Data in the News: A Win for User Privacy, a Setback for Business Analytics and Personalization

Cookies have always been included in digital security and privacy debates so it shouldn’t come as a surprise that Apple and Google continue to create and reinforce policies for web browser cookies to find the right balance between privacy and business. A few weeks ago, both Apple and Google announced their latest cookie policy changes regarding third-party cookies.

For marketers, product managers, and business analysts, these changes are going to directly impact your metrics. For analytics platforms that depend on cookies, this could be a major point of constriction. For consumers, this may change the overall web browsing experience. These changes, for better or for worse, are only going to become stricter as technology grows more invasive.

What are the new policies?

Apple and Google are both looking to set the bar on what it means to protect user privacy, while not eliminating targeted advertising. Their approaches are different but shift toward an important step in digital security — user privacy prioritization.

Safari:

The latest policy update from Apple, ITP 2.2, was announced on May 13th and will require first-party cookies to be deleted after a mere 24 hours. Apple has been experimenting with different ways to limit cookies for a while now, and its newest policy is the most extreme one yet in their attempt to increase digital privacy.

Chrome:

Google has yet to roll out restrictions in the same vein as Apple’s ITP. Since they are advertising dependent, and are more focused on user choice and privacy preference, they probably wouldn’t make such drastic changes. Google did announce they will be introducing greater distinctions between first and third-party cookie controls. If you’re a Chrome user, this is similar to the options you already have to disable, clear, and control cookies. Chrome’s new policy will just make it easier for users to control third-party cookies while protecting certain first-party cookies, like login information.

Google will also be unveiling an open-source browser extension that will allow users to access and view companies (ad tech, ad trackers, publishers, etc.) that played an active role in targeted marketing and ads. This means that as users browse your site, they’ll be able to view all of the information for Google ads, and all of the Google ads they’ve recently seen. On a larger scale, Google will also be introducing APIs that allows others in advertising to disclose this same type of information to their users.

As Google changes their Chrome privacy settings, many have wondered if Google will follow their own rules for third-party advertisers, especially in regards to a user’s Google ID being tracked even if their cookies are blocked. Google has said that they will follow these guidelines, just like everyone else. Unfortunately, the problem with taking Google’s word for it is that without formal regulation of “tech giants” that have claimed to police themselves in the past, it’s hard to know if they’re truly following the spirit of their own rules.

What does this mean for businesses and analytics?

Regardless of how you track your web analytics, there will be data changes you need to watch for. Web analytics, A/B testing and attribution will all be affected by these policy changes due to their reliance on cookies to track users on a given site. Companies may notice an increase in their organic traffic as sites will lose those third-party cookies after 24 hours, causing the same user, if they visit again, to be recognized as a new user every 24 hours. A/B testing will be more difficult given users may be seeing both variations if they visit the site again after a 24 hour period. It will also be harder to pinpoint attribution rates as user information will be harder to look at collectively, especially over multiple browser sessions.

One way to incorporate this change into your analytics is to know how much of your site traffic comes from Safari and the average amount of time that elapses before a user returns to your site. According to StatCounter, Safari makes up about 16 percent of web browser usage (Chrome is about 63 percent), 21 percent of mobile browser usage (Chrome is 75 percent), and 67 percent of tablet browser usage (Chrome is 20 percent). You can use these numbers to gauge a possible change in your data based on your business’s current site traffic.

With these updates, we must consider the broader implications. For example, consumers may be annoyed by ads that are now more likely to be irrelevant (we value personalized ads at times), companies may be frustrated by having to create less target-specific ads (losing out on money and certain customer bases), and platforms may have trouble creating user-specific content and services (product managers may not know how to enhance certain aspects and features).

Overall, the reactions to these policy changes have been somewhat mixed. In the past, cookie bans have had the opposite effect of what they were trying to accomplish. When policies are quickly rolled out, regardless of their field, underground practices can create methods that are harder to detect and regulate. It’s important to note, that if businesses start to create workaround methods, Apple will probably catch on (just like they did after ITP 2.0) and update their policy…again.

Where do we go from here?

These policy changes may appear to be drastic, but tracking techniques have been shifting as mobile internet usage increases. In fact, some ad companies have already started to think of long term solutions, such as creating a unified ID solution. If unified ID sounds familiar, that’s because it isn’t a completely new idea. Companies like Facebook and LinkedIn have been using unified IDs for a while now. Apple very recently unveiled a single-sign-on unified ID that may help establish them as a “privacy-as-a-service-company.” How does a unified ID work? A unified ID is routed through a domain and then tries to establish a sign-on experience for logged-in users across domains. This allows for a good amount of refresh frequency within the new 24-hour cookie policy which ultimately allows first-party cookies to, “…remain somewhat persistent, reduce fragmentation, reduce the need for resource-intensive ID syncing services that would likely enter the fray during short-term mitigation, and better position the industry to navigate GDPR compliance and consumer opt-out controls via deterministic cross-device matching.” Companies and firms that have integrated a unified ID have agreed that it has been more efficient and accurate when targeting ads.

User privacy, as an overarching demand, is here to stay. Frankly, it’s unrealistic for users to expect to not be tracked yet maintain the level of browser convenience they’ve grown accustomed to, like seeing ads for businesses they interact with frequently. To benefit from that level of ad relevance, they’ll have to accept a certain amount of cookies. The entire advertising industry is supported by the notion of building user profiles and relies on support from cookies.

Over the next few years, it will be interesting to see how Google and Apple continue to approach these topics and compete against one another for credibility and notoriety in digital security. It’s obvious that they’re both taking different routes: Apple laying down a hard line and Google giving users the option to opt-in or out. These diverging opinions shouldn’t come as a surprise though because, frankly, they align with their respective company’s overall approach to technology. As of right now, it is clear that policy changes regarding cookies will be a constant cat and mouse game between browsers and ad tech.