How increased data breach concerns have led to the death of cookie tracking

By |

The internet’s “Wild West” days are over, and with that comes the demise of cookie tracking.

The once unregulated, free-wheeling dynamo called cyberspace is slowly being tamed by consumer privacy and data-security regulations and technologies. As the digital economy has boomed and data capture has become pervasive, an increasing number of major data breaches, data-selling controversies, and general data-privacy ethical conundrums have been dragged into the light. 

The implementation of the Global Data Protection Regulation (GDPR) in the European Union (EU) and the California Consumer Privacy Act (CCPA) represent a global backlash to what many view as a dangerous data free-for-all that has a broad threat matrix. 

Third-party tracking cookies used by companies to track consumer behavior for the past 25 years are the latest data capture mechanism under scrutiny and regulatory pressure, much to the dismay of companies that rely on big data availability to place digital ads, market their products or services, and drive sales. 

What’s the cold, hard truth behind the death of tracking cookies and this increased pressure for more effective data security measures?

People in the United States and abroad simply no longer trust businesses and governments with their data.

The Pew Research Center states that approximately 50 percent of Americans do not trust social media sites and government entities when it comes to keeping their data safe. This should come as no surprise given that Pew also cites that approximately 64 percent of Americans have experienced a data security breach. 

According to the Chicago Tribune, the social security numbers, birth dates, and home addresses of approximately 143 million people, or nearly half of the U.S. population, were exposed during the Equifax hack in the summer of 2017. 

This growing global distrust is motivating (or maybe compelling is a better word) major U.S. companies like Apple, Firefox, Google, and others to take action. 

Apple’s Intelligent Tracking Prevention (ITP) on Safari and Firefox’s Enhanced Tracking Protection (ETP) now automatically block third-party cookies. And Google Chrome recently announced that it will use a “privacy sandbox” that will still allow targeted ads but with enhanced consumer data privacy measures. 

As companies react to this backlash and attempt to find ways to preserve tracking cookies to protect ad revenues, browser-level blocking and other third-party ad-blocking apps continue to become more pervasive. 

Technology columnist Geoffrey Fowler did a deep dive into how his data was being tracked by Google and Firefox and found that “Firefox isn’t perfect — it still defaults searches to Google and permits some other tracking, but it doesn’t share browsing data with Mozilla, which isn’t in the data-collection business.” What’s more, Fowler discovered “11,189 requests for tracker ‘cookies’ that Chrome would have ushered right onto my computer but were automatically blocked by Firefox.” 

That’s more than 11,000 cookies blocked by Firefox, which would certainly impact ad revenue generation as this type of cookie-blocking becomes more pronounced.

Clearly, Google and companies like it that rely heavily on targeted ad revenue are in a tough spot. On the one hand, their customers are calling for increased data protection. But regulating and blocking tracking cookies is anathema to their business models. 

In a recent blog post, Chetna Bindra, senior product manager, user trust and privacy at Google, wrote, “Traffic for which there was no cookie present yielded an average of 52 percent less revenue for the publisher than traffic for which there was a cookie present. Lower revenue for traffic without a cookie was consistent for publishers across verticals — and was especially notable for publishers in the news vertical. For the news publishers in the studied group, traffic for which there was no cookie present yielded an average of 62 percent less revenue than traffic for which there was a cookie present.”

Companies that rely on targeted advertising must rebuild public trust by creating innovative data privacy measures that can achieve stronger data protection while sheltering their essential ad revenues. Rebuilding this trust, protecting their revenue lifelines, and navigating increasingly complex and burdensome regulations like GDPR and CCPA is a very tough row for big data-reliant companies to hoe. 

Apple, With the Knife, In the Kitchen: The First Clue of Cookie-Death

Whether true or not, it seems that Google’s efforts to rein in tracking cookies was done reluctantly and caused by pressure from Apple, Mozilla, and public outcry for increased data privacy measures. Google Chrome’s recent efforts to block tracking cookies while protecting ad revenue came on the heels of Apple and Mozilla’s decision to build in default cookie-blocking technology. Many industry experts felt that Google was slow to react to growing data privacy concerns in the market. 

Apple began the tracking cookie death spiral when it exterminated Adobe Flash by banning it from their iPhones due to data security concerns partially driven by tracking cookies. Adobe Flash is set to be pulled off the market in 2020 after a long and terrible history as a security nightmare. 

As tracking cookie conglomerates exploited digital loopholes, Apple and Mozilla have evolved to close them, creating ITP and ETP respectively. Both Apple’s ITP and Firefox’s ETP, are designed to counteract data tracking efforts by companies, and specifically to thwart the efforts of Google and Facebook to get around these tracking cookie blockers.

Apple’s Intelligent Tracking Prevention, or ITP, was built into its Safari browser to block third-party cookies used by Google and Facebook to track people’s behaviors as they carry these cookies along their browsing journeys. As third-party cookies and ad tech companies found loopholes, Apple has updated ITP to counter these data privacy threats, reducing the lifespan of cookies from seven days to its most recent update that kills cookies within 24 hours. 

Firefox’s Enhanced Tracking Protection, or ETP, was recently made part of the browser’s default settings. Similar to ITP, which is largely regulated to the IOS platform, ETP is, as Firefox product lead Peter Dolanjski explained it when ETF was launched: "In user-speak that means ads won't follow you around online. The research is pretty clear that users are genuinely creeped out and feel invaded by the pervasive tracking that happens by behavioral targeted advertising. This essentially blocks the majority of that from happening." 

Apple and Mozilla have seemingly dragged a reluctant Google into a new focus on data privacy and regulating tracking cookies. 

It’s important to remember that Apple, unlike Google, is not reliant on digital ad revenue. Privacy is a major differentiator for the company, as evidenced by its adopting of ITP and its very public resistance to sharing private data with the government. Mozilla Firefox also has positioned itself as a data security-first platform. 

Whether companies like it or not, a data privacy first approach will become critical to survival. For companies in the EU, or U.S. companies that do business with EU partners, this is no longer a choice; GDPR has forced this change on them. How they react and move forward — and whether these efforts to improve data security are genuine — will be interesting to watch. 

There are many skeptics of Google’s so called “privacy sandbox.” Regardless, companies like Google will have to innovate to survive the ongoing data privacy wave.

ITP, ETP, GDPR, CCPA, and Google Chromes’ more recent data “sandbox” efforts are signs of corporate and government reactions to recent data scandals and public outcry for enhanced data protection measures. 

What Impact Will Greater Data Regulation Have on Digital Advertising?

It’s difficult to say with any certainty. 

How Google continues to handle the death of tracking cookies will very likely play a key role in shaping the digital advertising ecosystem of the future. For now, Google is playing a careful game of cat and mouse, walking a tightrope between greater privacy and ad revenue protection.

Erik T. Bradlow, a marketing professor at the University of Pennsylvania’s Wharton Business School, framed the challenge this way: “Firms will have to think more carefully about the data they collect. Certain kinds will become more popular or relevant. It’s not that firms will find ways around what’s legal. But they will find legal and appropriate data to collect that they hope will allow them to do targeted advertising.” 

For many companies, returning to “old school” tactics to better target ads might be the best solution. Detoxing from the cookie addiction might be painful, but it’s not impossible. Here are some tips for keeping ads effective in a highly regulated data environment:

  • A Return to Keywords. Keyword-driven marketing and advertising had taken a back seat to behavioral, cookie-driven ads. Now, a return to what’s sometimes called contextual advertising might be a good move. Basically, ads using keyword targeting base the ads a person sees based on what they are actively searching for rather than on broader behavioral patterns. Creating and distributing the right content will remain important to drive ad revenues.
  • People-Based Targeting. This approach targets people rather than devices. The goal is to create holistic customer profiles based on behavioral patterns and allows companies to target customers across devices and channels in real time. It’s important to note that this approach is not driven by tracking cookies, but rather the collection and analysis of firsthand interactions with a company’s brand like website visits, the contents of a consumer’s shopping cart, and other data-collection inflection points. There are three key elements to people-based targeting, which was ironically (in the context of this article) created by Facebook:
    • Identification: Companies need to identify their customers and connect them to their devices, all the while tracking their behaviors across all devices to create a complete picture of their interaction with your brand. This empowers more accurate and powerful marketing.
    • Data: By leading with identifying customers first, then connecting them with their devices, companies can better and more efficiently utilize the data generated by these brand interactions. 
    • Automation: Since this approach is not driven by cookies generated on a single device, automated marketing is more effective, as the data driving marketing is attributed to a single, cohesive source. 
  • First-Party Data Collection. Gathering data directly from your clients and consumers will be a must. Mining, analyzing, and deploying information in your marketing and advertising from call centers, customer service interactions, and any other direct contact sources will be essential to success in this post-tracking cookie era.

What government officials and CEOs across the globe are realizing is this: Their  constituents and consumers are becoming increasingly concerned about data privacy. 

Companies and government officials that do not listen to this cry for increased data security are risking great damage to their corporate and personal brands. Some companies like Apple and Firefox have been out front of the data privacy battle, but it’s just a cold, stark reality that governments and corporations are spurred to act when votes or profits are at risk. 

This is reality and we can see it playing out in the battle between the call for greater data privacy, the need for corporations to drive economic growth, and the impact poor economic performance can have on entire governments and the electability of public officials.    

How governments and companies navigate this slippery slope is a great unknown. The tug-of-war between bigger profits and more comprehensive data privacy regulations will continue to reshape the social and economic landscape into the foreseeable future. 

In the movie Moneyball, Oakland Athletics general manager Billy Beane (played by Brad Pitt) tells his old-school, major league baseball scouts to “Adapt or die” to the new sabermetric, data-driven approach to building winning baseball teams. 

Companies that generate revenue from targeted, tracking-cookie ads should take Beane’s advice to heart. Adapt or else.

Connect with Illumine8