 19, 2019
by Tirtza Giles
When considering any privacy concerns surrounding your website, perhaps the most important factor to keep in mind is that there is a good chance that your site is not entirely in your control.
Today, many companies’ websites rely heavily on a variety of third-party services. That’s a reality that has important implications in terms of consumer privacy and security, especially in light of legislative trends around the world.
But before we can understand the privacy concerns created by third-party services and the ways to address them (the topic of our recent eBook Online Privacy in a World of Third-Party Services: How to Protect Your Customers and Your Business), it is helpful to understand what third-party services are and why they are so central to today’s major websites.
The basic idea behind embedding third-party services is that, as websites become more sophisticated, there is no need to reinvent the wheel. When a company wants to bolster its website with cutting-edge technology to achieve its marketing goals and improve its user experience, that company doesn’t need to take the time to build and maintain a new feature. Instead, its web developers can integrate a premade third-party service.
Even on robust websites, it is common for developers to use third-party services as building blocks. In many cases, adding a short snippet of code to a webpage is all a developer must do in order to give that page powerful functionality.
How did we get here?
In the early days of the first major internet boom, websites consisted exclusively of HTML. This allowed for webpages to be designed using rich text and some visuals, but design options were limited. Bandwidth was a precious commodity in those days of dial-up modems, and websites were relatively light and static.
As the internet has become more interactive, developers have introduced a wide and growing variety of services that can be embedded within websites. Today, by obtaining these services from third parties, a company can bring high-quality functionality to its site without paying the price of developing such technology in-house.
How do third-party services work?
When a website uses a third-party service, that service is typically hosted at a URL outside of this website’s domain. To embed this kind of service into a webpage, a developer simply inserts a tag that indicates the service’s URL. Then, when an end user’s browser loads the page, the tag instructs the browser to load data from this URL.
In addition, in many cases a third-party service will itself rely on an external service provider. In these situations, the end user’s browser will interact not just with third-party services (directly), but also with fourth-party services (indirectly). According to data that we at Namogoo have collected and analyzed, roughly 40% of all embedded services come from fourth parties.
To use a fourth-party service, the end user’s browser may be required to send information about that user to a third party, which in turn passes it on to the fourth party. This can create a data daisy chain in which details about a consumer may be passed from one vendor to another. In addition, each time a developer embeds a third-party service into a webpage, by default the provider of that service has access to any data from that page – including its URL, storage, and any cookies.
For example, when a consumer visits a certain page of an eCommerce website, that page may display a popup that relies on a third-party service to recommend products based on the user’s demographic data and activities they have performed. To make this happen, the webpage must give the service provider access to these details about the user. But if, for instance, that page also features buttons for sharing a product description on specific social media platforms, those platforms will also have access to the same user details as the recommendation engine.
It’s not hard to see why it has become common for websites to include dozens of embedded third- and fourth-party services. In contrast to the HTML-powered internet of yesteryear, today’s web development ecosystem allows companies to reap the benefits of sophisticated and interactive services, with no need to invest the resources to develop these technologies in-house. Moreover, this model of web development creates a win-win-win situation in which users enjoy enhanced online experiences, companies can use advanced digital tools to make the most of their websites, and third-party vendors can profit by building and selling useful digital services.
There are significant risks involved in using third-party services, which we’ll take a look at in an upcoming blog post. But technological developments such as Namogoo’s Customer Privacy Protection solution are increasingly addressing these dangers and helping companies protect themselves from legal exposure.
As a result, it is becoming easier for businesses to bolster their websites by adding third-party services – without needing to worry about becoming the next victim of a major cyber-attack, security breach, or high-profile lawsuit.
How can your company enjoy all the benefits of embedding third-party services into its website, while also protecting itself from the risks associated with this model of web development? To learn more, download our free eBook Online Privacy in a World of Third-Party Services: How to Protect Your Customers and Your Business.