“HOW DID A COOKIE TELL THE INTERNET THAT I WANTED A BIKE?”

On 26 April 2021, blood pressure spiked for online advertisers as Apple released iOS 14.5, adding the long-awaited App Tracking Transparency (ATT). What is ATT? It’s a feature that allows iPhone users to block the so-called identifier for advertisers (IDFA), a method used by apps to track user activity across apps and services. The ATT now requires apps to ask for permission to track and makes it possible for the user to block the app from tracking their online activities.

ATT is set to hurt the likes of Facebook, which tracks users across other apps and websites visited using the IDFA. The IDFA also allows Facebook and its partners to see how successful ad campaigns have been, such as if you saw an ad on Instagram, searched for the company on Google, and then bought from their website.

It might not be obvious, but you are being tracked all the time when using apps and services—the average app has six trackers. The same goes for websites, and the data collected on you can be collected and sold online without your knowledge. I’m afraid this is NOT a myth!

This is the reason why when searching online for a bike, computer, headphones or other product or service, suddenly, every subsequent website visited has an advertisement with the exact product you were looking at or a similar suggestion.

“They are spying on us! How dare they! They are stealing our data,” some may say. While others believe it’s not “stealing”, but rather implicit consent in return for access to the wonderful World Wide Web! Being a sensitive subject, let’s try and understand how all of this works.

COOKIES, WHAT ARE YOU TALKING ABOUT?

Cookies are usually delicious snacks, but when it comes to the internet, they are a pillar online advertising. Simply put, a cookie is a tiny piece of data that is stored in your computer via your web browser. This cookie is not a program and cannot control your computer in any way. The information contained in a cookie is usually encrypted, but some accessible data can be read easily, such as a timestamp that shows when you accessed a certain website. It’s up to the specific website to decide whether that content will be in the cookie or not. 

When you revisit a website, your browser searches for a matching cookie on your computer and, if found, sends it back to the website to provide information about your previous activity on that site. It’s the cookies that make the tracking possible, like leaving cookie crumbs to see where you’ve been.

Cookies are here to make things faster, easier, and more efficient. Here is an example: you are shopping on a website, and you close your browser without finishing your purchase. The cookie will know which items were in your cart. When you reopen the same website later, the cookie will allow the website to fill your cart with the same products you selected during your previous visit, so you don’t need to search for them a second time.

A website recognizes who is currently browsing their page thanks to cookies, and can therefore adapt to a user’s needs, to a certain extent. Therefore, the storage of data via cookies has a noticeable effect on the user.

Getting more specific, here is the type of information a cookie can contain, also known as its attributes:

• A randomly generated and unique number that recognizes your computer. This makes web applications, such as online shops and online banking, easier since the website remembers you, i.e.: the shopping cart example.

• The domain name or url cookie is useful for a website to store image files that are hosted on another server.

• User settings, especially language and other special preferences. This information allows the website to remember the visitors’ preferred language.

• Time spent on the website or individual sub-pages. This data is collected for pure statistical evaluation.

• Data entered by the user via web forms – such as e-mail address, name, or phone number, in order to enable auto-fill. This also includes search terms entered in search engines.

• Visited sub-pages such as product pages in online shops. This data is highly relevant for online marketing.

• Meta data such as the expiry date or time of a cookie, the path, and the security specifications (e.g. “HTTPS only”). While some cookies are deleted after leaving the website – which is particularly common in online banking, other cookies remain for years.

With this background on cookies and their attributes, let’s see how they can be used for marketing purposes.

A NEW PLAYER ENTERS THE RING: THE THIRD PARTY COOKIE

We can distinguish two main types of cookies: first- and third-party cookies.

First-party cookies are directly stored by the website (or domain). These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions that enable a good user experience.

Let’s take the most concrete example, shopping on Amazon. The web browser will save your data under the “amazon.com” domain cookie. Which means that you don’t have to sign-in every time you visit the Amazon website, and you can store a shopping cart in case you close the window. But it only applies to the Amazon website.

Third-party cookies are created by domains that are not on the website you are visiting. These cookies are used for online-advertising and placed on a website through a pixel, a tag, or a script. A third-party cookie can be accessed by any website that loads the third-party server’s code.

Third-party cookies are created and placed by websites other than the one you’re visiting. Some common uses include cross-site tracking, retargeting and ad serving.

Let’s take another example. If someone visits the Amazon website and clicks on a product such as a TV, third-party trackers will collect and analyze the information about that user and their activity on Amazon. Then, if that user leaves Amazon and accesses a different website, such as CNN, the user could be shown an ad for that exact same product or something similar.

The way it works is that both Amazon and CNN load a piece of code from an ad server, like the ones provided by ad.doubleclick.net. When the user navigates to either website, the piece of code loaded from ad.doubleclick.net is from a different domain than the URL in the user’s browser, so the cookies set in ad.doubleclick.net are considered third-party cookies.

Cookies can be set and read by the web server or by a piece of JavaScript running on the website.

Third-party cookies collect the following relevant data in particular:

·      Personal data such as age, gender, and location, if readable

·      The website from where the cookie was generated

·      Subpages visited on the visited website

·      Time spent on the page and its subpages

If this data is collected across websites, an individual user profile can be created that enables personal advertising. Online marketing uses third-party cookies for targeting, tracking, and retracking.

WHY THE THIRD-PARTY COOKIES ARE SO CONTROVERSIAL?

Third party cookies have been demonized for the last few years, as they are a heavy intrusion in the user’s privacy.

The data from third-party cookies is often inferred data, which is based on past user behavior and not on information that has been explicitly provided by the user. Third-party cookies can collect detailed behavioral profiles of users such as interests, patterns of browsing activities, hobbies, or preferences, but it will not collect personal data such as your name, bank information, etc.

Is that illegal? Not necessarily. When you enter a website, Visiting a website implies that you accept the cookies running on that website. That’s also part of the deal of the internet being mostly free. Remember the famous phrase, “there’s no such thing as a free lunch”? Cookies are a perfect example of it.

However, with recent controversies, websites are now required to add a banner or pop-up window explaining that cookies are on the website and to request your permission to  accept them while browsing. These enforcements have been pushed by two recent laws: the General Data Protection Regulation (GDPR), which is a European rule, and The California Consumer Privacy Act (CCPA). These laws are applicable to any website being browsed from Europe or California, and also require websites to provide the list of which ad servers are running third-party cookies on their website. That’s where you can see that the list is long. Very, very long…

As most of you know, many websites, especially those providing free information or content, depend on advertising to maintain operations. Many of these sites don't have the technical and business technology to set up their own advertiser accounts and serve their own ads. As a result, they rely on other websites, third party advertisement serving companies, to recruit advertisers and serve those ads on publisher's sites. This arrangement allows websites to focus on what they do best and save time and money. So basically, these websites make some space on their pages available for advertising, and use these advertising serving companies to rent it, just like a realtor. And this “realtor”, which in this case is the third party advertisement serving company, had a history of “houses”, or sites, you’ve already visited in the past, with a data analysis of which “houses” you “liked” or didn’t, based on arbitrary criteria, like if you clicked on it or not, and so will only show you “houses” that match these specifics.

The web browsers are also a big part of the eco-system. Let’s remember that the cookies are stored in the web browser, so they are fundamental in maintaining this. Google Chrome is the most used web browser worldwide at the moment, with a gigantic 66% market share. Google has announced plans to stop using tracking cookies on its Chrome browser by 2022, replacing them with a group profiling system in a move the company says will plot “a course towards a more privacy-friendly web”. The only problem? Google has mixed motivations as they are the biggest ad server in the world. By restricting third-party advertising services on Chrome, Google may be set to benefit by stifling competition.  A recent Epsilon study found that most marketers (62%) believe the changes won’t help consumers’ control of personal data.

HOW DO WE TRANSITION TO A NEW MODEL?

The uprise of privacy concerns may mark the end of third-party cookies at some point in time. That will cause a storm in the digital advertising world, since about 80% of advertisers rely on third-party cookies. So how will the digital advertising world move forward after that?

·      Better leverage your first-party data

o   Every business has and continues to collect first party data across multiple sources. The pandemic has accelerated the growth in online shopping, so now is the perfect time to turn those newly ‘rented’ audiences from third party platforms into first party audiences. First party data is becoming the most valuable asset digital marketers have in their toolkit and is more critical now than ever. Email will also return to the forefront of marketing strategies all around the world.

·      Make Contextual Marketing Great Again!

o   Contextual targeting is a form of personalized advertising that enables Google ads to appear on relevant sites. To get started, input keywords or topics, and set your campaign to show ads on the Display Network. Google will then analyze the content on a website and match that against your ad using keywords, topics, language, and location. This technique has no need of third-party data and is based on pure context of keywords and relevant websites.

·      Diversification in the compensation?

o   Browsers like Brave compensate internet users for watching ads. Brave Ads is an opt-in advertising platform that rewards you to view non-invasive ads without compromising your privacy. In exchange for paying attention, you earn 70% of the ad revenue that Brave receives. Other content-creation sites have built-in tipping options. This might be another future model.

Apple’s App Tracking Transparency is the result of people requesting the ability to block third party cookies and avoid targeted advertisements. The majority of people may not completely understand the extent and limits of the information contained in a cookie, nor how it works, but they have had enough of “Big Brother” and would like to recover a sense of privacy. The question is: would you rather have as many ads, but less personalization? At least with cookies, you get information on the products you’re actually interested in, instead of random products.

Despite their utility, cookies have gotten a bad reputation and marketers need to find solutions to work without them. Will marketing be better in a world without third-party cookies? Only time will tell…

A the Consultancy Group article, written by Alessandro Di Benedetto