Solutions for a world without cookies
Third-party cookies will be definitively banned in 2023. The new Swiss Data Protection Act will also come into force in the second half of the year. So there's a lot for marketers to do. Patrick Mohr from Mohrstade presents technologies and tools for tracking and personalization in the post-cookie era.
Almost all solutions in the field of digital marketing, analytics and personalization work with cookies. Particularly affected by the change are solutions that collect user data across domains, such as affiliate marketing, data management platforms, programmatic advertising, retargeting, and search engines.
These solution providers need the cookies to be able to establish a connection between the placement of advertising and the success of the measure with their customers, or to target customers who have responded to certain advertisements, visited a certain website and are to be retargeted based on their behavior there.
Different approaches to solutions
There are various approaches and providers for the time without cookies. Google in particular has developed some solutions to meet the new requirements.
The "Privacy Sandbox" in Google Chrome is intended to enable users to determine via their browser which advertisements they want to see. A so-called token system is also intended to ensure that a user's behavior on various websites is that of a real person, not a machine, in order to prevent fraud.
The new "Google Topics" compiles an interest profile in the Chrome browser based on the pages actually visited locally on the user's computer, which can then be used as the basis for more targeted advertising. In combination with the new browser-based "Fledge" technology from the Privacy Sandbox, Google can thus move the familiar auction market for search terms on Google Search to users' computers via the Chrome browser, so that bids can be made without further integration of third-party solutions or cookies.
In Google Analytics 4 (GA4), the anonymization of data is already preset. Since personal data continues to be processed in the background and sent to US servers, a Consent Management Platform (CMP) should also be used when using GA4.
Server-side tracking
Currently less affected by the browser blocking of cookies is server-side tracking. In this case, the data is transmitted to a central server, which then sends this information to the connected servers or solutions such as Google Analytics.
Data such as the IP address of the incoming request or a user agent sent along can be removed before forwarding. For Google Analytics, this option is already offered in the predefined tags. Thus, for example, the server-side Google Tag Manager (GTM) offers the option of anonymizing or removing the IP address of the client before the request is received on the desired endpoint. Also, a check and removal of PII data can be done more scalably on the server-side GTM. If third-party scripts are no longer executed on the website, but the functionality is mapped via the Google Tag Manager, more control is given when setting cookies - especially third-party cookies.
Customer Data Platform
With the help of a Customer Data Platform (CDP), advertisers can store the first-party data of their own website and app visitors in a customized format, merge it with data from other data sources, and use it for cross-channel, real-time personalization of user targeting. By using first-party cookies and their own keys for matching user data, advertisers can somewhat counteract the loss of information from third-party cookies here and are less dependent on the profile information of the large networks.
The issue of data protection plays a central role in the use of a CDP. Simple consent management as part of the collection of first-party data is not sufficient here. As already described, a CDP aims to link online usage data and personal data from user profiles. The collection, linking, processing and use of sensitive data requires separate information and consent from the user. This requires clearly defined permission management, which defines the scope of data collection under data protection law on the basis of the architecture plot.
As part of the consent process, it must be made transparent to users what data is being collected and for what purposes it is being used. The following basic questions should be considered:
- How is the data processed in the CDP?
- Does the processing of the data comply with the applicable data protection conditions?
- How are identifiers passed to the different marketing tools processed in the respective marketing tools?
- What purposes do I pursue with my CDP use cases?
- What permissions must be obtained from the user for these purposes (collection, processing and use of personal data)?
Conclusion
Current developments mean that the Internet will change fundamentally. Companies must develop new strategies to close their growing data gaps. Those who do not do so will have to buy access to their customers from the major platforms at a high price.
In the current situation, companies are therefore well advised to rely on permissions, first-party data and server-side tracking in order to be able to continue to operate, measure and optimize targeted and personalized online advertising.
* Patrick Mohr is Co-Founder and Managing Partner at the marketing technology consultancy Mohrstade. In 2017, he established Trakken's Munich office. In parallel, he works as a lecturer at universities. Furthermore, he is co-organizer of Analytics Community "Analytics Pioneers" with over 6'000 members.
