Skip to content
All Blogs

ITP 2.X and browser changes: a path forward

ITP 2.X and browser changes: a path forward

Apple released yet another update to their Intelligent Tracking Prevention (ITP) with version 2.3 at the end of September. This year alone has seen the iterative releases of Version 2.1, 2.2, and 2.3. In addition to Apple, there have been similar updates to Chrome, Firefox, and Internet Explorer/Edge this year.

With so many changes, it's natural to be a bit confused and overwhelmed as a Marketer when trying to determine what the impact might be to your business and what the path forward should be to rectify your data strategy.

From a Celebrus perspective, our platform is unimpacted by any of the browser developments and fully compliant with the regulations in place today, both at the browser and legislative level around the globe, without the need for any workarounds. This ensures that our platform can play a pivotal role in your organization going forward as a trusted dataset and single source of truth for your digital needs.

However, we thought it would be helpful to provide some explanations and insight into the impacts that you might experience in other areas depending upon the marketing technology you deploy today.

Why isn't Celebrus impacted?

We are a true first-party solution installed within a client's controlled environment (i.e. on-premise, hosted, private cloud) that captures granular information at an individual level without the need for setting cookies via JavaScript. As such, you can trust that Celebrus data will have the depth, breadth, consistency, and history required to power all your analytics needs.

What technologies are impacted?

The simple answer is that any vendor you're deploying within your digital channels that requires JavaScript tagging to be deployed on the page or via Tag Management. If you're building custom code on the page, it's a problem. This typically also includes home-grown solutions or open source applications that are deployed.

Web analytics tools, such as Google and Adobe, as well as tag management vendors, such as Tealium, all face issues when it comes to setting cookies via JavaScript within the browsers. Regardless of the workarounds that exist today with DNS tricks, the cookies those solutions set will have an expiration of 1 day due to ITP unless they build a further workaround with LocalStorage which only extends the expiration to 7 days (explained below).

3rd party cookie technologies these days are largely found within the Media, Advertising, and AdTech worlds. In some cases, if not implemented properly, your web analytics tools and other tracking tools could be using 3rd party cookies as well.

What can you do?

We'd highly recommend you work with your IT partners to conduct a cookie risk assessment across your technology stack and digital channels as a starting point.

What is ITP 2.X?

Safari accounts for roughly 14% of all browser traffic today across the web. That's not a large number, but it is large enough to care about if you're relying on data from your digital touchpoints.

Simply put, ITP has introduced a variety of restrictions within Safari for placing 1st party cookies on individuals via JavaScript and persisting that information for subsequent visits to your digital properties or other connected sites. ITP 2.1 largely limited the persistence of a 1st party cookie to 7 days. ITP 2.2 changed that expiration to 1 day. ITP 2.3 now also removes any 1st party LocalStorage within 7 days and further cracks down on the practice called "Link Decoration."

What is LocalStorage and Link Decoration?

LocalStorage is a form of web storage that allows sites to store data directly in the browser with no expiration date.

Link Decoration is the practice of passing visitor ID information from one domain to another via URL parameters and that has been in use for years and years.

What about the other browsers?

Much of the changes within Chrome, Firefox, and Internet Explorer/Edge have focused on blocking 3rd party cookies from being set. 3rd party cookies refer to cookies that are being set by domains that you don't own and don't match the domain that a user is currently navigating through.

What will this do to my marketing reporting and analytics?

If you're setting a 1st party cookie via JavaScript, then that will expire on Safari in 1 day. If your vendor partners are using the LocalStorage workaround, then you have 7 days before expiration. Depending upon how often you have visitors interacting with your digital channels, this could become a problem in identifying returning, anonymous users who are not logged in.

Looking at the best case of a 7-day expiration, visitor counts could be massively impacted in reporting within your web analytics tools. In addition, building a customer profile based upon historical interactions largely is rendered useless for your web analytics and tag management vendors. Honestly, you know how much time is spent arguing over numbers as it is, so this will be painful for the analysts within your organization to explain going forward.

If you're setting any 3rd party cookies at all, it's safe to say that data is gone across all browsers and that it is time to develop a new data strategy.

What about personalization or real-time decisioning?

Personalization and real-time decisioning rely heavily on a complete view of the customer. You won't see an impact if you're looking to make a change in a session based upon what's happening right then and there, but you will run into issues if you're trying to make decisions beyond that. If you're losing a lookback window or ability to stitch the visitor history together, then what you personalize on could be limited if you don't look to change your means of digital data capture.

This is the crux of the argument today between contextual and behavioral personalization, something that we intend on speaking about in a future post here on our blog.

What are the impacts on attribution models?

This is arguably the most important impact to get a handle on and work into your data strategy for the coming year.

Attribution reporting and models based upon tag-based solutions (i.e. cookies set by JavaScript) will have inaccurate representation of the individual and potentially gaps in visitor history if a cookie has expired. If someone had a cookie deleted before they came back and completed a conversion or business-value event, you might not be able to stitch those sessions together if the time between was more than 7 days.

Furthermore, an input to many attribution models include 3rd party advertising, and that typically is captured by 3rd party cookies. With 3rd party cookies and data under attack from all the browsers, this will require a new strategy and approach.

Celebrus, as mentioned before, is being heavily relied upon to fill this gap going forward given our approach. Celebrus for Data Science is one example of that, which you can read about here: Celebrus for Data Science

Speaking of Advertising, what about Audience Targeting?

Audience targeting and other AdTech, such as DMPs, are also going to run into problems. Visitor counts, targeting accuracy, and cross-domain capabilities all find themselves under fire, but the main crux of this problem is 3rd party data and an overreliance on that data and the respective cookie pools for targeting around the digital ecosystem.

As an aside, it's also important to ensure that your 1st party data is protected and not shared or owned by your agency partners as you shift to using more of your own data in your targeting efforts. You can ensure this by carefully reading and adjusting your contracts with partners and vendors.

What else should be considered with all these changes?

Data ownership and control. The benefit of building a data strategy centered around 1st party data is that you own it and control it. That then ensures you're able to build a dataset that is fully compliant with the privacy legislation in the markets that are applicable to your business. It's important to remember that many of the browser changes are a reaction to protecting the consumer and ensuring that 3rd parties are not taking advantage of the consumer.

You're capturing data about the consumer across a variety of touchpoints, and a best practice and future-proof approach would be to work with solutions who respect that and provide you with the full capability to manage what and who you track based upon their cross-channel and cross-device preferences.

Overall, there are three fundamental messages that come from the recent round of browser changes:

  • If you have 3rd party data in use anywhere in your ecosystem, that must be addressed as soon as possible and replaced by 1st party data.
  • A core concept of your new digital strategy should be the identification of an individual and the building of a complete profile across both channel and device that complies with all the browser updates.
  • Data ownership and control should be a core value, and that data should be compliant with all privacy legislation around the globe where applicable.

We would be happy to speak with you further about these challenges and connect you with our expert digital strategists and data capture experts.