It’s not just the California Consumer Privacy Act (CCPA) and similar data regulations that impact marketers today. It’s also browser changes made to appease consumers’ privacy concerns and abide by their preferences — including and especially Apple ITP.
What is Apple ITP? And how does it affect both companies and consumers?
Simply put, ITP stands for “Intelligent Tracking Prevention.”
It’s implemented by Webkit — the open source platform that powers Safari. ITP 1.0 came out in 2017 and aimed to protect customer privacy and reduce cross-site tracking by further limiting Safari cookies and other site data:
- As a workaround, companies like Facebook and Google created a way to set first-party cookies to act like third-party cookies through link decoration. These cookies allowed companies to continue cross-site tracking with persistent first-party cookies.
- In reaction, Apple ITP 2.0 came out with additional changes and, by ITP 2.1, limited these client-side first-party cookies that allowed for cross-site tracking to seven days.
- With the most recent ITP update, ITP 2.2, client-side first-party cookies set that come from known trackers with query string (for example, the utm_ parameters used by Google or Facebook) now have an expiration cap of 24 hours.
While a small percentage of web traffic comes Safari — 16% across desktop and mobile — if and when Chrome implements similar tracking prevention protocols, there will be a significant impact to your marketing metrics and the way you handle data.
Meanwhile, Mozilla Firefox has already implemented enhanced tracking prevention for cross-site tracking with first-party cookies, and Google Chrome isn’t far behind.
Apple ITP’s primary purpose today: Bolster consumer privacy and security
Anti-tracking protocols were created to protect customer. Most don’t understand how cookies work — and have no idea there are persistent cookies (that previously lasted up to two years) that would continue to track their on-site behavior.
Third-party cookies also exposed sensitive user data.
New anti-tracking measures like ITP are meant to protect customers and give them (back) control over their data. Here’s what Firefox had to say about these measures:
- “This is about more than protecting users — it’s about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make.”
That’s not to say Apple ITP is the perfect solution.
For instance, Intelligent Tracking Prevention could mistakenly classify a domain as one with cross-site tracking ability when, in fact, it doesn’t. Or ITP might force limits on data collected from across your own brands if you’re a multi-brand company.
In this case, a customer might actually want a business to know how they are shopping across brands so they can get better product recommendations or more useful information.
In fact, Webkit specifically mentions there are some unintended consequences of ITP, including limits to marketing attribution, inflated unique-visit counts, and more.
What’s the impact of Apple ITP on marketers and growth-focused teams?
Depending on your own business and how your domains are set up, the answer to this will vary. But generally, marketers should expect to see:
- An inflated number of unique visitors. First-party cookies that act in “a third-party context,” such as those implemented by Facebook and Google, will be deleted after 24 hours for Safari users. If a customer doesn’t visit and interact with a website that has this dropped this cookie within 24 hours, that cookie is cleared. If they visit again on Day 3, they will get a new cookie — hence, they’ll be counted as two unique visitors.
- Businesses face new challenges with marketing attribution, as ITP 2.2 locks down on link decoration. Companies will face new challenges when it comes to measuring marketing & advertising effectiveness via multi-touch attribution. And publishers, specifically, will face new challenges when trying to serve more relevant ads and prove the value of their inventory to advertisers.
- With privacy at the forefront, there are limitations to offsite retargeting due to third-party cookie limitations across all three major browsers: Safari, Chrome, and Firefox. This makes retargeting and delivering personalized ads less relevant. Publishers also face a specific flavor of this consequence: they won’t be able to use dynamic paywalls if their cookies aren’t properly set up.
- Facebook and Twitter have already eliminated third-party data from their platform for the purposes of ad targeting. Additionally, DMPs that have always relied on third-party cookies to create audiences. For the purposes of programmatic ad targeting, marketers will now have even greater restrictions on their ability to do so.
It wasn’t too long ago that ad-blocking seemed like the biggest barrier for marketers (and businesses at large) in terms of better understanding their customers.
As Gartner Senior Director Analyst Lizzie Foo Kune put it:
- “Although attention and hysteria surrounding ad blocking have faded over the past two years, the underlying issues are still very much unresolved. These underlying issues continue to be motivated by trends related to privacy, regulation and copyright law.”
Marketing professionals should focus on solving the underlying problem: How do they earn customer trust and deliver value in exchange for these data?
Developers have created numerous technical workarounds that allow them to operate as they did before, but the fact is, the landscape is changing. Around two-thirds of internet users say that “misusing personal data has led them to distrust the tech industry.”
The best way to defend your company’s marketing tactics is by aligning to ITP’s core purpose: Gather consent from customer and build authenticated identity.
Rethinking data and CX with a brand new customer engagement model
Businesses that will win in the era of consumer data privacy are ones that use consented, authenticated customer identity at the core of their operating model.
To do this, companies need an overarching customer identity management strategy that consists of both back-end and front-end processes and tech to handle customer data.
There are two components to creating this model: customer data and customer experience.
Your company’s priorities will determine from which end you’ll approach this new initiative. But you can’t have customer data without a good cCX, and you can’t have a good CX without building out the right processes to capture customer data.
Gathering customer data requires a concerted effort from both IT and marketing.
First, understand how, where, and why you are collecting customer data. Are you collecting data for a purpose that provides value to the customer? For example, if you collect product preferences, are you also alerting them when similar products go on sale?
Next, check data hygiene. Storing data you think is associated with a customer but actually isn’t could lead to misplaced personalization.
If a store associate, for example, asks for your email address but accidentally types in email@example.com instead of firstname.lastname@example.org, you would still expect to get your emailed receipt and for the business to know that you’ve made a purchase.
You might already have email@example.com in your email database — and you need to attach this order data to their customer record.
Without a process in place to ensure high-quality data hygiene, you wouldn’t be able to match the two emails — and recognize Jane Doe as the same person.
Lastly, businesses need a mechanism to store data at an individual level, have a historical view of that data, and continue to add data as a customer continues interacting with you.
A customer profile in a CDP is built to be persistent, update in real time, and be available for marketers to use (see: activate) whenever and wherever they need.
The flip side of this coin is customer experience.
Apple ITP and other privacy regulations require you to gather consent from customers. Specifically, this means asking whether you can collect their data — and depending on privacy laws (i.e., GDPR), having to explicitly state a purpose for why you’re collecting data.
Without tracking cookies, you need a customer to proactively and willingly identify themselves as quickly as possible when they hit your website.
To entice them to do so, you need to build front-end experiences that asks users to authenticate themselves (log in) in exchange for things like personalized and individualized experiences and offers and access to exclusive content or products.
The key is to provide value in exchange for ID’ing themselves that allows you to gather data in a transparent way which builds customer trust and design better experiences.
Based on the work you’ve done on the back end, marketing (and other growth teams) can use the data from unified profiles to deliver personalized experiences on the front end with on-site personalization, targeted email campaigns, and more.
Enabling a new customer engagement approach with a pure-play CDP
Built-for-purpose CDPs like BlueConic enable businesses to make this shift into using authenticated and consented data. Companies have to alter how they use data because:
- Anonymous data for targeting is limiting
- Proxies for identifiers are no longer enough for segmentation and activation
- Channel-specific personalization isn’t enough
- Implicit consent isn’t enough to build customer trust
- Third-party data is less reliable for segmentation and activation
Apple ITP is a major measure intended to give data control back to consumers.
But if you adjust your customer engagement model accordingly — that is, invest in a CDP and prioritize first-party cookies and data — you can thrive in the new marketing landscape.
Watch our webinar to learn how to overcome business hurdles like Apple ITP and the end of third-party cookies and accelerate your marketing with first-party data.