Impacts of Apple’s latest privacy update thwarting ‘link decoration’
With Safari’s anti-tracking feature, Intelligent Tracking Prevention 2.3, Apple fired a warning shot at companies using “link decoration” — a method of passing information through code added to a URL — as an alternative to third-party cookies, closing yet another loophole in its quest of killing off cross-domain tracking through third-party cookies.
For years, link decoration has been used to track referrals. Apple’s concern: Companies have been using link decoration to sidestep Apple’s privacy-focused plans to rid the web of persistent tracking.
Apple’s recent update pointed to the “continued abuse” of companies using link decoration as a workaround to track people in response to earlier ITP updates. As part of the update, Apple thwarted link decoration use by putting a seven-day limit on all non-cookie storage data, like local storage — a type of web storage that allows sites to store data directly in the browser typically with no expiration date.
“The more Safari traffic you have coming to your website, the more you would be impacted by the changes,” said Adriana Tailor, head of data and insight at TI Media. “Beyond CPMs, which everyone agrees has a lower value for Safari inventory when compared with Chrome [around 30% lower], the biggest impact will be for agencies and advertisers to report performance.”
Each release of Apple’s ITP update has led to some drop in publisher CPMs as more identifying data on Safari audiences is stripped out. With Apple’s crackdown on link decoration specifically, publishers have noted that their analytics tools aren’t working as they would expect, said Joe Root, co-founder of data platform Permutive, which offers alternatives to third-party cookies. The company has previously said that the platform is unaffected by the ITP updates.
“Facebook IDs could be getting recycled faster,” said Root. “After seven days, they could count as a new user when they aren’t.” For publishers, for now, this is more annoying than really damaging. But the direction of travel toward a data-privacy first advertising ecosystem is clear.
In the long term, for publishers making use of their first-party data, it’s an opportunity for them to take back more control of CPM prices and encourage advertisers to buy against that data, added Root.
“ITP is the environment publishers will flourish the most in. It puts them back in control,” he said. “In this update, Apple is making a request for publishers to help them clean up the web.” Publishers and marketers can strip out link decoration so they don’t fall foul of Apple’s increasingly restrictive privacy terms. For publishers, this is a fairly low lift.
Subscription publishers and those with scaled authenticated-logins are in the lead with how they are flexing their first-party data strategies. The issue with the latter is getting login alliances to scale when they’re met with headwinds like working with competitors, configuring technical issues and generating enough interest from buyers.
Vendors who aren’t able to pivot quickly enough to respond to Apple’s changes will struggle. The number of companies offering alternatives to third-party cookies continues to grow, ratcheting up the game of cat and mouse. But ITP 2.3 also appears to put Facebook, which uses link decoration and is likely classified as a tracking domain, in the firing line.
“This version looks like going after Facebook,” said Root, adding that in recent earnings calls Facebook referenced that it is finding it increasingly difficult to target Apple audiences. “There could be some downstream impact on the platform.”
For context, the Safari audience impacted by ITP 2.3 is still going to be a slice of publishers’ Safari traffic, which in turn can be between 30% and 40% of traffic. But Apple isn’t done killing off cross-domain tracking, and, increasingly, industry onlookers fear Google’s Chrome browser, which has been flirting with third-party cookie crackdown, is ramping up its efforts.
For now, this sting from ITP 2.3 isn’t as bad as earlier updates. “A seven-day expiry on this type of data [using local storage] is much better than the one-day expiry that first-party cookies get from the same process,” said Tailor. “However, it’s impossible to rule out changes to this expiry date. Future ITP updates may put a one-day expiry date on non-cookie storage.”
‘We see a world where publisher data replaces third-party data’: News U.K. puts its data at the nucleus of post-cookie push for media budgets
News U.K. has overhauled the way it collects, sorts and monetizes its audience data across all its titles via first-party data platform Nucleus.
Here’s why the loss of the third-party cookie is heading toward a collapse in the middle
In the absence of third-party cookies, marketers will need to work more closely with trusted publishers to reach their audiences. Who will lose out? It is posed for a collapse in the middle.
Member ExclusiveMedia Briefing: What to expect from the Digiday Publishing Summit
This week's Media Briefing previews the upcoming Digiday Publishing Summit, which kicks off on Sept. 27 and will feature speakers from media companies including The Washington Post, BDG, Group Nine Media and Essence.
SponsoredHow retailers can be ready for holiday shoppers this year
Suchi Sastri, managing director and partner, Boston Consulting Group As the holiday season approaches and the pandemic continues to evolve, retailers want to know what to expect. Will e-commerce continue to grow at the rate it did last year? How big of a role will in-store shopping play in holiday shopping? While it’s still early, […]
How the pandemic has been a real a buzz kill for office happy hour bonding, culture
As COVID-19 crawls on, more companies are rethinking the wisdom of mixing booze and the stresses of the workplace.
‘Football has lost its soul’: How Copa90 is repositioning itself around the creator economy
Copa90’s overseers believe there’s another shift happening in tandem with the corporatization of the sport that has the potential to be just as transformative