The 5th Cookie is a metaphor for an approach leveraging GDPR principles of Pseudonymisation and Data Protection by Design and by Default (both of these terms are defined at the EU level for the first time under the GDPR) to alleviate major issues with RTB and AdTech. It is not intended as a “silver bullet,” “golden shield” or “magic wand” that works by itself, but rather complements other GDPR principles and obligations to support and build upon alternative solutions, including those presented in the Google and IAB proposals. With the 5th Cookie concept, when personal data is shared for advertising purposes, only a limited number of 1st party cookies will be used instead of 3rd party cookies. In addition to a set number of 1st party cookies being distributed to several trusted partners (e.g. Google, Facebook, Apple, and Amazon), at least one other cookie (the “5th Cookie”) would be distributed for use by the 5th Cookie “democratic cooperative”.

This “democratic cooperative” would enable a brands that want to advertise using technically demonstrable trust-based approaches to reach desired audiences.

The 1st party cookie shared with the 5th Cookie democratic cooperative would uses Pseudonymisation techniques to provide accountability and transparency, and limit the exposure of personal data, as well as limiting profiling or exclusion when the cookie is being shared within the cooperative.

Personal data processed under the 5th Cookie approach would be pseudonymised and organised into privacy-respectful “micro-segments”.

In addition to technical and organizational safeguards, participants in the 5th Cookie democratic cooperative would be required to contractually commit to comply with relevant laws, and to follow ethical and legal codes of conduct to be participate in the cooperative.

The 5th Cookie cooperative would be managed by one or more trusted third party, that would have separately-stored information and secret keys necessary to “re-identify” individuals from within the micro-segments for advertising purposes (this would be the “additional information” necessary under the GDPR Article 4(5) definition of Pseudonymisation required for authorized re-identification to occur). During processing within the 5th Cookie cooperative, all personal data would be pseudonymised.

The 5th Cookie would also provide other benefits like reducing advertising fraud, and counter-balancing risks in new or innovative technologies.

The 5th Cookie could be used in tandem with the Google, IAB and other proposals to address their shortcomings.

The 5th Cookie metaphor scales at a global level. It is not just restricted to solving GDPR compliance, as it is able to anticipate changes to data regulation globally. It also supports business objectives based on ethics and trust, completely separate from legal frameworks.