Log In

What Marketers Need to Know About Privacy-First

Posted October 6, 2021
Quimby Melton

If You’re Confused, You’re Not Alone

There is a lot of information available to people who want to know more about how privacy-first approaches and data privacy regulations impact digital marketing.
Unfortunately, a lot of that information is inaccurate, although the inaccuracies aren’t intentional. The policies, approaches, and technology advances are confusing, technical, and constantly in flux. Quimby Melton joined us on the Revenue Marketing Report to offer some clarity. “There is a lot of confusing information out there about privacy and the shift away from third-party data. I think people use the word ‘cookie’ as a catch-all word for all the ways we gather data digitally. We need to get more specific because these privacy changes impact more than just browser-level data storage like cookies, trackers, and pixels. To be cookie-free doesn’t mean that you’re immune from privacy-first disruption.” Before we dive into the other layers of data impacted by privacy laws, let’s talk about cookies. A website’s server creates cookies once your browser begins to load that website. The visit triggers information to be written to a file (cookie) in your browser that contains an id unique to your device. These files are generally shared between your browser and the website without altering the content or causing a subsequent action to occur on your machine. Cookies are what allow us to remain logged into a website the next time we visit, save our preferences so we can have a tailored browsing experience, and store information about what we’ve left in a cart or shopped for in the past. They also sometimes follow us around the internet, collecting a ton of data about what we view and interact with on the web. Different cookies last for different durations. Session cookies only last during a single active session and disappear once you navigate away from the website. Persistent cookies are either tracking cookies that are used to gather data over time to refine a user’s profile (think personalization) or authentication cookies, which record whether you are logged in and, if so, under which username and password. Persistent cookies are also divided into first-party (or generated by the website’s domain you are visiting) or third-party cookies. Third-party cookies are placed in the website’s code and use code generated by a different domain from the website you are visiting. Third-party cookies are used by some marketing analytics and retargeting companies (although some companies like CaliberMind use first-party cookies created by javascript to write and collect data) and some more malicious entities on the web. How Cookies Work In 2017, Apple Safari and Firefox disabled the ability to store third-party cookies in a browser. They also restricted the lifespan of a first-party cookie to as few as 24 hours depending on the type of information stored in the cookie. While this is good for privacy, it wreaks havoc on data collection strategies marketers have used since the ’90s, particularly around retargeting. Intent data is impacted to a lesser degree because most vendors rely on machine-level identifiers. “When we’re talking about browser-level data, we certainly can quantify who’s going to be impacted. Since 2017, the population that used Safari and Firefox no longer stored third-party cookies (20% to 25% of people). When Chrome finally bans third-party cookies, most users will be impacted (75% plus). However, it’s important not to get stuck on a specific technology, browser, or device. Privacy-first is about more than tags and cookies and pixels. It’s about who accesses data and who processes and controls that data. It’s the end of the way that marketers and developers have gathered in online data for about three decades now.” The statement seems a bit dramatic, but we’ve already had to put opt-in processes in place and mechanisms to purge data upon request. Since the introduction of GDPR and now CCPA, companies can’t store Personal Identifiable Information (PII) without a person’s consent (if they reside in the European Union or California). Depending on the interpretation, this includes IP addresses (which are definitely included if those IP addresses are also correlated with a phone number, email address, name, etc.). Even companies that don’t perceive IP addresses as PII now have cause to worry. After Apple’s latest ITP (Intelligent Tracking Prevention) update, users can opt-in to mask their IP address. Even Google Analytics allows users to request IP anonymization. There are ways around blind spots caused by third-party cookie bans. However, machine-level masking is a much bigger deal. Quimby Melton-1 “We’re going to see more disruptions on the client-side, whether that’s the browser or device. We need to start thinking about how to build a better system. From Confection.io’s point of view, that involves looping in server-side data while observing the need for data compliance.”

How We Got into This Mess

“The Tragedy of Commons is an economics concept. It represents a situation in which individuals have unfettered access to a shared resource. Some examples are the unregulated common lands in 19th century Britain or the free rangelands here in the American West. Animals would eat all the grass, and as a result, the land is no longer useful. Overfishing cod caused a decades-long fisheries collapse,” Quimby explained. “Climate change is probably the ultimate example of the Tragedy of Commons, but on a banal level, think of public bathrooms. The lesson is that everyone’s inexpensive, easy-to-access property is no one’s property. When we use resources in an entirely self-interested way, we deplete the value of the resource. “The ways we’ve collected, stored, and distributed data over the last 30 years was very self-interested and uncoordinated. Human beings don’t like or trust the system, and it’s also failing technically. We have to ask how can we build a more compliant system that allows this important social resource, namely data, to flow more readily and sustainably for everyone involved, not just the advertisers.”

What Things Will Look Like Post-Privacy (Maybe)

Depending on the person I’m speaking with, opinions on how drastically we’ll be impacted vary from very little to the sky is falling. Given indicators in the market, it’s wise to ask vendors their roadmap, but I’m not confident any of us can say exactly how things will shake out over the next five or more years. Spectrum In the meantime, companies like Confection.io are racing to develop alternative data collection techniques for analytics. Some are even creating new internet protocols. Quimby compared it to “the format wars of the eighties and nineties. Think Betamax vs. VHS and Blu-ray vs. DVD. “The next generation needs to go beyond browser-level, device-level, and even the application level. This is a systems-level problem. Google has rolled out the privacy sandbox or ‘walled gardens’ with mixed reception. Cloudflare and Apple designed DNS-over-HTTPS or ODoH, which prevents internet providers from seeing (aka selling) browsing history information to advertisers. Tim Berners-Lee, the father of the worldwide web, is working with something called Inrupt, which is kind of an anonymous data vault. And then, of course, our product is another approach.” As marketers (especially as marketing operations professionals), we need to source our names ethically, be cautious about using data, and watch privacy regulations like a hawk. We can’t afford to ignore trends (more on that here). “Ultimately, we’re all trying to connect with other humans as marketers. Aggregate anonymized statics can be just as useful and actionable as personally identifying data. Just because you don’t have first-party data that’s linked to a human being doesn’t mean that you can’t help fine-tune your audience models, spot trends, and make better decisions. Some of the most useful data we have is trends-based anonymous information that indicates what’s popular or where people get lost in our selling process. “While we all must start building and owning first-party data sets, I still think there’s a place for non personally identifiable information that we can use to make better decisions. “An individual’s expectation that their online experience is personalized to their preferences is not going to change. The critical factor in terms of delivering something that works for everyone from a systems-level and also on the soft side is rebuilding trust with users.”
For more on privacy trends and which skills marketers should embrace for upward mobility, listen to the full Revenue Marketing Report episode at the top of the article or anywhere you podcast.