We summarise the upcoming cookie changes and give some insight into how they might impact you and your corporate data strategy – as well as what companies should be doing next to prepare for the changes.
Third-party cookies are being phased out. Despite Google delaying its plans to eliminate third-party cookies again – this time until 2025 – it’s expected from early next year, the phase out will begin.
Whenever it does finally happen, the fact remains that phasing out of cookies could have a significant impact on organisations used to tracking how people interact with websites, which allows the analysis of user behaviour and enables targeting, and retargeting, of prospective and current audiences more effectively.
Without cookies, all organisations will have less data to inform their marketing and outreach strategies, which could lead to a decrease in site visits and revenue as companies struggle to reach the right people with their messaging.
In this article, we investigate what the cookie changes could mean for you and how to be prepared for what lies ahead…
What are cookies?
First things first, what are cookies? As small pieces of data stored in a web browser, cookies allow websites to remember certain information about a user, such as the site visited, login information and pages the user viewed on the site.
What are first-party cookies? These are NOT being phased out:
First-party cookies are directly stored by the website (or domain) you visit. These cookies allow website owners to collect analytics data, remember language settings and perform other useful functions that provide a good user experience.
What are third-party cookies? These ARE being phased out:
A third-party cookie is placed on a website by someone other than the owner (a third party) and collects user data for the third party to then use. Typically, providers such as advertising networks or social media websites place third-party cookies and receive a ‘notification of visitation’ confirmation.
Google uses first-party data for user preferences and authentication and third-party cookies for advertising. The first-party cookie only gets data from the site the user accessed. Whereas third-party cookies let other sites access data.
Why is this change happening?
Primarily, this is a response to user privacy concerns around how third-party cookies collect user data and pass it to third parties. The change also complies with regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) – more info on them below!
In a nutshell, users want choice and control over their personal data, and industries are having to listen. As such, tech companies are phasing out third-party cookies from their respective browsers in order to provide users a deeper sense of security. Regulation now means website visitors must opt-in to enable third-party cookies.
The impact of regulation
In 2017, economists began referring to data as being “more valuable than oil”. Today, 87% of consumers are concerned about how their personal information is being used and, as a result, governments have stepped in to enforce regulations that give individuals more rights over their data.
A few notable laws impacting the way third-party data is collected and used include:
1. Privacy and Electronics Communications Regulations (PECR/E-PRIVACY DIRECTIVE)
The ePrivacy Directive, also known as the Cookie Directive, was the impetus behind cookie consent pop-ups’ proliferation. Under the ePrivacy Directive, websites that target individuals in the EU must:
- Obtain user consent before using any cookies (except strictly necessary cookies)
- Tell users about each piece of data the cookies track and their purpose – in plain language
- Document and store user consent
- Give users the option to access content and services even if they refuse to allow certain cookies
- Enable users to withdraw their consent at any time
2. General Data Protection Regulation (GDPR)
GDPR is the most comprehensive data protection legislation to date. Recital 30 of the regulation states:
“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers, such as radio frequency identification tags. This may leave traces that, particularly when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them”.
Cookies qualify as personal data and are subject to GDPR. This means companies can process user data as long as they’ve received consent or legitimate interest.
3. California Consumer Privacy Act (CCPA)
The CCPA classifies cookies as personal information. While the CCPA doesn’t make businesses obtain opt-in consent for cookies, it does require them to disclose what information they collect and the purposes of collection.
It also says businesses that sell the personal information collected by cookies must inform users of such sales and allow them to opt-out of the sale of their personal information.
What will the main impact be?
The elimination of third-party cookies will significantly affect an organisation’s ability for retargeting by making it more difficult for advertisers to monitor the web activity of potential customers or use that data to inform their wider marketing strategies.
In addition, the loss of cookies will make it harder for publishers to monetise their websites, as they will no longer be able to sell targeted advertising.
Safari and Firefox already allow their users to refuse all third-party cookies, but with Google Chrome having 64% (desktop and mobile) browser market share, the main impact has yet to be felt.
However, according to research conducted by Adform, despite 75% of companies globally acknowledging that the deprecation of third-party cookies will impact their business, over 78% of marketers don’t have a tested solution in place.
What are the main alternatives to third-party cookies?
Most companies have started experimenting with alternatives to third-party cookies to ensure they can market effectively and minimise disruption. The main alternatives currently being tested include:
- First-party data
- Identity solutions
- Publisher Provided Identifiers (PPIDs)
- Contextual advertising
- Data Pools or Data Clean Rooms
- User Identity Graphs
- Digital Fingerprinting
However, many of the alternatives that companies will migrate to rely on a firm corporate data strategy and technical ability for the collection, retention and analysis of first-party data.
A solid first-party corporate data strategy is something every organisation should have in place or be looking to adopt immediately.
What is first-party data?
First-party data is information a company collects directly from its own sources, such as its customers. In other words, information about customers from both online and offline sources, such as the organisation’s website, app, CRM, social media, customer helplines or surveys -– all this data collected directly from the customer is classed as first-party data.
Why should organisations focus on first-party data?
Marketers and publishers value first-party data the most because of the numerous benefits it brings. Here are the five main reasons why this is the case:
1. Increased relevance
First-party data takes the guesswork out of determining who your audience is since it’s collected directly from their behaviours and preferences.
2. Accuracy
With first-party data, you eliminate the middleman. Data that comes straight from the source is more likely to be accurate. It’s also easier to manage privacy-related issues because you know exactly where the data originated.
3. Immediacy
Organisations have access to first-party data right now. It’s stored in their CRM and across other operational areas of the business.
4. Affordability
Because it’s your data, there’s no cost associated with first-party data. The only cost is the advertising you use to draw users to your website and the tools you use to measure the insights, which you were probably paying for anyway.
5. Create a better experience
First-party data allows you to gauge customer intent and position in the buying journey. By seeing what your audiences are interested in, you can personalise their experiences by suggesting products and content your customers want to see.
Organisations can collect first-party data from a number of sources throughout their day-to-day operations. However, collecting the data is not the primary issue. Many companies struggle with:
- Collecting customer and prospect data in a compliant manner
- Aggregation of data from all available sources
- Giving data subjects the right tools that build trust
- Using first party data to generate insight and deliver on organisational needs
How Edit can help you navigate your first-party data with a corporate data strategy
To understand more about this topic and develop a corporate data strategy to mitigate the upcoming cookie changes whilst delivering a privacy-first organisation, our team is here to help.
If you’d like to learn more about our data strategy services, from data management and data science to digital analytics, contact us today to learn more.