What is Tracking Prevention?
Browser vendors, in particular the Apple Safari browser, are increasingly adding features to prevent third parties from tracking visitors when they visit a website. Although this tracking prevention is primarily focused on AdTech vendors, it potentially impacts any technology that collects data about customers or prospects on your website.
The major browsers have various names for tracking protection:
- Apple Safari: Intelligent Tracking Prevention (ITP)
- Mozilla Firefox: Content Blocking
- Microsoft IE/Edge: Tracking Protection / Prevention
- Google Chrome: TBD
This FAQ focuses mostly on ITP.
What is ITP (Intelligent Tracking Prevention)?
Apple announced a new version of Intelligent Tracking Prevention (ITP) in February 2019. In previous versions, third-party cookies were already disabled by default. ITP 2.1 impacts client-side cookies as well, by deleting them after 7 days. With the ITP update, ITP 2.2, client-side first-party cookies that come from known trackers with querystring (for example, the utm_ parameters used by Google or Facebook) now have an expiration cap of 24 hours. ITP 2.3 further tightened rules for link decoration.
To understand the impact of this, let's unpack this by exploring the various cookie types relevant here:
- First-party server-side cookies are set and read server-side through the HTTP connection of the site a visitor is visiting.
- Third-party server-side cookies are also set and read server-side through an HTTP connection, but they are set because the original page references a third party (for example, to read an image or JavaScript from a third-party site) which triggers that HTTP request.
- Browser or client-side cookies are set through JavaScript in the browser and belong to the domain of the visited page.
Apple already blocked third-party, server-side cookies by default. This means that visitors cannot be tracked across different domains on the Internet. Apple made an additional change so that client-side cookies only work for 7 days; this means that if a visitor doesn't come back within 7 days, those cookies are removed.
What is link decoration?
Apple introduced link decoration limits in ITP 2.2. Link decoration is the practice of adding parameters such as UTM codes to a URL. Apple limits this by checking if a user comes from a known tracker website (such as Facebook, Google, or ad networks) to another website and there are additional parameters (like UTM codes); in this case, the first-party cookie is capped even lower, to 1 day. This isn’t an issue for BlueConic users, since it is primarily targeted at visitors clicking on an ad—for example, an ad on Facebook to your own website. BlueConic runs only on your own website.
With these changes, which types of traffic are impacted?
The majority of your visitors are tracked as usual. If you have the following types of traffic on your websites, you might see some impact:
- If you have a lot of visitors using Safari, either from laptops or from iPhones and iPads, combined with infrequent visits that are longer than 7 days apart on average and have multiple subdomains.
- If you have a lot of Firefox or Safari visitors and multiple domains.
How are my customer profiles impacted by ITP?
Some visitors might be represented in BlueConic by multiple profiles instead of just one. Depending on your setup and usage of BlueConic, this could lead to inflated ‘unique visitor’ counts for views, clicks, or conversions because ‘unique’ statistics are not based on the total number of views, clicks, or conversions, but are based on the number of unique profiles.
Other parts of BlueConic are not impacted. Most BlueConic Connections do not work with anonymous profiles but with identifiable profiles (meaning there is at least one additional ID such as an email address or subscriber number, in addition to the BlueConic-generated ID). Insights and dialogues will continue working as before.
How does the First-Party Hostname Console in BlueConic address this?
The BlueConic First-Party Hostname Console (FPHC) enables you to create a unique, first-party BlueConic hostname for each BlueConic channel. This ensures that web browsers, including Safari, will appropriately recognize your web content, cookies, and the BlueConic script as first party. As web browsers continue to expand their cookie policies and ad-blocking technologies proliferate, first-party data (such as the customer profile data BlueConic collects) becomes even more valuable.
Review the article BlueConic first-party hostnames overview for details. Contact your BlueConic Customer Success Manager for more information on using custom first-party hostnames in BlueConic.
Do I need to be worried about where this is going?
The industry is moving more and more toward privacy protection technologies, especially related to third-party tracking. BlueConic and other CDPs are first-party data processors. We do not own the data; you do. We are a subcontractor for you, our customers. Most privacy protection technology is focused on preventing third-party tracking, which feels logical as consumers do not expect to be tracked by third parties when visiting a website. CDPs, in general, are about giving all touchpoints with customers better data, and consequently providing better service and a great user experience and offering customers what they want. Some CDPs, like BlueConic, also have consent management services built directly into the platform.
Technology will continue to evolve and change, but having a level playing field for everyone provides opportunities to earn trust, gain consent by providing clear value, and achieve better results.
BlueConic focuses on providing the tools you need to provide that value, by researching new privacy technology, implementing our own technology to accommodate privacy and consent, and providing you with expert guidance, so you can take advantage of these new technologies.
Contact your BlueConic Customer Success Manager for more information.
What is first-party data?
First-party data is the consented customer data (including demographic, behavioral, contextual data, etc.) you collect in BlueConic profiles for individuals who interact with you.
This includes online or offline data for website visitors, email recipients, social media followers, in-store shoppers, and others who engage with you today.
Why does first-party data matter now more than ever?
With industry changes such as ITP, the first-party data in a CDP like BlueConic becomes even more important. There are tactics you can employ to continue to collect data in a world of tracking protection:
- Because CDP is used in a first-party context directly on your touchpoints like websites, you should focus on getting identifiers and consent from your visitors, something that would be hard or impossible for AdTech, except parties that have first-party interactions (like Google and Facebook). Having identifiers and having consent makes it easier to merge profiles back into one single profile using profile merge rules in BlueConic. For example, instead of having a paywall, you might have an intermediate step that asks for an email address and verifies the email address. Or, you might set up logins for visitors to reach restricted pages.
- Request your own hostname for BlueConic. By default, customers use a blueconic.net hostname for hosting BlueConic, but we offer a premium service where you can use your own hostname. Using your own hostname integrates BlueConic more into your own websites and makes BlueConic a first-party subdomain instead of a completely different domain. Review the article Deciding on the BlueConic Hostname for more information, and contact support@blueconic.com or your BlueConic Customer Success Manager if you want to know more.
Note: Since the role of BlueConic is strictly to process your data (as mentioned above), it is always best for you to consult your own legal team for recommendations on how you should implement consent.
Where can I read more about browser tracking protection?
- Apple and ITP
- Firefox Enhanced Tracking
- Chrome: Improving Privacy and Security on the Web
- Microsoft: Tracking Prevention with Microsoft Edge