Tracking of consumer behaviour across different websites has recently become a hot topic among privacy advocates, regulators, and consumers, especially with the rise of sophisticated targeted advertising. The emerging industry principle is that consumers should have visibility of, and control the extent to which they are tracked and by whom when they are online. Web browser configuration options and add-ons are the typical methods used to increase consumer visibility and control. Two features of web browser security settings are commonly used for this purpose - control over 3rd party cookies and the "do not track" header.
Third Party Cookie User Controls and DefaultsA cookie is a snippet of information that is saved in the browser, and can only be set or read by a single domain (usually a single website). The industry further differentiates between 1st party and 3rd party cookies.1st party cookies are set by a base web page itself, while 3rd party cookies can be set by other assets on the page that come from a different domain, such as script or image tags from an adserver or web analytics tool. Browsers have always offered users control over whether they set and accept either type of cookie, as well as the ability to remove any cookies that have already been set. Two of the top level settings for user control are whether to accept cookies at all, and whether to accept 3rd party cookies.
3rd party cookies can be used to identify a user on any site where the asset, or tag, is placed. Many marketing technologies used by advertisers use 3rd party cookies to measure how effective advertisements have been, because they can see whether somebody who comes to the advertiser’s site has seen an advert or not beforehand on a different site. Generally, the tags that set and read these cookies are provided by vendors who are 3rd party with respect both by the publisher site (where they are used to track clicks and views) and the advertiser site (where they are used to track visits and conversions, and sometimes attribute revenue to the vendor for delivering customers).
Although this is greatly beneficial to advertisers, tracking users across different websites and targeting them with personalized adverts has caused privacy concerns. It is because of this that most browsers have allowed users separate control over the use of third party cookies. However, most people continue to accept 1st party cookies because they are so fundamental to the way many websites work, such as remembering passwords when logging in. As a result, the default setting for most web browsers is to have first party cookie tracking “on,” so if you do nothing, they will be accepted. This is also true in most browsers for 3rd party cookies. Until recently (see below) Safari has been the exception, as it defaults to accepting 1st party, but not 3rd party cookies. As Safari is the default browser for IOS devices (iPhones and iPads) this represents an increasingly large share of consumer traffic. Currently, 17.5% of all traffic that we see at TagMan comes from Safari users, and therefore probably does not accept 3rd party cookies by default.
Recently Firefox also recently announced the intention to change their default for third party cookies. In upcoming release 22, they will have a similar, but slightly more relaxed version of the Safari policy (the difference being that the existence of pre-existing 3rd party cookies will be interpreted as consent). If this proposal is undertaken, it will dramatically increase the extent of this issue (Firefox currently has around 20% market share).
Do-Not-Track Header User Controls and DefaultsDo not track (DNT) is a more recent addition to privacy control tools. This is a setting in the browser that allows the browser to send a signal (as part of the HTTP request), whether it’s to the website domain or a third party domain, that that user does not want to be tracked. Unlike cookie control, which is implemented by the browser, and be overridden by the website or a third party tag on the page, the effect of this directive is voluntary for websites; however, most digital marketing vendors do adhere to it.
Most browsers leave this header to “not set” by default, signaling that the user has not explicitly rejected third party cookies and will accept them by default. The latest version of Microsoft’s browser Internet Explorer (IE10) has reversed this, and defaults to “on,” signaling that users do not want to be tracked. There is considerable debate around this (see the WSJ article on this), especially as the original specification of the standard implies that DNT “on” indicates a conscious choice not to be tracked. Some server-side technology vendors have even taken the step to ignore the DNT setting for IE10 users (see apache's position on this, or or this article on support for DNT by sitecom). TagMan at present respects DNT for all browsers.
TagMan Privacy SupportTagMan has always been very proactive in supporting user choice and control when it comes to online privacy and tracking practices. We offer users a number of ways to control privacy preferences:
- We have always supported explicit "opt out" functionality, which enables our advertisers to give their customers the ability to permanently opt out of our tracking altogether.
- We were one of the first in our space to fully support the DNT header opt-out methodology.
- In addition to opting users out of our own campaign tracking, our opt out / DNT support can be used to control the tracking tags that we serve for our clients through our tag management solution, so that advertisers can specify whether they would like tracking tags from any vendor to fire if a user has opted out.
- Finally, TagMan protects the consumer by providing vendor level opt-outs and privacy information through an integration with Evidon, the global leader in consumer privacy consent.
Opt-outs and Campaign Tracking DataSo how do all of these privacy controls affect your media mix optimisation Well, if a customer is not tracked by TagMan as a result of one of these privacy choices, then we won’t be able to tell you what advertisements they saw or clicked on when they convert. This is an increasingly big challenge for marketers, due to the reasons described above - increased awareness and support for privacy choice, changes in the default settings for DNT by Internet Explorer, and growing traffic on mobile and tablet devices that don’t allow third party cookies by default. Fortunately, there are a number of things we can do to mitigate the effect.
Ensuring Accurate Data and Measuring the ProblemThe first thing that we can do is accurately quantify and track the extent to which these factors contribute to any loss of tracking data – so we know how big the problem is and which users were affected. TagMan can do this because we record all conversions (usually a sale or registration) on the advertiser’s site, whether the user was tracked or not. We also explicitly record the users that have either opted out, or have DNT set, as well as the likely number of 3rd party cookies that have been disabled through a default setting by recording which browser the customer was using. By tracking all these things, we can identify the proportion of the total users that have not been tracked due to a privacy setting (as opposed to those who simply were not exposed to any marketing activity before converting).
Looking at the figures for non-tracked consumers across our entire install base, we can see that:
- The number of users who have opted out through DNT (whether by default or not) is increasing. It is TagMan’s intention to continue to support customer privacy choice in this area, however we will continue identifying and quantifying this factor to determine its impact on tracking.
- Users that have opted out through a 3rd party cookie privacy preference are already a significant and growing factor. To reduce this, we recommend that our advertisers consider using TagMan under a 1st party cookie domain, as described below.
First Party Tracking as a SolutionThe use of 1st party domains on behalf of advertisers is a very common solution to tracking issues, and is supported by many analytics vendors. Besides better tracking of users that have opted out of third party cookies, other benefits of this approach are that it implicitly reinforces the fact that we are collecting data on behalf of the advertiser (and not on our own behalf as TagMan), and it also further separates each of our advertiser’s data from one another. TagMan already keeps each advertiser’s data separate, even on 3rd party domains, but this further reinforces the separation.
There is little downside to advertisers that wish to adopt this approach, as it is very straightforward to configure. Although there is some administration work involved in setting up the domain, it can be implemented without any code changes on their site, so long as they are already on the most recent version of TagMan. The final change would be to replace existing click redirect links and impression tracking pixels if the advertiser has already implemented them on their campaigns.