Guide For Digital Marketers: Surviving ITP & GDPR In A Cookie-Less World
Considering the massive user-credit details leak stemming from Equifax, and Facebook’s data breach scandal – the two data-security breaches were probably the most susceptible to widespread media coverage.
However, these were only a mere few mishaps amongst the many other unfortunate data breaches that occurred recently.
The gravity of seriousness surrounding these globally dispersed data-protection failures (which were arguably also potential catalysts to the 2016 US election results and Brexit) – called for an equally formidable response.
So, state governments holistically embarked on their search for a way of improving the internet’s personal-data security.
The resulting answer was two-fold: GDPR and ITP.
European Union’s Newfound Regulatory Data-Protection: The Legal Basis for ITP
The General Data Protection Regulation (GDPR) sets up safety requirements concerning the collection, storage and transfer of data pertaining to businesses that process all European Union citizen personal details, regardless of where these businesses (or their websites) are based.
GDPR regulates not only sensitive user-data such as date of birth, social security number and political opinions, but also web-based data like IP addresses and cookies that are also considered ‘personal’.
For digital marketers, the direct implications of GDPR meant that the requirements for data ‘controllers’ and ‘processors’ now needed written consent when adding user email addresses to newsletter subscription lists. Furthermore, this meant that these details could only be utilised for the purpose of sending newsletters.
Certain website analytics restrictions were also posed such as a personally identifiable information collection ban which meant anonymising IP addresses. As well as user consent for using website analytics, with a right to opt-out or be forgotten.
This Regulation came into full effect as of May 2018, and is still considered as the most comprehensive piece of privacy legislation developed by any jurisdiction.
So, it comes as no surprise that it served as the global theoretical framework for basing further practical, technical regulations upon. A fine product example being Apple’s ITP – or Intelligent Tracking prevention.
ITP Evolution: Causes and Consequences
ITP is Apple’s Safari released regulation, allowing the browser to block cross-domain tracking (specifically ad tracking) by deleting first and third-party cookies.
Safari was the first browser that implemented strict regulations with an intent to protect user privacy and stop ad-tech companies from tracking people on the internet. Other popular browsers followed by example and proceeded to mirror Apple’s regulatory endeavour by introducing similar restrictions.
Firefox has implemented Enhanced Tracking Prevention which is very similar to ITP. Google has also announced privacy changes to its Chrome browser that will give users more transparent control over personalised advertising and control over which third-party cookies are created and stored on their devices.
Questionable practices by marketers are among the reasons behind enabling GDPR, ITP and regulations alike to impose restrictions. Personal data was initially obtained for improving user experience in the past, but unfortunately also often misused. Email lists were placed for sale which enabled automatic customer opt-ins and hence exposed to unwanted marketing communications. Furthermore, advertisers would neglect providing users with clear instructions around un-subscription from multiple marketing newsletters, or having their data removed from such customer lists.
It’s usually when web users become unhappy that things start to get rather bleak for advertorial autonomy. And still – internet users remain concerned about their privacy with a greater demand calling for data and personal information protection. But the truth of the matter is also that they are simply fatigued of those creeping ads, pestering them wherever and whenever they browse around the web.
Here’s the short summary of the stages that went behind developing ITP since early 2018:
- March 2018 – ITP 1.0 launched, specifically targeting the deletion of 3rd Party Cookies after 30 days of inactivity.
- September 2018 – ITP 2.0 focused on first-party cookies which mimicked the functionality of third-party cookies.
- February 2019 – ITP 2.1 deleted all persistent 1st party, client-side cookies after 7 days of inactivity.
- April 2019 – The most recent update comes in the form of ITP 2.2. This update prompts the browser to delete all cookies after 24 hours – provided the following two conditions are true:
- The traffic originated from a domain classified with cross-site tracking capabilities – including major ad networks, Google and Facebook.
- The final URL of the navigation has a query string and/or fragment identifier.
Without technical changes, ITP 2.2 update means browsers now automatically get rid of cookies. As a repercussion, businesses will face shrinking their remarketing lists which would partly be non-existent and no longer targetable.
Cookie-less browsers: Impact on paid media
Before 2018, the advertising industry was previously heavily reliant on cookies for their use towards creating targeted and retargeted ad campaigns.
Now after all the recent ITP updates, most online ad campaigns using this outdated cookie approach face restrictions with Safari and Mozilla browsers. Advertisers should hence gauge other approaches that appropriately attribute ad campaigns.
The negative impact of ITP on digital marketing could be divided into two main categories:
- Cookie-based user targeting issues, or an inability to create re-marketing lists.
- Reporting and attribution issues, or an increase in unattributed conversions.
Read about how other industry experts think cookie-less tracking will affect your marketing.
Cookie-based user-targeting issues
As noted above, cookie-based user targeting includes targeting remarketing lists.
ITP technology significantly shrinks these remarketing list sizes, transforming remarketing users into “ghosts”. Also, ad frequency capping cannot be controlled anymore as it is impossible to identify persons that have already viewed this ad and viewing frequency.
Furthermore, standard bidding algorithms cannot recognise the conversion attribution to cookieless browser traffic. Therefore, it would be undervalued even if it is in fact highly convertible.
Google devised several possible solutions for avoiding strong negative impacts on ad campaign performance.
The first recommendation was an extensive implementation of Customer Match technology, which is currently broadly available for many Google advertising formats.
Customer match allows displaying ads to customer lists (for e.g. from CRM systems), or to similar new users. However, this feature is not available on third-party sites in the Display Network.
Instead of remarketing, other types of Google audiences (for example, In-market, Custom Intent, Similar etc.) could also minimise the negative impact of cookieless browsers. This is because they are products of contextual and environmental signals, amplified with machine-learning. And hence, can help to find the relevant audience suited to the product.
As for the problematic biding issue, Google recommends switching to auto-bidding which uses a wide range of contextual signals without the use of cookies.
Reporting and attribution issues of the cookie-less world
Unfortunately, with Apple’s new restrictions for first-party cookies, overcoming conversion reporting and attribution issues remains unsolved. Google is yet to come up with an extensive solution to this.
Some developers recommend using other unique-click identifiers as a unique click ID (or visitor ID) in the URL to the destination website. Second-party data (or data co-operative) partnerships could also be an implementable workaround to ITP by syncing identifiers between sites.
Exchanging identifiers between sites (for e.g. between partner sites and other domains owned by the same company) is made possible by passing the IDs via URLs and storing them in a server-based first-party cookie (i.e. server-side). This workaround limits remarketing between partners, and further promotes the expansion of data co-operatives.
Another solution is to also to create an updated version of the cookie – a digital token, or a single identifier across multiple website publishers and online advertisers.
However, all these workarounds may very well be temporary solutions, also doomed to prohibition by the next version of ITP. This is because these solutions still strive for the same goals as the cookies before them. Therefore, it wouldn’t be a surprise whatsoever that the browsers concerned about user privacy would prefer avoiding them.
Long-term workarounds: How to reach users in our ITP-world
One of the solutions to adapt to our ‘ITP world’, could be to actually let each user decide the kind of advertising they prefer receiving. The kind that is highly tailored and personalised to their unique needs. Or perhaps a more generic form? Or shockingly, even no advertising at where it’s not needed?
Ultimately, as internet users, we all reserve our right to privacy and control over the amount of data we want to share and with whom. And a right to green-light sharing with the companies from those we encounter online – those potentially profiting from our personal information.
And as we now await the new disruptive solution – all we can do as an agency is count the “casualties” of this tracking “war.” Also – correctly assess the impact that those technological changes have on businesses.
Besides – ITP is also a great in challenging marketeers to come-up with new marketing tactics that facilitate quick 24-hour conversions. For e.g. by interacting more with potential clients through a live chat functionality.
In addition to this, advertisers could also invest further towards developing strategies for effectively reaching users through contextual signals. As well as, developing a new email-collection approach by placing the rather useful materials in front of potential clients. Meaning that we don’t consider such conversions as ‘soft types’ anymore – but as an integral part to our advertising strategy for adapting to this ‘cookie-less world.’
If we want to re-target a particular customer, we should focus on earning their trust through an effortful provision of relevant, useful information. The information they deem valuable and worthy enough to disclose their email address in exchange for.
If marketeers eventually pave the way for this day – that day – we’ll only need to call on cookies for our 5-o’clock high tea sessions.
Something our Maria doesn’t mind indulging in occasionally.
Read articles more from the Paid Media guru now!
