Over the years, cookies have been the lifeblood of online advertising, driving targeted digital marketing and attribution. They are currently the most common method of identifying users online and enabling a personalized browsing experience.
However, the growing awareness of privacy issues and the introduction of privacy-centered European laws (GDPR and ePrivacy) has put pressure on online advertising-technology companies to change the way they collect, store and use visitor data.
Apart from the GDPR and ePrivacy, there are also a number of other challenges that AdTech companies need to contend with. One prominent example is Apple’s Intelligent Tracking Prevention feature, which has made using third-party cookies very problematic for AdTech organizations – from retargeting companies like Criteo to walled-garden behemoths like Facebook.
In response to changes in how third-party cookies are handled by browsers like Safari, Facebook has joined the list of various other large companies, such as Google and Microsoft, providing advertisers with a first-party cookie option for its Facebook Pixel.
In order to understand the reasoning behind this move, we first need to have a look at the events that led to it.
User Awareness of Third-Party Cookies
For many years, third-party cookies flew under the radar of online Internet users and allowed advertisers and publishers to collect data from them as they moved from website to website.
However, in recent years, online users have become more aware of what cookie files actually do, what information they contain and what types of cookies there are in the first place.
This, in turn, spurred the popularity of numerous browser extensions that identify and block tracking cookies (i.e. third-party cookies) from being created – such as ad-blocking tools, cookie blockers, and cookie scanners – essentially eliminating the effectiveness of behaviorally targeted ads.
Unexpectedly, another actor “sabotaging” the digital advertising industry is Apple.
The California tech giant threw a spanner in the works of online advertising and positioned itself as the Robin Hood of the Internet with the introduction of the privacy feature known as Intelligent Tracking Prevention (ITP) to its Safari browser and iOS.
The move seemingly resulted from concern about the privacy of its users, particularly regarding third-party cookies, but there is more than meets the eye.
In reality, Apple’s latest release of ITP 2.0 could be seen as a direct jab at Google, Bing, and Facebook alike, impacting their ad revenue and crippling cross-site tracking.
However, to fully understand how ITP works, we need to start with some cookie basics.
What Types of Cookies Are There?
There are essentially two types of cookies: first-party and third-party. From a technical perspective, there is no real difference between the two, as they contain the same pieces of information and perform the same functions.
The difference between the types of cookies has to do with how they are created and subsequently used, which often depends on the context. There are different benefits of creating first- vs third-party cookies.
- First-party cookies are stored by the domain (website) you are visiting directly. They allow website owners to collect analytics data, remember language settings and perform other useful functions that help provide a good user experience.
First-party cookies, as mentioned above, are created directly by the website whenever a user visits the site.
- Third-party cookies are created by domains other than the one you are visiting directly, hence the name “third-party”. They are used for cross-site tracking, retargeting and ad-serving.
Third-party cookies are placed not by the website, but by third-parties, e.g. advertisers.
- The existence of second-party cookies is a subject of contention. Second-party cookies are transferred from one company (the one that created first-party cookies) to another company via some sort of data partnership. For example, an airline could sell its first-party cookies (and other first-party data, such as names, email addresses, etc.) to a trusted hotel chain to use for ad targeting, which would mean the cookies become classified as second-party.
What Is Apple’s Intelligent Tracking Prevention?
ITP is a feature offered by Apple in Safari and iOS 11. It dramatically changes the way the browser treats cookies.
Versions prior to ITP 2.0 allowed cookies to be read and used in a “third-party context” if the user accessed the domain directly in the first 24 hours. However, even this tiny access window was scrapped in the recent version.
This means, for example, that when browsing the Internet using Safari, the user is not being tracked and retargeted. Also, without third-party cookies, the user has no possibility to use the convenient “Share on Facebook” or “Log in with facebook” buttons (Facebook can also collect data on users and non-users through sites which use various like/share/login buttons).
Methods like ITP are designed to detect cross-site tracking and partition (isolate) first-party cookies, making it impossible to use them for tracking or analytics purposes.
Similar cookie blockers are usually offered natively and enabled by default in browsers offered only by developers which are not, unsurprisingly, providers of ads (Apple, Mozilla, Opera) at the same time.
Other browsers have followed suit and started implementing similar solutions – Mozilla’s ITP-like, always-on functionality is called Content Blocking (formerly known as Tracking Protection) and was introduced with Firefox version 63 on August 30, 2018.
You can learn more about ITP and find out how it works by reading our blog post.
Facebook Cookie Pixel: From Third- to First-Party
Facebook Pixel, a piece of code allowing brands and advertisers to measure, optimize and build audiences for Facebook advertising campaigns, was originally based on third-party cookies. ITP 2.0 essentially broke the code on Safari, forcing Facebook to come up with a workaround.
What Is Facebook’s First-Party Cookie Pixel?
Simply put, Facebook’s new first-party cookie pixel is a workaround for cookie-blocking techniques like Apple’s ITP. The cookie looks like it’s coming from the site displaying the ad, while in fact it sends data back to Facebook and, as such, performs functions typical of third-party cookies.
Abandoning the “legacy” third-party cookie and switching to the first-party cookie as the default option for the Facebook pixel is intended to help businesses continue using analytics and tracking ad attribution, independently of the browser they’re using.
Even though the first-party cookie is now the default option for Facebook’s pixels, advertisers still can change the setting at any time and switch back to third-party cookies, which may be important if they collect sensitive data. This option can be found in Settings under Events Manager:
Here’s how Facebook’s first-party cookie pixel option works:
- A user clicks an ad on Facebook. A unique string is appended to the link.
- The user is redirected to the advertiser’s landing page. Prior to that, the site must at some point display a consent box enabling its visitors to consent to the pixel sharing the first-party cookie data with Facebook.
- The URL is interpreted by the pixel installed on the advertiser’s site. The URL parameter is stored in the user’s browser as a first-party cookie.
- The pixel installed on the site communicates with Facebook and sends back the data stored by the first-party cookie.
Other Possible Workarounds for ITP 2.0
While ITP 2.0 spells bad news for a majority of independent AdTech and MarTech companies, every vendor is either working on or has already offered a workaround to limit the negative effects, with the main solution being server-to-server conversion and event tracking.
This illustrates the game of cat and mouse between companies that want to promote user privacy and those that want to stop it.