First off, what is ITP exactly?
ITP stands for “Intelligent Tracking Prevention,” and it’s implemented by Webkit — the open source platform that powers Safari. ITP 1.0 came out in 2017 and aimed to protect customer privacy and reduce cross-site tracking by further limiting Safari cookies and other website data:
- As a workaround, companies like Facebook and Google created a way to set first-party cookies to act like third-party cookies through link decoration. These cookies allowed companies to continue cross-site tracking with persistent first-party cookies.
- In reaction to those changes, ITP 2.0 came out with additional changes and, by ITP 2.1, limited these client-side first-party cookies that allowed for cross-site tracking to seven days.
With the most recent ITP update, ITP 2.2, client-side first-party cookies set that come from known trackers with query string (for example, the utm_ parameters used by Google or Facebook) now have an expiration cap of 24 hours.
While a small percentage of web traffic comes Safari — 16% across desktop and mobile — if and when Chrome implements similar tracking prevention protocols, there will be a significant impact to your marketing metrics and the way you handle data.
Firefox has already implemented enhanced tracking prevention for cross-site tracking with first-party cookies, and Chrome isn’t far behind.
Anti-tracking’s purpose? Bolster privacy and security
Anti-track protocols were created to protect customer. Most don’t understand how cookies work — and have no idea that there are persistent cookies (that lasted up to two years) that would continue to track their on-site behavior. Third-party cookies also exposed sensitive user data.
Anti-tracking measures are meant to protect customers and give them control over their own data.
“This is about more than protecting users — it’s about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make.” — Firefox
That’s not to say, however, that ITP is the perfect solution.
For instance, ITP could mistakenly classify a domain as one with cross-site tracking ability when, in fact, it doesn’t. Or ITP might force limits on data collected from across your own brands if you’re a multi-brand company. In this case, for example, a customer might actually want a brand to know how they are shopping across brands so they can get better product recommendations or more useful information.
In fact, Webkit specifically mentions that there are some unintended consequences of ITP including limits to marketing attribution, inflated number of unique visits, and more.
What’s the impact of Apple ITP on marketing teams today?
Depending on your own business and how your domains are set up, the answer to this will vary. But generally, marketers should expect to see:
- An inflated number of unique visitors. First-party cookies that act in “a third-party context,” such as those implemented by Facebook and Google, will be deleted after 24 hours for Safari users. If a customer doesn’t visit and interact with a website that has this dropped this cookie within 24 hours, that cookie is cleared. If they visit again on Day 3, they will get a new cookie — hence, they’ll be counted as two unique visitors.
- Brands face new challenges with marketing attribution, as ITP 2.2 locks down on link decoration. Brands will face new challenges when it comes to measuring marketing & advertising effectiveness via multi-touch attribution. And publishers, specifically, will face new challenges when trying to serve more relevant ads and prove the value of their inventory to advertisers.
- With privacy at the forefront, there are limitations to offsite retargeting due to third-party cookie limitations across all three major browsers: Safari, Chrome, and Firefox. This makes retargeting and delivering personalized ads less relevant. Publishers also face a specific flavor of this consequence: they won’t be able to use dynamic paywalls if their cookies aren’t properly set up.
- Facebook and Twitter have already eliminated third-party data from their platform for the purposes of ad targeting. Additionally, DMPs that have always relied on third-party cookies to create audiences. For the purposes of programmatic ad targeting, marketers will now have even greater restrictions on their ability to do so.
How to combat ITP and other upcoming browser changes
It wasn’t too long ago that ad-blocking seemed like the biggest barrier to understanding customers.
As Gartner Senior Director Analyst Lizzie Foo Kune put it, “Although attention and hysteria surrounding ad blocking have faded over the past two years, the underlying issues are still very much unresolved. These underlying issues continue to be motivated by trends related to privacy, regulation and copyright law.”
Marketers should focus on solving the underlying problem: How do they earn customer trust and deliver value in exchange for these data?
Developers have created numerous technical workarounds that allow them to operate as they did before, but the fact is, the landscape is changing. Around two-thirds of internet users say that “misusing personal data has led them to distrust the tech industry.”
The best way to defend your brand’s marketing tactics is by aligning to ITP’s core purpose: Gather consent from customer and build authenticated identity.
Rethink data and CX in your customer engagement model
Brands that will win in the era of data privacy are ones that use consented, authenticated customer identity at the core of their operating model.
To do this, brands will require an overarching customer identity management strategy that consists of both backend and frontend processes and technology to handle customer data.
There are two components to creating the new operating model: customer data and customer experience.
Your brand’s priorities will determine from which end you’ll approach this new initiative — but you can’t have customer data without a good customer experience, and you can’t have a good customer experience without building out the right processes to capture customer data.
Gathering customer data requires a concerted effort from both IT and marketing.
First, understand how, where, and why you are collecting customer data. Are you collecting data for a purpose that provides value to the customer? For example, if you collect product preferences, are you also alerting them when similar products go on sale?
Next, check data hygiene. Storing data you think is associated with a customer but actually isn’t could lead to misplaced personalization.
If a store associate, for example, asks for your email address but accidentally types in firstname.lastname@example.org instead of email@example.com, you would still expect to get your emailed receipt and for the brand to know that you’ve made a purchase. You might already have firstname.lastname@example.org in your email database — and you need to attach this order data to their customer record.
Without data hygiene, you wouldn’t be able to match the two emails – and recognize Jane Doe as the same person.
Lastly, brands need a mechanism to store data at an individual level, have a historical view of that data, and continue to add data as a customer continues interacting with your brand.
A customer profile in a CDP is built to be persistent, update in real-time, and be available for marketers to use.
The flip side of this coin is customer experience.
Apple ITP and other privacy regulation require you to gather consent from customers. Specifically, this means asking whether you can collect their data — and depending on privacy regulations (i.e., GDPR), having to explicitly state a purpose for why you’re collecting data.
Without tracking cookies, you need a customer to identify themselves as quickly as possible when they hit your site.
Build front-end experiences to ask users to authenticate (log in) in exchange for personalized experiences, exclusive content, or access to products. The key is to provide value in exchange for identifying themselves — that allows you to gather data in a transparent way which builds customer trust and helps you design better experiences for customers.
Based on the work you’ve done on the back end, brands can use the data from unified profiles to deliver personalized experiences on the frontend with on-site personalization, targeted email campaigns, and more.
Enable a new customer engagement model with CDPs
Built-for-purpose CDPs like BlueConic enable brands to make this shift into using authenticated and consented data. Brands have to make shifts in how they use data because:
- Anonymous data for targeting is limiting
- Proxies for identifiers (instead of true identity) are no longer enough for segmentation and activation
- Channel-specific personalization isn’t enough
- Implicit consent isn’t enough to build customer trust
- Third-party data is less reliable for segmentation and activation
To learn more about how to build a new customer engagement model and overcome the above hurdles, check out our recent webinar, in which we walk through what it takes to put identity at the center of your operating model and the shifts a brand has to make to keep up.