Here at InfoTrust, we’ve been publishing a lot of content around the rapidly changing privacy landscape. Major transformations are underway, and they will have massive impacts on retail as we currently know it.
For example, we’ve explained how government regulations are changing the way organizations collect data; how browser changes will affect organizations’ ability to collect third-party data; why having a first-party data strategy is critical in a cookieless world; and how the cloud offers business owners powerful solutions during this volatile period of transition.
While it’s good to be educated about these changes, it’s easy to feel overwhelmed. Or, even if you’re motivated to tackle these issues, it’s not always evident what your first steps should be. How does one prepare an organization for an as-yet-unknown future?
It’s understandable, then, that two of the most common questions we get from our clients are, “How do we assess what impact these changes will have on our business?” and “what should we actually be doing right now?” Below, I’ll explain the first three steps for your organization’s transition to privacy-centric marketing.
You Need a Reality Check
For any organization looking to address privacy changes, the first priority should be performing a reality check. Figure out where your business stands today when it comes to digital privacy, reliance on platforms using third-party cookies, and first-party data strategy.
You won’t be able to make informed decisions about how to make your privacy-centric vision a reality if you don’t understand the current landscape and what areas of your business will be impacted the most. A comprehensive assessment of your current state before considering any possible solutions is a must.
With so many changes happening, it would be easy to get carried away with all the things you could be doing. Instead, focus on three specific evaluations:
- Assess your marketing’s reliance on third-party cookies.
- Assess your ability to comply with privacy regulations.
- Assess your first-party data availability and modeling capabilities.
I’ll explore each of these outcomes in more detail below, highlighting key steps and questions that will ensure your organization is prepared for a cookieless future.
1. Assess Your Marketing’s Reliance on Third-Party Cookies
The topic on many people’s minds right now is the sunsetting of third-party cookies. Google has expressed its intention to phase out support for third-party cookies in Chrome browsers by 2022, and Safari effectively stopped support for third-party cookies with their introduction of Intelligent Tracking Prevention in 2019.
Before you can adequately adapt, you must first assess how much your marketing platforms will be affected without third-party cookies. Some organizations rely heavily on advertising platforms leveraging third-party cookies, while others use strategies that do not require their use. It’s important to know where your business falls on this spectrum. Here’s how:
- Conduct an inventory of tags present on your website. Step one is to know what marketing and advertising platforms are in use at your organization. Leverage an audit tool such as Tag Inspector to inventory all of the platforms currently collecting data and placing cookies on your owned and operated properties. If you want a complete audit of your tags, just let us know here, and we will send you an inventory, free of charge.
- Identify the business owners and business use cases for each tag, as well as the types of cookies they set. The goal is to learn which platforms are leaned on most heavily in your marketing mix and which of those rely on third-party cookies. The intersection of these two classifications are the platforms which constitute the biggest risk to the organization’s success. Ask yourself, what is being accomplished by these platforms today? What alternatives are available to me that I can test? How are these vendors preparing for the new reality?
- Review the need for a Customer Data Platform (CDP) for customer reach and identity resolution. Many organizations rely on third-party data to understand their most valuable users and expand their reach to target others similar to those users. Without third-party cookies, the ability of third-party platforms to be able to tell you who are your most valuable consumers and who should be targeted is no more. It is the responsibility of your organization and your first-party datasets to evaluate ideal consumers and take action on those insights. Having a single view of your customer across platforms and experiences is crucial, as is maintaining named user identifiers (IDs for those who have registered, logged in, etc.) to potentially use to join your datasets with those of partners for targeting. Assess what capabilities you have in this area today and if a solution such as a CDP is necessary to make this critical activity a reality.
2. Assess Your Regulatory Compliance
Government regulations like the California Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR) have placed limits on data processing, and the future of data privacy looks like it’s heading toward more regulation, not less.
Perform a legal review to see which regulations might apply to your organization. If you operate only in the United States, this means being flexible and considering multiple state-specific laws such as CCPA (California) and CDPA (Virginia). If you do business in Europe, you will need to be aware of the more extensive GDPR as well as country-specific laws to comply with the ePrivacy Directive.
For comprehensive information about complying with each of these regulations and deep-dive specifics for auditing methods check out the great content provided by Tag Inspector.
For a quick example, let’s look at the types of questions to ask to evaluate preparedness for Data Subject Access Requests (DSARs in privacy parlance):
- What platforms are processing Personal Information?
- Where is that information stored? Is it integrated into larger datasets? Shared with other platforms?
- What processes do we have in place to meet the requests of consumers—both for accessing information in scope and for deleting it upon request?
- How manual vs. automated are those processes?
Many companies are relying on clunky hacks in order to comply with these requirements. When a consumer requests information, someone in the organization goes to each platform that they are aware of to run searches, collect the information in a spreadsheet, and then sends it to the consumer.
This is not efficient, cost-effective, nor sustainable. Investing in integrated, easily accessible data and robust automated processes will be beneficial to most organizations in the long run.
3. Assess Your First-Party Data Availability and Modeling Capabilities
First-party data is the information that you collect directly from your consumers on your owned and operated properties. In a cookieless world, that data will become more and more important.
Before you can maximize your use of first-party data, you must:
- Review the first-party data collection architecture. First and foremost, you can’t gain insights and take action on data you don’t have. It is critical to have a sound data collection architecture in place. In the new privacy-focused world this means offering an adequate value exchange and maintaining a relationship with consumers so they opt-in to tracking. This also means ensuring consistency data structure across platforms to enable downstream integration.
- Determine your approach to collecting “named” first-party data. Without third-party cookies, users registering and providing you with a persistent means of identifying them both on your properties and across other domains is critical for personalization. If you run a subscription-based website with registered users, you will have easy access to “named” datasets. However, not all websites have this functionality. What is your strategy for getting users to register and consent to you marketing to them in a one-to-one context?
- Consider what systems you have in place to maximize the value of your first-party “named” data. A primary benefit of having registered users and named datasets is the ability to then integrate information for those users across devices, domains, even layering in offline information. The unique persistent identifier provides the “key” to join disparate user datasets and unlock the power of integration.
- Review the architecture of internal data warehouses. As I mentioned above, it’s much easier for regulatory compliance if your data is integrated into a single platform. It is also much easier to analyze and use that data to build models.
- Identify the core initiatives you have to analyze the data you’re collecting. Review your first-party data modeling practices and techniques to determine any opportunities for growth. If you have a strong first-party data collection process, what are you doing to make the most of the information? What types of analysis are you running?
You Must Lay the Groundwork
It’s natural to have many questions about the impact of privacy changes. What regulations are on the horizon? What’s FLoC? Can FLEDGE change remarketing? Keeping up with the ins and outs of the latest technology is a job in and of itself, and many solutions are still in the testing phase.
Don’t get bogged down by the flurry of new developments before you even start. Instead, take a deep look inside your organization. Analyze your current reliance on third-party cookies and how you’re using first-party data, and you will be better positioned to tackle whatever changes are on the horizon.
At the end of the day, the true key to success will be collecting first-party data about your consumers and maximizing how you use that data. All of the questions above will help you lay the groundwork for that strategy, so you can make sure you won’t have any cracks in your foundation.
Once you know where your organization stands, you’ll be able to consider more concrete tactics, such as investing in the cloud, analytical modeling, and developing better first-party data strategies.