Intelligent Tracking Prevention (ITP) from Apple is moving forward.
The Safari function was launched in 2017, aimed at curtailing the use of cookies for cross-site monitoring and targeting, and Apple has since extended its reach several times, pushing the guidelines further each time.
The recent update–ITP 2.2–limits the first-party cookie monitoring window to 24 hours.
As with previous updates, this has, of course, spurred speculation about the effect on both publishers, advertisers and affiliate networks, particularly with respect to affiliate marketing, which has traditionally put cookies at the center of monitoring.
An update to the United Kingdom Information Commissioner’s (ICO) privacy advice on the use of cookies only added fuel to the fire. And with Apple’s WebKit team now stating they’re going to deal with ITP violations on a par with safety offenses and taking action against all consumers for any breaches of the new monitoring laws, it’s understandable that players across the affiliate sector are involved.
But do they need to be?
There are two things that publishers should bear in mind when it comes to ITP and affiliate tracking:
steps that significant affiliate networks have already taken towards future proof tracking between publishers and their advertisers when gathering information on people Their own compliance with the General Data Protection Regulation (GDPR)
What steps have affiliate networks taken?
The affiliate sector works in a difficult landscape of privacy.
Without their approval, consumers are reluctant to share private data and the large platforms are now eager to close any loopholes in their privacy laws.
But the major networks of affiliates are not idle. In fact, a lot of thought has been given to a cookieless future from Awin to Rakuten Marketing to CJ affiliate and what this means for existing models of tracking conversions from publishers to advertisers.
As ITP 1.0 initially concentrated on cookies from third parties, original solutions were typically constructed around the use of cookies from the first party.
This usually took the form of a site-wide tag deployed throughout the entire website of an advertiser. These alternatives have been mounted by more than 80% of advertisers. CJ also states that “a bulk of transactions happen within 24 hours” on a network level, combined with the lower market share of Safari’s affiliate as a browser, has now minimized the effect on affiliate tracking.
For the future, all referenced “server-to-server” or “server-side” implementations will be available for networks including Impact, Rakuten Marketing and CJ Affiliate.
Impact defines this as “an advertiser… passing data conversion (sale or lead) back to a monitoring supplier via API or FTP.” The alternatives allow networks to monitor transactions using data already owned by advertisers without gathering new information about an person when restrictions on data storage under ITP begin. Rakuten Marketing goes so far as to say that its own server-to-server solution “is not influenced by technology that blocks cookies.”
The affiliate networks’ alternative tracking features, coupled with a continuing philosophical commitment to respect relationships between advertisers and individuals, should future proof tracking against continuing changes to cookie rules.
What about the ICO update?
On July 3, the ICO released its most recent update to the Privacy and Electronic Communication Regulations (PECR).
PECR–which also includes electronic advertising, telephone calls, SMS messaging, emails, faxes, electronic communications services safety and the privacy of electronic communications service users–controls the use of website cookies to monitor tourists.
In practice, where participants of the affiliate marketing industry are compliant with GDPR, the update changes little.
So long as the purpose of collecting cookies is “clear and comprehensive” PECR is not prescriptive about what information should be provided to end-users when gathering consent. GDPR is, in fact, more specific on this, giving firm guidance on how to communicate around consent collection.
PECR does, however, apply to other tracking technologies, such as browser local storage and flash cookies and even files stored by a mobile app, so it’s not exclusive to browser-based applications.
With this in mind, the primary thing affiliate players should understand from the guidance is the importance of continuing compliance with GDPR and other privacy measures, which include ITP and it’s successive updates.
What does the future hold?
The landscape of privacy is still changing. More advances will take place across more browsers and platforms with which affiliate players will have to contend.
Today, consumers are increasingly aware of the data they share online, what it is used for and who has access to it. Platforms are also keen on respecting their desires, managing the ad tech ecosystem to curtail the use of personal data, and keeping their customers happy.
Fortunately, networks of affiliates are aware of this and dedicated to the same objectives. They already have alternatives in location, constructed with consumer regard in mind, and with this in mind, future solutions will also be intended. As long as the affiliate sector in this spirit continues to react to regulations, it has nothing to worry about.
