January 2019 - ePrivacy | Identity Management

ePrivacy, Killing Cookies & Single Sign-On

Jan Oetjen, Chair of the Board of Trustees of the European netID Foundation, talks to Julia Janssen-Holldiek, Director of the CSA, about the end of the cookie era, living without customer data, and advantages for customers and companies of the European netID single sign-on service.

ePrivacy, Killing Cookies & Single Sign-On

© FotoCuisinette | istockphoto.com

Watch the 10-minute video above or on YouTube, or read the transcript below:

Transcript

Julia Janssen-Holldiek: Thanks for spending time with me today Jan. I would like to talk to you about data and the data economy of the future. So we all know that nowadays many companies collect their data via cookies, and so cookies serve as a main identifier for companies. And it works pretty well still, as it is an open standard and companies are just free to do it. But how do you think this will change with the upcoming ePrivacy regulation? How will the relevance of cookies change for companies? 

Jan Oetjen: The cookie is already facing a tough life today. On the one hand you have multi-device usage: so people who use a smartphone during the day and a normal PC in the evening, you can’t track them through cookies because they change the device. Secondly, you have ad blockers: ad blockers block cookies too, so about 25 percent of your traffic will be blocked by ad blockers and that blocks 25 percent of your cookies away as well. And more and more browsers are starting to block cookies as well. Safari started last year, Firefox is threatening to do the same thing. Should they all follow this example, the cookies will be dead even before the ePrivacy regulation comes into practice. There’ll be probably only a few cookies left to kill for ePrivacy. So that will force more and more companies to switch away from cookies to other standards of user identification and data storage.

Julia Janssen-Holldiek: Do you think actually the cookie era is then over in 2018? Is it 1995 to 2018 or 2019?

Jan Oetjen: I think it’s already half over. If you look at your statistics, you probably will notice that almost 50 percent of your tracked traffic is not trackable through cookies because these are blocked by Cookie blockers and browsers, or people come with a fresh browser because they erased the cookies. So if you count that together, roughly 50 percent of the traffic is already untrackable through cookies today. 

Julia Janssen-Holldiek: And besides being the Managing Director of United Internet Media, you’re also the Chairman of the European netID Foundation. So what’s the main idea behind the foundation and what was the point where you thought, “OK, I need to be part of this, I need to create such a foundation”? 

Jan Oetjen: The main idea of the European netID Foundation was to give people a standard for how to use logins across platforms. If we are all facing the challenge that we have to log in to each and every platform, each and every service that we’re using, people won’t be able to remember 20 plus username-password combinations. So that users will need some kind of single sign-on service. Right now, there are only two services available. One is Facebook, one is Google. And we want to give the market and the users an alternative to that. That’s the general idea behind netID.

So netID is using existing registrations that you already have with web.de, gmx, or Maxdome, ProSieben, Sat1 media, with RTL, or any other company that joins the network. You can use your already existing account in order to log into new accounts that you want to create with one click. So the user can decide where he wants to put his credentials and then can transfer his credentials from one service to the other. That’s the whole idea behind netID. 

Julia Janssen-Holldiek: So, in my case, that would really be an advantage because I don’t remember all of my passwords and I’m using a lot of apps and stuff. But do you think the majority of let’s say Germans or European users are educated enough? For them, it’s so easy to log in with Facebook for example because I guess almost everyone has an account. So do you plan some kind of education around that as well, or do you think that the users are educated about data usage? 

Jan Oetjen: Yeah, we’ll have to spend a lot on communication and explaining the standard. To our advantage, Facebook and Google is not as commonly used as in the US to log in. So that’s one advantage. Secondly, Facebook is not as hip as it used to be back in the day. So the first people start to give up their Facebook account. My expectation would be that they have a tougher life to really push their single sign-on standards through. So that’s one thing. But on the other hand of course you need to educate people and explain to them what the advantages are of using the same credentials for multi services, that you can use one account and really secure it with one secure password – that really has more than eight letters and has a number, capital letters and so on and so forth and it’s really safe – as opposed to using weak passwords over and over again and then being surprised that your account gets hacked. 

Julia Janssen-Holldiek: Could you tell us a little bit about the formation of your foundation? Where did you start, where are you now? Are you only located in Germany, do you only have German partners? Or are you already spread internationally?

Jan Oetjen: The idea was born together with two leading media players in Germany: the private TV companies RTL and ProSiebenSat.1 Media. And we had the idea that we want to give the user a chance to somehow keep track of their data. All services will demand more and more data and we’ll need that data in order to have personalized services to them. We’re now living in an age where unpersonalized services don’t really have a chance. Take Facebook for example. No Facebook feed is like the other and that’s the big power of Facebook: that you can really target it down to one person and the media is targeted to one person, the advertising is targeted exactly to your needs. And of course other media players like us need to pick up with it. 

So that was a general idea. We picked a foundation as a legal form because we wanted to be very open to the whole industry, and that turned out to be a very good decision because we have now already over 60 partners on board. And what’s very important to keep in mind is that the foundation is not storing any data. It’s just giving the infrastructure to the industry, for the account providers as well as for the relying parties, to use that standard in order to connect users and services and give the user the opportunity to use your account on multiple platforms, and form an ecosystem for the industry. That’s the idea that we are trying to implement with netID.  

Julia Janssen-Holldiek: And so, for a shop or publisher, what would you tell them? Why should they implement the netID standard? What’s their advantage?

Jan Oetjen: Most shops, if you look at the average German shop, don’t even force their users to create an account – they just want to have a quick check-out path where you don’t have to create an account and just have a one-time purchase. But we see this being pushed away more and more. People are trying to encourage their customers to create an account because they know that they have the email address. In the engagement process, to regain the customer it is very important for them to have log in customers. And of course if you want to welcome the customer next time, you want to give him a personalized start page and really start with the products that are interesting for you. And that’s the power that Amazon is having right now because they have all your purchase history and can correctly recommend new goods to you on your start page while other stores who left out the opportunity of creating log in users will have to guess what you want.

So that’s the one big trend we see, that people are trying to push users to log in. When you create log ins, we’re facing two challenges: a) a log in is a hassle – you need to set up a new user name, you need to create a password, so if you have different regulations, safe password rules, standard passwords of the user might not apply, so that’s a hurdle that gets most people to cut off during the process. 

So then, if you offer a Facebook or Google log in, as a shop you know that you share the data with them. And Google and Facebook are of course using the data you’re giving to their platform to sell to your competitor. So if you want to avoid this, you want to give the user the advantage and the convenience of a single sign-on standard and you want to keep track and hold of your own data and remain independent, netID is the only solution that you have right now.

Julia Janssen-Holldiek: And no log in, according to your logic, no data right? So taking away the hassle of the log in is making it easier to get the data.  

Jan Oetjen: Exactly – you’ll be living without data, and living without data also means that you have no personalization, you have no targeting, you’ll be much weaker in regaining your customers. The customer lifetime value is much lower than a competitor who has the full data set and has the opportunity to stay in touch with the customer. And thirdly, all discussions we’re seeing and innovations in artificial intelligence, of course, are requiring data. Without data, there’s no intelligence.

Julia Janssen-Holldiek: And I don’t know if you’ve acquired major companies up till now or if you also have smaller companies as partners and shops and publishers. Is it possible to implement the standard for smaller companies as well, or does it require a lot of technical resources?

Jan Oetjen: Absolutely. We are explicitly open to all sizes of business, so we have members, multi-billion stock market listed partners. We also have small to medium enterprises on our partner list. The implementation of the standard is very easy. It’s following the open ID connect standard. If you have implemented some social log in already, it just takes you one or two days to connect to netID. And if you personally need to implement that standard, it depends on the infrastructure you’re using, but as most mid-sized or small shops will be using standard platforms, those standard platforms already come with an open ID connect interface. So the effort you have to take to support that standard is really bearable.  

Julia Janssen-Holldiek: So it’s open, it’s neutral, it’s free for everyone to use.

Jan Oetjen: And it’s European.

Julia Janssen-Holldiek: It looks like we have interesting times ahead of us. And I’m personally really keen on following the status of the project, mostly because I don’t like to remember too many passwords myself. And many thanks for sharing your view on data and the data economy of the future, Jan.

Jan Oetjen: Thank you very much. 


As CEO of 1&1 Mail & Media Applications SE, Jan Oetjen is responsible for the entire mail and portal business of United Internet AG with the leading brands GMX and WEB.DE in Germany, the marketer United Internet Media, and the international brand mail.com. Since 2018 he has also been Chair of the Board of Trustees of the European netID Foundation, an independent body of the internet industry that provides and further develops the open netID log-in-standard.


Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.