- Yahoo uses cookies and similar technologies for essential functions like authentication, security, abuse prevention, and basic measurement.
- Measurement and analytics are described as aggregate and not linked to individuals unless additional consent-based purposes apply.
- With user consent, Yahoo uses identifiers (e.g., hashed data, device IDs, IP addresses) to personalize ads, cap frequency, and measure conversions.
- Users can manage and withdraw consent for non-essential cookies, but strictly necessary cookies cannot be disabled.
Read More
The HTML excerpt reflects Yahoo’s updated privacy notice emphasizing that when you use its apps and sites, the company deploys cookies (and similar tracking tools) for key functions: authentication, security, abuse prevention, and measuring usage. These core purposes are aligned with Yahoo’s “strictly necessary” cookie tier and are non‐optional; they are essential for basic service delivery and maintaining site integrity.
Measurement and analytics are clearly distinguished: Yahoo claims that measurement data (e.g. device, browser type, visit duration) are collected in aggregate form, meaning user‐identifiable information is not collected under the measurement category, unless user consent is given in adjacent purposes. This implies a dual framework: essential operations versus optional, consent‐based features.
On advertising front, Yahoo’s policy shows that, with consent, it uses persistent identifiers, hashed personal data, device identifiers, and even IP addresses in limited contexts to tailor ads, limit ad frequency, and match data across platforms. These features are typical in the ad tech industry but subject to regulatory risk—especially with growing scrutiny of identifiers post–GDPR, CCPA, and in cookieless context.
From a strategic perspective, Yahoo is reinforcing transparency and user control in its privacy tools. It’s providing granular consent settings; users can withdraw consent for non‐essential cookies. This reflects increasing legal/regulatory pressure (EU’s ePrivacy, CCPA, etc.). At the same time, non‐consent features are safeguarded—that’s standard but also limiting in terms of monetization flexibility.
Open questions remain: how systematically Yahoo enforces the distinction between aggregate versus identifiable measurement in practice; how its identity testing capabilities (including with Yahoo DSP) function in a post–third‐party‐cookie world; and how regulation may constrain use of hashed identifiers, IPs or persistent identifiers in advertising.
Supporting Notes
- Yahoo defines “cookies and similar technologies” to include web storage, advertising identifiers, tracking pixels, URL parameters, persistent identifiers and IP addresses.
- Strictly necessary cookies are used for authentication, security, and preventing abuse; users cannot disable these.
- Cookies for personalising content or advertising only operate with user consent; without consent, ads may still appear but will not be personalised.
- Measurement cookies collect aggregate statistics—visit counts, device/browser types, durations—without being tied to specific individuals.
- In its EMEA advertising policy, Yahoo uses hashed email addresses or persistent identifiers to connect user behavior across devices, for frequency capping and measuring ad effectiveness.
- Users are given controls through privacy settings to withdraw consent and configure advertising preferences.