Embracing privacy in a post third-party cookie world

Charmaine Krüger / July 2020

Charmaine Krüger leads measurement and attribution projects for Google clients across the Sub-Saharan Africa region. In this piece, she details practical actions for all marketers in the age of user privacy.

When I began my career as a measurement specialist, I saw it as an absolute science — clear-cut. It’s true that the metrics and methodologies we rely on today are precise, having been validated over years. But a new movement to rethink cookies has added a layer of complexity.

All measurement tools that rely on third-party cookies are under pressure. In January 2020, Chrome announced the intent to phase-out support for third-party cookies within two years, once privacy-preserving alternatives have been developed. Other browsers have taken similar steps.

Not only is it impossible to reach measurement perfection in today’s privacy-centric world, but it’s also unnecessary

Advertising makes access to quality information on the web possible. Ads underwrite the great content and services that we all get for free. They support a universe of creators and publishers, and enable businesses of all types and sizes. But the open, ad-supported web is at risk if digital advertising practices don’t evolve to reflect people’s expectations for privacy.

I see a widening gap between brands making the choice of changing their measurement strategy in favour of user privacy, and those that aren’t. So what does the future of measurement look like in the face of all these changes?

There is no one-size-fits-all solution. Not only is it impossible to reach measurement perfection in today’s privacy-centric world, but it’s also unnecessary. That said, best-in-class measurement can be achieved by following these simple steps:

1. Start making changes now

Updating processes, systems and general behaviour won’t happen overnight. But getting an early start can keep measurement strategies intact, even while a traditional tool like the third-party cookie begins its march towards tech retirement. One of the changes you can start making is moving to a first-party measurement system by implementing sitewide tagging.

2. Strengthen customer relationships

Collect data responsibly. Be transparent about what you collect, and avoid any solutions that aren’t compatible with user expectations for privacy. There needs to be a clear value exchange for data: what is your customer receiving in return?

3. Hire and train for privacy

Build a team or work with an agency well-versed in regulatory requirements. They’ll need experience in responsible marketing approaches, like first-party data collection and cloud-based measurement, which have built-in security capabilities like data encryption.

4. Measure what matters

Don’t measure anything that you are not willing to change. Some advertisers fall into the trap of making their strategy ‘measure everything’. This leads to a spiral of drawing up plans for months without ever doing any meaningful measurement. Start off with a very simple measurement plan that you can quickly implement, test, improve, and repeat. The less complex your plan, the less likely you are to violate privacy regulations.

5. Act on what’s important

This is where the real magic lies. If you don’t actually take action to improve the results of your measurement efforts, you are just doing measurement to tick off another task on your list and not adding any real value.

There is currently no unified approach to personal data protection across Africa. Some countries have comprehensive personal data protection legislation in place and others have no legislation or constitutional protection at all.

The General Data Protection Regulation (GDPR), implemented in May 2018, protects European Union citizens’ data privacy. South Africa has a similar, though not identical law called the Protection of Personal Information (POPI) act, which was enacted in 2013. Although it predates the GDPR, only certain sections of POPI have taken effect.

Better measurement is very much achievable and we should all rise to the opportunity to work together to build an ecosystem that works for everyone and protects user privacy

South Africa has not yet come to terms with GDPR’s requirements due to the fact that POPI has yet to be fully enforced. For example, consent for cookies is not required in South Africa at the time of writing.

The lack of a unified, comprehensive personal data protection legislation in Africa has meant that most advertisers don’t have privacy regulations top of mind. That’s probably why press around the end of third-party cookies has come as a shock.

While it may be a challenging time, better measurement is very much achievable and we should all rise to the opportunity to work together to build an ecosystem that works for everyone and protects user privacy.

How to unlock the power of first-party data