Originally envisaged as a convenient way to store web data, cookies emerged as a powerful marketing tool in the 2000s. For many years, digital marketers relied on cookies for data collection. However, in recent history, new privacy laws, browser features, and plug-ins have changed the landscape of data collection.
Marketers have had to develop tools and strategies to ensure they meet compliance as the internet becomes more and more cookieless.
The origins of the cookie industry
Conceived as a utilitarian way of storing small chunks of data, cookies were originally used to make web browsing easier. Machines would use the data to identify a login session on a computer. This way, websites could recognize individuals and store data about items such as shopping cart contents, and search histories.
Realizing the potential, advertisers began using cookies as a method to identify and track users across the internet. The development of a cookie-based marketing industry seems inevitable, retrospectively. Developers and marketers built third-party cookies that could be added to websites. These cookies were then used to compile profiles of web users that could then be sold, at a profit, to other marketers and advertisers.
Eventually, websites and corporations were collecting vast amounts of data – often storing it insecurely and without adequate privacy measures. Sometimes, the data was sold with minimal oversight. Many individuals had their information collected, stored, and sold, without their consent. Since then, marketers and sales teams have had to devise new strategies to establish a strong sales framework.
In many cases, this data was also used in ways that individuals could never have anticipated. In 2018, it came to light that Cambridge Analytica built voter profiles using millions of Facebook users’ data. In response, many governments began enacting legislation to better protect consumer data. One of these earliest examples began in the European Union with the General Data Protection Regulation (GDPR).
Maintaining compliance today
Marketers in the healthcare industry understand the importance of HIPAA compliance. However, many in the healthcare industry have also not yet been fully educated about how to maintain compliance today as privacy rules and laws have shifted.
The EU’s General Data Protection Regulation (GDPR) is currently the most expansive and comprehensive legislation, prescribing a wide range of requirements to which websites must adhere. Additionally, many of these requirements do not just apply to websites and advertisers. Similarly, web browsers manufacturers began to follow suit.
The third-party cookie shake-up
In 2019, Firefox began automatically blocking third-party tracking cookies. Google has declared that they plan to stop supporting third-party cookies by the end of 2023.
Apple’s Privacy Crusade
Additionally, Apple presents its own difficulties for advertisers. As consumers have become more privacy-aware, Apple has introduced additional tools for consumers to use to block advertisers from accessing their data. Apple introduced Intelligent Tracking Prevention (ITP) to Safari and iOS in 2017.
ITP automatically blocked third-party cookies and changed how first-party cookies worked. It also restricted how AdTech companies track people online. Essentially, ITP was used to reduce cross-site tracking and limited data sharing.
App Tracking Transparency
Apple’s latest move introduced App Tracking Transparency. The new feature was expected to cost Facebook parent, Meta, $10 billion. App Tracking Transparency will reduce the ability of advertisers to access iPhone user identifiers.
The move introduces pop-ups that prompt users whether they want to be tracked when opening an app. Unfortunately for advertisers, these types of operating system updates are entirely out of their control. It seems that these types of privacy controls will only become more common.
Marketing Without Third-Party Cookies Today
As more and more internet companies choose to grant users greater control over their personal data, marketers will have to turn to other solutions in order to reach consumers. Managing privacy protection will become crucial with vulnerability management software as these changes become more widespread. Thankfully, even without third-party cookies there are many options that you can still leverage to reach consumers.
Facebook Pixel and First-party Cookies
First-party cookies differ from third-party cookies because they are cookies that are stored by the website that you are visiting directly. Usually, these cookies are used by website owners to collect analytics data and perform essential site functions to provide better user experiences.
One special development in this area is Facebook Pixel, which works like a first-party cookie. The cookie can be enabled by users by adding a piece of code to their website. The cookie appears to originate on the website, but then transmits data back to Facebook and ultimately functions the same as a third-party cookie.
When a user clicks an advertisement on Facebook, a unique string is added to the link. Then, the user is redirected to the advertiser’s landing page and a consent box appears. Once a user consents, the URL is then interpreted by the Facebook Pixel and it communicates back with Facebook.
Facebook Pixels are a great option to leverage instead of third-party cookies because they enable marketers to perform much of the same work that they previously did while utilizing user consent.
Permanent User Identifiers and other cookieless alternatives
Another way to leverage data without relying on cookies is to use permanent, or static identifiers that don’t change. Some great examples of these include a permanent email address, phone number, user ID, or even a phone ID.
As discussed earlier, Apple has introduced measures that allow users to limit how this data is accessed on iOS devices, but this data can still be used in a consent-based framework. For example, many apps may require this data in order to function correctly, or a website may require location-based data in order to calculate shipping rates. Either way, this information can be used without cookies.
Finally, Google has proposed another type of consent-based marketing alternative called FedID. Federated Credential Management would allow a user to sign into a website using a third-party service without sharing any information unless the user agrees to do so. That system would enable federated sign-in without redirects, pop-ups, or third-party cookies. FedID would operate as a consent-based permanent user identifier.
Achieving trust through compliance
Overall, the most important takeaway from all of these new developments in operating systems, browser behavior, and privacy regulations is that marketers and businesses can build greater trust with consumers by adhering to them. The emergence of consent-based alternatives further enables marketers to still build useful marketing data while protecting consumer interests.
Remember, many of these privacy-centric initiatives were the result of the breakdown of consumer trust after their data was used in ways that were entirely unexpected. By being honest and transparent with consumers advertisers can help rebuild consumer trust in an increasingly cookieless world.
About the Author: Gary Stevens is an IT specialist who is a part-time Ethereum dev working on open source projects for both QTUM and Loopring. He’s also a part-time blogger at Privacy Australia, where he discusses online safety and privacy.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.