How Apple ITP Impacts Marketing

Privacy & Consent Management|8 Minute Read

How Apple ITP Impacts Marketing

It’s not just the California Consumer Privacy Act (CCPA) and similar data regulations that impact marketers today. It’s also browser changes made to appease consumers’ privacy concerns and abide by their preferences — including and especially Apple ITP.

What is Apple ITP, exactly?

ITP stands for “Intelligent Tracking Prevention.” It’s implemented by Webkit — the open source platform that powers Safari. ITP 1.0 came out in 2017 and aimed to protect customer privacy and reduce cross-site tracking by further limiting Safari cookies and other site data:

  • As a workaround, companies like Facebook and Google created a way to set first-party cookies to act like third-party cookies through link decoration. These cookies allowed companies to continue cross-site tracking with persistent first-party cookies.
  • In reaction, Apple ITP 2.0 came out with additional changes and, by ITP 2.1, limited these client-side first-party cookies that allowed for cross-site tracking to seven days.
    With the most recent ITP update, ITP 2.2, client-side first-party cookies set that come from known trackers with query string (for example, the utm_ parameters used by Google or Facebook) now have an expiration cap of 24 hours.

While a small percentage of web traffic comes Safari — 16% across desktop and mobile — if and when Chrome implements similar tracking prevention protocols, there will be a significant impact to your marketing metrics and the way you handle data.

Meanwhile, Firefox has already implemented enhanced tracking prevention for cross-site tracking with first-party cookies, and Chrome isn’t far behind.

Anti-tracking’s main purpose? Bolster consumer privacy and security

Anti-track protocols were created to protect customer. Most don’t understand how cookies work — and have no idea that there are persistent cookies (that lasted up to two years) that would continue to track their on-site behavior. Third-party cookies also exposed sensitive user data.

Anti-tracking measures are meant to protect customers and give them control over data. Here’s what Firefox had to say about these measures:

This is about more than protecting users — it’s about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make.”

That’s not to say, however, that ITP is the perfect solution.

For instance, ITP could mistakenly classify a domain as one with cross-site tracking ability when, in fact, it doesn’t. Or ITP might force limits on data collected from across your own brands if you’re a multi-brand company. In this case, for example, a customer might actually want a brand to know how they are shopping across brands so they can get better product recommendations or more useful information.

In fact, Webkit specifically mentions that there are some unintended consequences of ITP including limits to marketing attribution, inflated number of unique visits, and more.

What’s the impact of Apple ITP on marketing professionals today?

Depending on your own business and how your domains are set up, the answer to this will vary. But generally, marketers should expect to see:

  • An inflated number of unique visitors. First-party cookies that act in “a third-party context,” such as those implemented by Facebook and Google, will be deleted after 24 hours for Safari users. If a customer doesn’t visit and interact with a website that has this dropped this cookie within 24 hours, that cookie is cleared. If they visit again on Day 3, they will get a new cookie — hence, they’ll be counted as two unique visitors.
  • Brands face new challenges with marketing attribution, as ITP 2.2 locks down on link decoration. Brands will face new challenges when it comes to measuring marketing & advertising effectiveness via multi-touch attribution. And publishers, specifically, will face new challenges when trying to serve more relevant ads and prove the value of their inventory to advertisers.
  • With privacy at the forefront, there are limitations to offsite retargeting due to third-party cookie limitations across all three major browsers: Safari, Chrome, and Firefox. This makes retargeting and delivering personalized ads less relevant. Publishers also face a specific flavor of this consequence: they won’t be able to use dynamic paywalls if their cookies aren’t properly set up.
  • Facebook and Twitter have already eliminated third-party data from their platform for the purposes of ad targeting. Additionally, DMPs that have always relied on third-party cookies to create audiences. For the purposes of programmatic ad targeting, marketers will now have even greater restrictions on their ability to do so.

ITP Impact on Marketing

How to combat Apple ITP and other upcoming browser privacy changes

It wasn’t too long ago that ad-blocking seemed like the biggest barrier for brands in terms of better understanding their customers.

As Gartner Senior Director Analyst Lizzie Foo Kune put it, “Although attention and hysteria surrounding ad blocking have faded over the past two years, the underlying issues are still very much unresolved. These underlying issues continue to be motivated by trends related to privacy, regulation and copyright law.”

Marketers should focus on solving the underlying problem: How do they earn customer trust and deliver value in exchange for these data?

Developers have created numerous technical workarounds that allow them to operate as they did before, but the fact is, the landscape is changing. Around two-thirds of internet users say that “misusing personal data has led them to distrust the tech industry.”

The best way to defend your brand’s marketing tactics is by aligning to ITP’s core purpose: Gather consent from customer and build authenticated identity.

Rethink data and CX with a brand new customer engagement model

Brands that will win in the era of data privacy are ones that use consented, authenticated customer identity at the core of their operating model.

To do this, brands need an overarching customer identity management strategy that consists of both back-end and front-end processes and tech to handle customer data.

new customer engagement model

There are two components to creating this new model: customer data and customer experience.

Your brand’s priorities will determine from which end you’ll approach this new initiative — but you can’t have customer data without a good customer experience, and you can’t have a good CX without building out the right processes to capture customer data.

Customer data

Gathering customer data requires a concerted effort from both IT and marketing.

First, understand how, where, and why you are collecting customer data. Are you collecting data for a purpose that provides value to the customer? For example, if you collect product preferences, are you also alerting them when similar products go on sale?

Next, check data hygiene. Storing data you think is associated with a customer but actually isn’t could lead to misplaced personalization.

If a store associate, for example, asks for your email address but accidentally types in instead of, you would still expect to get your emailed receipt and for the brand to know that you’ve made a purchase. You might already have in your email database — and you need to attach this order data to their customer record.

Without data hygiene, you wouldn’t be able to match the two emails – and recognize Jane Doe as the same person.

Lastly, brands need a mechanism to store data at an individual level, have a historical view of that data, and continue to add data as a customer continues interacting with your brand.

A customer profile in a CDP is built to be persistent, update in real time, and be available for marketers to use (see: activate) whenever and wherever they need.

Customer experience

The flip side of this coin is customer experience.

Apple ITP and other privacy regulations require you to gather consent from customers. Specifically, this means asking whether you can collect their data — and depending on privacy laws (i.e., GDPR), having to explicitly state a purpose for why you’re collecting data.

Without tracking cookies, you need a customer to proactively and willingly identify themselves as quickly as possible when they hit your website.

To entice them to do so, you need to build front-end experiences that asks users to authenticate themselves (log in) in exchange for things like personalized and individualized experiences and offers and access to exclusive content or products.

The key is to provide value in exchange for identifying themselves — that allows you to gather data in a transparent way which builds customer trust and helps you design better experiences for customers.

Based on the work you’ve done on the back end, brands can use the data from unified profiles to deliver personalized experiences on the frontend with on-site personalization, targeted email campaigns, and more.

Enable a new customer engagement model with a customer data platform

Built-for-purpose CDPs like BlueConic enable brands to make this shift into using authenticated and consented data. Brands have to alter how they use data because:

  • Anonymous data for targeting is limiting
  • Proxies for identifiers are no longer enough for segmentation and activation
  • Channel-specific personalization isn’t enough
  • Implicit consent isn’t enough to build customer trust
  • Third-party data is less reliable for segmentation and activation

Watch our webinar to learn how to overcome business hurdles like Apple ITP and the end of third-party cookies and accelerate your marketing with first-party data.

third-party cookies

See what BlueConic can do for you.

Whether you’re looking for operational efficiencies or improved marketing effectiveness through data activation, our customer data platform can help.