The death of the cookie is upon us.
From 2022 onwards, Google will be blocking third-party cookies on its Chrome browser, joining the likes of Safari and Firefox who have done so already.
News of this sent the industry into a frenzy, and now marketers, developers, and research professionals are grappling with how to prepare for a future that’s both looming and uncertain.
The effects might be more or less severe for different sectors of the industry – ad tech, for example, is in for a complete overhaul.
But regardless of degree, everyone in marketing and market research must brace themselves for some big changes ahead.
While we build our own plans for the cookieless future at GWI, it’s helpful to look at the perspectives of different players in this space – not least of all, consumers.
A privacy-by-design future
What sparked the death of the cookie to begin with?
For companies like Google and Apple, the shift away from individual tracking is all in the name of protecting user privacy. This is one school of thought, and it centers on the concept of “privacy by design”; namely, that systems, tools, and programs are constructed with a robust approach to user privacy from the get-go.
These major tech players are building their own technologies and processes to facilitate this, such as Google’s FLoCs and Apple’s changing policy toward mobile identifiers.
In one sense, this first school of thought reflects consumer sentiment and behaviors quite well.
Our data reveals that, around the world, privacy-based behaviors are already high;
1 in 2 internet users regularly delete cookies from their devices, backing up claims that the cookie is past its sell by date.
When combined with other privacy-conscious habits like using an ad-blocker or a private browsing window, this rises to 3 in 4 people who are actively taking steps to avoid being tracked and targeted online.
But this isn’t quite the full picture. Despite consumers’ active efforts to wipe their digital breadcrumb trail, these same people are consistently drawn toward the benefits that user tracking provides.
For example, while 33% of global consumers say they’re “worried about how companies use their personal data online,” 40% would readily exchange their data if it gave them free services they’d normally have to pay for.
Similarly, while 31% of people prefer to remain anonymous online, 27% say they are comfortable with apps tracking things like their sleep, walking, etc.
This is the interesting thing about the average person’s attitude towards their internet privacy. Despite being concerned about technology tracking us, we still demand the daily conveniences that are only made available when we allow technology to track us. We call this push-pull dynamic the privacy paradox.
An opt-in data exchange
This paradox largely validates the second school of thought, one supported by existing players in ad tech who envision a different sort of future. With consumers so used to the ease and personalization that third-party cookies provide, these companies are pushing for a replacement that maintains many of the same benefits but with fundamental distinctions: better transparency and consent.
Based on the concept of a “universal ID,” this technology is reliant on internet users logging into an authentication interface with their email address, which then absorbs them into a wider network of interoperating systems.
While this sounds complicated, many of us are already quite familiar with the basic concept of SSO (single sign on). It’s what lets us log into our Gmail accounts just once for the day, and then use that to access Opentable to make a dinner reservation, or the New York Times to read an article. We don’t need to individually log into each site. We log in once, and SSO takes care of the rest.
Similarly universal ID technology would require users to log into an interface only once, then be able to browse around other sites online that are part of this agreed network without needing to log in again.
In the log-in process, users would be given information about why their data’s being collected in order to more actively participate in the exchange; unlike the current cookie model, it banks on consent and gives some power back to the people.
Additionally, this model allows for many of the existing benefits of cookie-based tracking to continue – both for advertisers and for users. For advertisers, the benefits are obvious; they’ll still be able to understand who’s visiting their sites, offer them up targeted ads, and accurately measure success on their campaigns.
Users, on the other hand, will be able to participate in a more transparent exchange of their data for services that benefit them. These might include access to free content from a publisher they’d normally have to pay for (think 10 free articles from the New York Times) or enhanced features to enjoy that content (i.e. a high-definition video stream).
The big thing here is consent; with the choice to opt-in, data becomes a currency that users themselves control in order to improve their internet-browsing experience.
Like the cookie model, however, the universal ID solution still collects data on the individual, though its advocates argue the data is behind layers of encryption and protection.
But can we build a cookieless future without tracking the individual? Google and many others believe so.
Birds of a feather FLoC together
Probably the biggest buzz in this conversation now is Google’s FLoC technology.
FLoCs, or “Federated Learning of Cohorts,” are Google’s proposed successor to cookies. One very important thing differentiates FLoCs from the cookies we are used to: they don’t allow the identification or tracking of individual users.
Rather, this technology works by assigning individuals into cohorts – or groupings – with thousands of other internet users based on similar browsing habits. These cohorts are called FLoCs, and the “similarities” that dictate various users belong to a shared grouping are determined by calculations done at the individual browser level.
Therefore, only your own browser knows your history and can assign you to a FLoC that includes, for example, people interested in dog shows who also like jazz music. Websites can’t isolate you from the thousands of dog-loving jazz aficionados out there; they won’t even be told that what you and your FLoC peers have in common is a love for jazz and dogs. The ad tech platforms have to figure out how to analyze that for themselves.
Once they do, they can use this analysis to offer up relevant ads targeted at the FLoCS visiting certain sites. How effective this might be, compared to the traditional targeting of individuals via cookies, we don’t yet know.
And, despite having a mere 8 months to prepare for this new future, there are so many other things we don’t know.
But while Google is a major player in the ad tech ecosystem (Chrome captures two-thirds of browser market share), it isn’t the only one. FLoCs are likely to be challenged by both industry competitors and legislatures on issues of media performance and consumer protection.
Currently, FLoCs are being trialed in a number of markets with a limited amount of website traffic. These do not yet include the privacy-pioneering EU countries that have GDPR on their side – a notable absence.
While Google’s own engineers are very confident FLoCs will fly the GDPR skies freely, the delay has raised questions and concerns. Are these the new ironclad standards of user privacy we’ve been waiting for? Or, at the end of the day, do we still have reason to worry?
Bad actors, bad scripts
The good news is that privacy-by-design is, according to Google, just that. FLoCs on their own, by their design, don’t allow the identification of individual users. Google has been very careful in assuring the industry that users in a given FLoC will number in the thousands – assuring anonymity.
The potential risk, however, lies in what comes after FLoCs, once the world has had a chance to understand the mechanics of this technology – and how it can potentially be abused by bad actors (not the Hollywood kind).
While FLoCs on their own are protective, FLoCs combined with other available data about a user could potentially pinpoint a single individual – a process known in the digital world as “fingerprinting.” Essentially, any data that makes your particular browser unique from others, like its display quality or how it processes sound files, in combination with your FLoC ID – which again, is only you and a few thousand others – has the potential to get real specific real fast.
Google has acknowledged the risks of this, and is committed to mitigating them by creating a “privacy budget” with Chrome to limit the data on individuals available. A website might be able to get a FLoC ID or an IP address, but not both.
The opportunities for market research
Our industry is at a fork in the road; whether it fully embraces cohort-based insight or creates viable universal ID solutions is still up in the air. But both paths will carve out more and more space for survey research. Surveys have been around long before the cookie, and they’ll be sticking around long after it.
Surveys allow us to gain a rich understanding of a group or sub-group’s attitudes, behaviors, fears, hopes, preferences, and plans – all while maintaining the privacy and anonymity of respondents. This is done through strict gatekeeping by panel providers, data processors, and researchers themselves.
The ethics codes that have long directed professionals in market research made privacy-by-design a thing before there was a term for it. If you want to know something about people, the best way to do so transparently is to just ask them.
Additionally, there are many ways survey research can work hand-in-hand with the new technologies that will likely replace cookies. We at GWI are developing ID-agnostic capabilities that can anonymously append its survey data to both universal IDs and FLoCs, in ways that do not compromise consumer privacy or media performance.
Integrating the wealth of information that our audience data provides into these ecosystems can enrich the capabilities of ad tech players. It can help them reach their target audiences, measure the impact of their campaigns, make digital advertising more relevant, and, ultimately, help maximize the return on their advertising spend (ROAS).
All of this can help address some of the key issues already plaguing ads online today, which are rooted in a less-than-optimal user experience.
Across social media and website ads, the top three attributes consumers in the U.S. and UK associate with them are “intrusive,” “excessive,” and “distracting”. Any way to make this better, through targeting that’s relevant yet sensitive to privacy, is a win for everyone – but especially for the consumer.
As an industry that’s long put the consumer’s interests last, this is a change we can and should embrace.
What comes next is still anyone’s guess. As both the technology and legislation continue to evolve, we’ll keep you posted with insight into the consumer, as well as thoughts from our own experts in research and engineering.
To keep up-to-date with us on the cookieless future, the latest consumer trends, and all things research, sign up for our weekly chart email below.