Blast Analytics and Marketing

Analytics Blog

Supporting Leaders to EVOLVE
cookie clock representing google's third-party cookie ban
Category: User Privacy

Understanding How Google’s Privacy Changes Impact Marketers

September 9, 2021

The online marketing landscape is about to change in a big way. Google’s privacy changes, currently pending, won’t only affect the way individual users’ online privacy is protected. They’ll also have an enormous effect on online marketing, eliminating or radically changing the ability of marketers to track and identify the users that interact with their ads and websites.

Online marketers currently rely on Google’s third-party cookies to track customers. Cookies allow the identification of visitors to your sites and let you create channels of communication with those prospective customers, ideally optimizing the digital experience. Through that data, marketing experts can understand which visitors are converting and get a glimpse into what’s prompting those conversions. But all that’s (almost certainly) about to change.

The Focus on Privacy

group of people looking at a google's privacy changes on a computer

Let’s get one thing straight from the beginning: Google isn’t deliberately setting out to pull the rug out from under marketers. The changes being proposed and designed are all about customer data privacy. Google has prioritized protecting its users’ privacy in response to customer demand. The European Union’s General Data Protection Regulation (GDPR) laws, established in 2016, and the 2018 California Consumer Privacy Act (CCPA), were first-wave responses to this need. And, if we’re honest, we must admit that advertisers and marketers haven’t always taken seriously this customer demand for data privacy.

The GDPR and CCPA were just the beginning of the new drive toward consumer data privacy. We can expect to see more changes coming from Google, Apple, and other major players in the online world, all designed to enforce the protection of user privacy and data. Google has, in fact, stated overtly that change is about to be the new normal.

Regulatory and business changes are, of course, responses to increasing expectations on the part of users regarding their data privacy. These rising expectations are resulting in both the restriction of cookies and mobile device identifiers on the platform side, as well as restrictions and requirements regarding the use of consumer data on the regulatory side.

Changes to Google’s privacy sandbox are just the beginning, with far more to come — and these changes will have a radical effect on marketers’ ability to collect and track user information, beginning with cookies.

The Crumbling Cookie — A Cookieless World

Currently, online tracking of and data collection from users relies on cookies, which are tiny bits of information used to identify each user. Every time a user interacts with content of any kind, whether an ad, an article, a product page, or a video, information about that interaction is gathered and stored. While cookies do retain user anonymity, they collate information about user behavior across multiple visits, allowing marketers to create user profiles, understand user behavior, and create responses to that behavior.

But the use of cookies is coming to an end, according to Google. Marketers and advertisers will no longer be able to collect and amalgamate those tiny bits of data without user consent. As Google puts it, cookies are going to “degrade.”

What does this new Google privacy policy mean? Google hasn’t yet come out to say overtly that it’s getting rid of third-party cookies entirely. But it’s highly likely that enforcement of privacy constraints on Google’s third-party cookies will become increasingly strict in the very near future.

Third-party cookies aren’t the only ones starting to crumble. Even first-party cookies are at risk of losing their functionality going forward. As cookies continue to degrade under Google’s new policy, Google’s privacy changes will instead create new tech that provides innovative ways to identify and track users interacting with various sites.

Why is Google making these changes? After all, Google owns both Chrome and one of the largest ad networks in the world. Is the Alphabet company trying to corner the market? Or is it just responding to the new privacy laws and the increasing consumer demand for privacy? The answer to these questions may not matter, since, regardless of the reasons, Google is making serious investments in changing the way users are tracked and identified.

The Replacement for Cookies

business professionals discussing replacement for third-party cookies

So what will replace cookies? Going forward, Google intends to use artificial intelligence (AI) modeling to derive information about users, identify the ads with the highest levels of conversion, and identify which users are the most valuable.

AI modeling, however, requires a lot of information. Google says that it needs more “signals” to identify users and conversions. The most valuable of these signals will be each customer’s personal identifiable information (PII). This information consists of customers’ last names, email addresses, and physical addresses.

What does this mean practically? If a user searches for your product on Google, clicks on your ad, and goes to your website, Google now has the information it wants. However, without cookies, there’s no longer any way to store the anonymous identifier for that user. If that same user returns to your website later and converts, there’s no way to connect the first visit to that later visit, no way to connect the original ad viewed to the conversion.

How does Google intend to handle this? It’ll want sites to send them as much PII information — those “signals” Google mentioned — to identify users. Google will then use AI modeling to connect the original click on the ad to the eventual conversion.

This poses a problem for a lot of sites, however. Most marketers don’t collect a lot of PII during ad interactions. Typically, PII is only collected at conversion, when the customer is inputting their credit card or other payment information. Even then, many customers may want to avoid providing key information such as email addresses or physical addresses.

In fact, most analytics platforms have traditionally been banned from collecting and storing this type of PII because it was considered too private. Sharing this information with ad networks, such as Google or Facebook, was also banned as it crossed too many privacy lines.

As cookies go away, though, PII is now going to be the most important data you can gather. Many sites will have difficulties as a result. To combat the loss of the cookie mechanism, Google, Facebook, and other large ad networks are encouraging their customers to invest in server-side tracking.

As cookies go away, personal identifiable information (PII) is now going to be the most important data you can gather.

Server-Side Tracking

With server-side tracking, when marketers and advertisers collect user information on a conversion or confirmation page, they no longer send in pixels on that page in the form of cookies. Instead, once that PII is collected, the marketer must send it to a server-side, backend service. That service will report to Google, Facebook, and other ad networks that a conversion has occurred.

The server-side integration service stitches together the various bits of PII gathered from the consumer in a secure fashion, sending it to the ad networks at an appropriate time. Overall, this new process is more respectful of customer privacy.

Plenty of server-side services are available to provide this service. Tools such as ConvertEvent and Tealium EventStream leverage website server-side implementations to send data to Facebook, bypassing the blockage of tracked events to Facebook by browsers. In light of Google’s privacy changes, many more such services are likely to arise in the very near future. Google can also do some server-side tracking via Google Cloud.

In most cases, marketers should be able to avail themselves of server-side services without having to exert much initiative or incur much in the way of cost. Some websites and marketers, however, may choose to take a do-it-yourself path, building their own backend services that connect to Google, Facebook, and other ad networks.

Preparing for these Changes

It’d be easy (and understandable) for marketers and advertisers to freak out a bit, given the scope of Google’s privacy changes, especially because few of the details surrounding the proposed changes are yet known. However, Google has recently announced it’s delaying its plans to phase out third-party cookies in the Chrome browser until 2023, giving you time to get ahead of these changes.

Indeed, there are steps marketers can take now to prepare for what’s coming down the pipeline. Since Google’s privacy changes appear to be inevitable, the smart response is to prepare for change now and start working out any kinks, rather than taking a reactive stance and waiting until Google has changed its protocols and it’s too late to prepare.

Google’s privacy changes appear to be inevitable, so the smart response is to prepare for change now and start working out any kinks.

Google has suggested a three-pronged approach to prepare for the loss of cookies. To prepare for that eventuality, marketers need to preserve information, inform ad networks, and take steps to keep all PII secure.

Preserving Information

Google advises marketers and advertisers not to get rid of your current cookie implementations and the pixel integrations you’ve been using. Remember that cookies aren’t going away immediately, and they’ll continue to co-exist with newer models for a while. Make sure you have robust tagging functionalities available to help with the transition and to preserve your existing data and measurements.

The information that you’ve collected through these mechanisms has been valuable all along, and it’ll continue to be valuable. Start to institute new ways to collect data, as well as new ways to pass that information on to the ad networks you use, even as you meet the privacy requirements demanded by users and regulatory agencies.

Informing Ad Networks

The ad networks need the information that marketers and advertisers collect. With that data, they’re able to crunch numbers and provide the conversion data that marketers need, in turn, to create the messaging that most attracts and converts visitors. The change comes in what data is being collected and how it’s being transmitted to the ad networks, so companies will need to augment the current gaps in their data sources to facilitate ad network modeling efforts. This means creating a pathway for privacy-compliant exchanges of customer information that takes customer consent into account.

Any information a website collects about each customer — including first name, last name, email address and more — now needs to be shared with ad networks as soon as possible. The more info the ad networks have, the better they’ll be able to build out the new algorithms and models needed to replace what we’ve had with cookies. All this information will become especially critical when designing remarketing and targeting efforts.

Sites that haven’t been collecting PII now need new ways to do so. Traditionally, PII has been collected toward the end of the customer journey. Now with Google’s privacy changes, it should be collected as early as possible in the funnel, whether through small surveys, customer service interactions, or other touchpoints that provide customer feedback.

Preference centers, Voice of Customer (VoC), and other feedback tools also give marketers the ability to capture “zero-party data,” defined by Forrester as: “Data that a customer intentionally and proactively shares with a brand, which can include preference center data, purchase intentions, personal context, and how the individual wants the brand to recognize them.”These feedback tools can also be helpful in amassing this data, with email addresses leading the pack in terms of important information to collect.

This will be increasingly important in a cookie-less world, whereby leading brands will need to rely more on first- and zero-party data.

Protecting PII Security

With the need to collect PII comes the requirements of security and consent. In particular, consent must be the cornerstone of data collection efforts going forward. That means developing comprehensive, top-of-the-line tools that respect customer’s data privacy. Begin by evaluating your own sites’ needs for additional security and control features.

As privacy becomes increasingly important in the future, smart marketers and advertisers will invest in tools to collect customer consent at varying levels. Those tools need to be in place before Google’s privacy changes flip the switch, as it were, and abolishes cookies completely, putting its new data privacy policies into effect. At that point, any company that hasn’t developed thorough consent and privacy tools will find itself unable to implement its advertising campaigns. The time to rework data collection and to invest in tools that preserve privacy is now.

What the Cookieless Future Looks Like

With Google pushing back implementation of its privacy changes to some time in 2023, marketers and developers have time to start planning, prepping, and testing alternatives.

To prepare for Google’s privacy changes, marketers will need a new focus on consent. Look for consent banners and tools that implement consent-aware tagging. Stop relying on third-party cookies, and get ready to work with aggregated measurement solutions in their place, along with an increased reliance on models. Start developing first-party and zero-party solutions now, before they’re needed.

To prepare for Google’s privacy changes, marketers will need a new focus on consent. Look for consent banners and tools that implement consent-aware tagging. Stop relying on third-party cookies, and get ready to work with aggregated measurement solutions in their place.

At this end of the road, it’s not possible to see the full impact of Google’s privacy changes, though we can understand enough to start making the needed changes now. Journeying down the road will open new vistas that illuminate new issues and suggest new solutions, with new technologies developing along the way.

To discuss these data privacy changes and how you can not only mitigate the impact but also use it to your competitive advantage, reach out to our expert consultants at Blast.

Jer Tippets
About the Author

Jer Tippets is a Principal Solutions Architect at Blast with more than 15 years of experience in analytics, customer data platforms, and personalization. He works with companies to EVOLVE their data by simplifying and streamlining their analytics programs. Jer has a passion to continuously innovate and help organizations bring their data full circle by making their data both automated and actionable with the goal of building authentic relationships with their customers.

Connect with Jer on LinkedIn. Jer Tippets has written on the Blast Digital Customer Experience and Analytics Blog.