cookie monster staring at a stack of cookies
PHOTO: yeshaya | adobe

“Digital freedom stops where that of users begins. Nowadays, digital evolution must no longer be offered to a customer in trade-off with privacy .... Privacy is not for sale, it's a valuable asset to protect.” ― Stephane Nappo

Google’s recent announcement that it will no longer build or support browser technology designed to facilitate individual-level data tracking caused considerable consternation. Yet the demise of third-party cookies is neither sudden nor of recent origin.

In 2011, the European Union (EU) updated its ePrivacy Directive to include a requirement that gave individuals the right to refuse the use of cookies. While the directive covered a wide range of topics, the cookie component caused enough turmoil that the entire regulation became known as the “cookie law.” Browsers Firefox and Safari have blocked third-party cookies since 2013 and in 2019 Safari started disabling all cookies after seven days, effectively eliminating the ability to use even first-party cookies to track users over time. Google’s decision to join in simply elevates the issue by extending the pain across most of the digital advertising world. This is primarily because of Google's behemoth reach and control; the company dominates the market space with Android at 85% of the smartphone market and Chrome at 64% of the browser market.

Google Sets Off a Cookie Fight

As to be expected when business models are impacted, Google’s announcement has kicked off a slew of alternative suggestions to replace the tracking provided by the third-party cookie. In fact, the situation seems to be devolving into somewhat of a fight — one that pits Google against industry associations and privacy advocates.

Some groups, like SWAN and the Partnership for Addressable Media, are developing their own solutions. These run the gamut from open source plug-in’s that allow consumers to select a single opt-into or out of personalization that works across all member sites, to solutions replacing cookie-based tracking with tracking using alternative id’s such as email addresses.

Google has introduced its own initiative called the Privacy Sandbox project that it states will enable innovations that protect anonymity while still delivering results for advertisers and publishers. Initial plans are to replace individual tracking with an API (FLoC) that uses algorithms to accomplish interest-based targeting. FLoC will develop behavioral based segments that they call cohorts, essentially hiding individuals within large crowds of people who have common interests. Advertisers will target the entire cohort rather than the individual. Google is also planning on actively fighting back against the alternatives making the following statement: "In parallel to that (FLoC) we will aggressively combat the current techniques for non-cookie based cross-site tracking, such as fingerprinting, cache inspection, link decoration, network tracking and Personally Identifying Information (PII) joins."

Related Article: That's the Way the Cookie Crumbles

An Unstoppable Privacy Juggernaut

While we can’t definitively say where the situation will ultimately land, understanding how to navigate this new world will require marketers to look at a bigger privacy picture than the third-party cookie. The juggernaut is just beginning and there is surprisingly little recognition of the potential endgame — at least where the cookie conversation is concerned.

The latest draft of the EU ePrivacy Directive takes things much farther than its predecessor. It eliminates the use of cookie walls which force the user to accept cookies if they want access to the website. It also requires companies to get explicit consent before they collect, store or process personal data. The example shown in directive descriptions actually highlights analytics as a separate processing action requiring consent. The implication in this example is clear — if the updates pass as-is, the ePrivacy Directive will likely require an explicit opt-in from consumers to use any individually identifying web or device data (including first-party cookies) in analytics. This will have significantly more implications for all data-driven marketers than the loss of the third-party cookie.

There is also no room for non-EU companies to get complacent. As we have already seen with the California Consumer Privacy Act, which followed closely on the heels of the GDPR, privacy protections' momentum is increasing by the day. In March two competing bills were introduced into congress. First, a group of 17 senators reintroduced the Data Care Act (DCA). Originally discussed in 2018, the DCA is intended to be a federal privacy law. Shortly afterward, The Information Transparency and Personal Data Control Act was introduced in the House. This bill labels web browsing and application usage history as sensitive personal information that would require specific opt-in consent to collect and process making it very similar to the ePrivacy Directive. And Google itself is facing several lawsuits around this issue, including a $5 billion class action suit alleging that Google services are collecting data even when they tell users they are not.

Related Article: The Demise of the Cookie and the Rise of First Party Data

The Marketer's Playbook

Fortunately, there are things marketers can do to mitigate the damage. Even better, the activities that help marketers to navigate the end of the third-party cookie can also help them navigate the expanding privacy juggernaut. 

Trust, Transparency and Consent

Walk the walk because simply talking the talk is not enough anymore. In a study examining the factors that will shape the future of CX, Futurum Research found that company actions around privacy don’t always match their public statements about privacy. Seventy-seven percent of respondents told Futurum that they would implement a program they know is not secure to gain time-to-market advantage, 83% said consumers should take responsibility for their own data privacy and 84% are concerned about governmental regulation of privacy. So it's hardly a surprise that privacy is at the forefront of both consumers and legislators today. These attitudes are not conducive to building the type of trust needed in today’s digital world, particularly if marketers want to get customers to opt-into sharing data, accepting cookies and allowing analytics.

One way to gain back some of the trust is to be transparent about what data is being collected and how it is being used. At minimum, marketers should be asking certain questions here. Do individuals know when data is being collected? Do they understand how it is being used, especially when AI or ML algorithms (where the decision parameters are less transparent) are making decisions? Can they easily get answers to their data-related questions? Is it easy for people to opt-out?

Consent is also a big part of trust. A very long time ago, author Seth Godin coined the term “permission marketing.” His view that companies should ask permission to communicate with their customers still stands today. Most privacy laws specify that consent should be ‘freely given, specific, informed, unambiguous’, and articulated by a ‘clear affirmative action’. This means marketing can no longer rely on soft opt-in processes, lack of opt-out, or simple blanket opt-in check box for all communication and analysis activities. Instead companies should ask for and store consent on a more individualized action-oriented basis.

Related Article: Loyalty Without Trust: A Long Walk Off a Short Pier

Value

Getting something of value usually requires a quid pro quo — and consumer data is getting more valuable by the day. Jim Hazen, Advisory Product Manager for SAS said that as third-party cookies go away, getting people to identify themselves is critical. “Marketers need to be savvy and develop unique strategies that get people to authenticate on the websites. Value-add services, content that is contextualized to meet specific customer needs, and personalized offers are a few options.”

A great example of a creative value-add is the American Airlines 40th anniversary promotion. Targeted emails and more general website banners invite consumers to “join the festivities and discover chances to win, engage and explore every day.” The interactive experience, which requires membership in the frequent flier program, offers prizes for taking guided tours of the various services that American offers. Not only does this attract people to the website but it also encourages authentication for both existing loyalty members and anonymous visitors.

Attribution

Measure twice because while the loss of third-party cookie provided impression data makes attribution more difficult, it doesn’t eliminate the need to do it. One analyst lamented that marketers may now have to revert to the dreaded last-touch attribution methodology absent the data provided by third-party cookies. A better choice is available though — data-driven algorithmic attribution. The data-driven approach leverages machine learning to identify the touchpoints and sequence of events that form customer journeys, influence behavior and drive conversions. Expanding the attribution to include both online and off-line touchpoints, detailed path analytics, event sequences and timing between events will help cushion the blow of lost third-party cookie data.

Related Article: Are Your Cookie Consent Banners Hurting or Helping?

First Party Data, Identity Management, Analytics

Check your martech, because it is time to double down on first-party data strategies. This means leveraging the CDP if you have one to fully develop the customer profile with all the information you do have. Identity management services take center stage and ensuring that they can detect digital events, combine online and off-line data and dynamically update identities as activity happens is paramount. That analytics should drive personalization and help to shape journeys goes without saying. All of these capabilities also tie directly into the value part of the equation — the better you know your customers, the more personal and contextually relevant you can make your communications, the more value you will bring to them.

Don't Follow the Cookie Trail – Forge a New Path

The bottom line? Elimination of the third-party cookie is not the endgame but rather just another step on the privacy juggernaut, abet an impactful one. Marketers who react to the third-party cookie phase-out by simply adopting one of the alternate tracking options that fill the cookie void will likely find themselves in the same spot again a few years down the road, only this time it will be a fire-drill around some other aspect of privacy. Instead, we must be prepared for privacy protections to become more stringent, for consumers to become more educated and for penalties associated with non-compliance to become more severe, cookies or not. If we want to continue down the path of data-driven marketing, we must up our game around transparency, trust, and analytically driven value value-add for our customers.