Web cookies have been following users around the Internet for well over two decades. But with an increased focus on user privacy on the very near horizon, that’s all about to change. So if the people visiting your website won’t be tracked by cookies, how will you know what they’re up to?
Why Are Cookies Crumbling?
It shouldn’t come as a surprise that tracking user behavior can quickly turn into a pretty big legal liability. That’s especially true with newer laws such as GDPR and the California Consumer Privacy Act (CCPA) layering new privacy protections onto existing laws that apply to the medical space (like HIPAA).
The big players – including Google, Apple, Facebook and others – are all scrambling to find ways to minimize their exposure to lawsuits under increasingly tight privacy restrictions. The easiest way to do that? Get out of the tracking game entirely – and push user tracking responsibilities (and liabilities) onto individual site and app owners.
What’s in the Oven?
That smell you smell isn’t gooey chocolate chips or browning dough – it’s burning rubber as Apple becomes the first web giant to get out of the tracking game. Apple recently updated iPhone software with a popup that requires users to opt in to tracking of their activity, a complete 180 from the default opt in previously.
Not surprisingly, many people are opting out, which is leaving big question marks where Google and Facebook used to have lots of lots of tasty data to use to target ads to online customers.
Google and Facebook’s New Recipes
Digital advertising is a $400B industry worldwide. A large part of its success and growth stems from the advantages of targeted messaging based on user data tracking. So with potentially billions of people opting out, how will digital advertisers adjust?
Google and Facebook currently are taking different approaches. Google has said it will discontinue the use of cookies for user tracking and replace them with…nothing. Sounds like a case of don’t have your cookies and don’t eat them too. We’re not entirely convinced that their plan of focusing on more meta-level tracking instead of individual user tracking will be successful. Or that they won’t be finding some way to continue to track individual behavior (I mean, c’mon – they’re big brutha after all!). Currently, the company is warning that many key ad metrics such as conversion tracking will likely become less accurate. Time will tell.
Facebook, as they usually do, is taking a bit of a shadier approach. They’re rolling out a program they call “Conversions API“, which is basically a giant workaround for users no longer being cookied. And surprise surprise, for it to work, web owners will have to be the ones collecting user tracking info, rather than Facebook. Yep, that means that if you want good data, you’re going to have to beef (hey isn’t this blog about cookies?) up your own privacy policies and terms of use so you can collect that information from users directly without running afoul of the increasingly numerous user online privacy laws.
A Tainted Batch?
So what’s this all mean for you? User privacy is a moving target at the moment and will likely remain that way for many years to come. To do what you need to do on the legal side, the customer service side, and the business operations side will take a mix of proactive and reactive tactics so you stay in line with the latest best practices.
On a high level, you’re looking at:
- Less Flavor – Without cookies, it’s going to get harder to have a complete sense of what users are doing on your site and how they’re finding you.
- More Liability Baked In – By having to do more tracking yourself in order to get better data, your practice will be exposed to increased legal liability for data breaches or using collected data inappropriately. So the choice will become good data/bad risk or bad data/good risk.
Our Short and Sweet Recommendations
- If you run PPC campaigns on Facebook or Google, start jumping through the hoops they’ve laid out to ensure you can get the best data for now as more and more users opt out of tracking. This includes verifying your domain on Facebook and updating your remarketing lists.
- Talk with legal counsel about the privacy laws that apply to your practice and whether you need to update your privacy policies and practices to account for those laws.
- Review the information collected on your website and determine if you really need to continue gathering all of it, or if it makes sense to scale back. Less data equals less liability, but of course there will always be some level of info you have to gather from site visitors so you can assist them with their needs.
- Provide notice on your website about how you use any data you are collecting. This can run from including a Terms of Use on all website forms to more aggressive (and annoying) entry popups regarding your policy related to cookies and privacy. Instead of the blanket popups you see on almost all sites these days, we encourage you to work toward a more conversational approach where you tell users what information you would like from them, why you want it, what you’ll do with it, and how they can change their preferences over time.
Cookies may be on their way out, but we encourage you to keep your oven preheated – a more complex recipe is on the way.
