In evolutionary terms, we are living in the consumer data era. Google’s plan to phase out support for third-party cookies in Chrome is simply the latest development in the evolution process of consumer data and privacy. Naturally, rhetoric is spinning around the web, at times with a sense of hysteria attached mainly due to gaps in knowledge and misconceptions. So, let’s take a step back and try to ease the panic by untangling some of the knots in the web.
In the blog post announcing the plan, Justin Schuh, engineering director for Chrome, explains the purpose of the Privacy Sandbox open source initiative that will render the cookie obsolete, is to “make the web more private and secure for users, while also supporting publishers.” This is a sequel to the previous Google changes to cross-site tracking in Chrome — that will come into effect in February — developed to enforce a universal flag system. Referred to as SameSite web technology, it prevents insecure data sharing across sites while building an environment with “incrementally better cookies.” It’s easy to spot the veil of irony here: how can cookies become incrementally better while they are gradually phased out? Has the problem become such a challenge that the only way to fix it is “tabula rasa,” a blank slate upon which to build a new experience? Perhaps this is the case, but we ought to clarify what we are trying to achieve.
Traditionally, third-party cookies are used to store a lot of information — one could argue more than they should — but they are also the default method for saving and syncing consumers’ data including privacy preferences. By eliminating them, consumers’ privacy choices will be deleted or lost, effectively giving consumers less control over the use of their data. In addition, privacy regulations such as GDPR require publishers to ask for consent every time a user lands on their site, creating multiple IDs each time. The question remains: how do you propagate consent connecting the dots between customer identity and privacy choices to deliver positive experiences? The eradication of third-party cookies will make this process far more complex for publishers, especially for those with multiple domains.
Similarly, we must stress that putting an expiry date on third-party cookies will not kill third-party data off, as they are two very different things; the former are, in effect, containers for users’ information, while the latter refers to data that originates from various online and offline sources, which is aggregated together by a third-party data provider. Established third party exchanges include companies such as Experian, Bombora, Eyeota, and of course, Lotame.
As third-party cookies begin their decline, making best use of first-party data is a smart move for publishers, but, on its own, this strategy will not allow them to build the panoramic view of the consumer advertisers and brands want. Collected from a single verified source, first-party data is accurate, secure and puts publishers in control. But there are limitations: publishers will have some view of consumers based on their account details, behavior, interests in their site but what about what’s happening outside their domain? Publishers will need access to enough data to complete the picture if they want to scale their campaigns.
Relying solely on first-party cookies can further undermine the privacy experience as without a GDPR-compliant solution that unifies consumer choices and IDs across different digital properties, consumer consent cannot be guaranteed — increasing the risk of creating a fractured web experience for users.
Other dominant players in the web environment, such as Apple, would argue privacy works within their walls. The company has no qualms about blocking third-party cookies in Safari because across the logged-in iOS environment it has complete control and an unchanging ID. Equally, Facebook allows logged-in users to set privacy preferences that are then applied across its multiple platforms, but that doesn’t help publishers, platforms, and anyone who relies on the web for their business, outside its walls.
The way today’s digital environment is evolving is making it harder for businesses to get to know their customers on a meaningful level and build mutually beneficial relationships with them. And those without deep pockets and advanced tools are finding themselves unfairly challenged. To ensure fair competition and tip the balance towards consumers having control, we need to start thinking about privacy more in terms of collaboration than protecting market share.
While the Chrome proposal is promising, suggesting all good actors will be given an equal opportunity to leverage open-standard mechanisms within the Privacy Sandbox, there’s no doubt that Google will not take down a system crucial to its own business. As to the rules to play in the sandbox, and in particular the way and how much information will be made available, it is, at this stage, unclear.
It’s vital for the success of this project, that all parties advocate and contribute to the answer, to avoid one player becoming the control centre. Having transparency and insight into how this technology will solve privacy challenges in the interest of the collective is key to developing data practices that not only fulfill the promise to consumers but protect businesses as well.
Chris Hogg, Managing Director EMEA, Lotame
About: Lotame is the world’s leading unstacked data solutions company, helping publishers, marketers and agencies find new customers, increase engagement, and grow revenue through audience data. As the pioneer DMP thirteen years ago, Lotame has continuously innovated to become the trusted data solutions company for global enterprises such as Bloomberg, IBM and Omnicom Group. Lotame is headquartered in New York City, with offices around the world, including London, Singapore, Mumbai and Sydney.