The process increases the relevance of personalized ads shown to the user, but raises privacy concerns in the way it enables companies to track people across the internet without their direct knowledge or explicit consent.
In Europe, the General Data Protection Regulation led to a decrease in cookie syncing compared to the United States.
Typically, this ad-auction phase of real-time bidding occurs over a very short period of time, often ranging in the milliseconds.
The process of cookie syncing circumvents the same-origin policy, a web security feature enforced by all modern browsers that prevent a particular website from learning information about other non-affiliated sites.
[4] In 2019, Papadopoulos et al. showed that cookie syncing can be used to compromise the encryption and privacy provided by virtual-private networks (VPNs) and websites that use Transport Layer Security.
Cookie syncing allows multiple parties to link together disparate identities of an individual, creating bridges between different kinds of tracking identifiers.
Additionally, their research found that personally identifiable information (PII) could be leaked through the referrer header during cookie syncing.
Researchers in 2020 found that enacting GDPR led to decrease in cookie syncing activity in Europe compared to its United States counterparts.