For years, marketers have relied on data. Whether first- or third-party, data fueled the targeting and personalization that drove relevant online engagements. But with the many changes flowing from the GDPR and CCPA privacy regulations, it feels like the rug has been ripped out from under us. The good news is there is a path forward.

Below we consider the changes that have arrived, those quickly approaching, and some strategies and tactics to prepare to meet them all. But first, to ensure we’re all on the same page, let’s begin at the beginning.

What are cookies?

At their most basic, cookies are sets of data collected and stored in a user’s browser. By storing information such as language preferences, passwords, identifiers (such as IP address, Geo, etc.), cart items, and other past behavior, cookies help keep our internet surfing smooth.

Cookies come in two main types:

  • First-party
  • Third-party

First-party cookies

To enrich your experience, first-party cookies are created by and maintained for the sites and apps you use. Take, for example, a common experience: looking for shoes.

You visit a site, find the shoes you want, put them in your cart, and then decide to sleep on the decision before purchasing. When you return to the site the next day, the shoes are still in your cart. You have first-party cookies to thank.

First-party cookies store not only carts, but also privacy settings, consent, preferred layouts, and other preferences and identifiers.

Third-party cookies

Third-party cookies are a bit thornier. Set by other sites, third-party cookies track and collect information on your online behavior across sites. By seeing where you go and what you do online, third-party cookies can connect your browsing behavior across the sites you visit to better understand your likes and dislikes, desires and preferences, etc.

On the positive side, organizations can use this information to filter the seemingly endless deluge of online content to offer you the information, advertisements, or products you’re actually interested in. On the negative side, third-party cookies always track your online behavior, and the data they capture has the potential to identify you and even glean insight about very personal matters, such as sexual preference and political affiliation. This is part of the reason privacy advocates have been decrying the use of third-party cookies for years.

The good news for privacy advocates (and all of us concerned with personal privacy) is that third-party cookies have expiration dates coded in; most persistent third-party cookies expire after two weeks. But not all.

The ePrivacy Directive, a 2002 EU injunction, states that cookies must expire after 12 months. Many cookies, however, remain on your computer or other device for much longer. In light of this and other privacy concerns, governments have been working on ways to regulate and enforce limits.

Regulating cookies

While recognizing that not all cookies fit neatly into them, the EU’s GDPR places cookies into four boxes, and regulates them in different ways:

  • Strictly necessary cookies (generally 1st-party; only cookies not requiring consent)
  • Preferences cookies (generally 1st-party)
  • Statistics cookies (1st- and 3rd-party)
  • Marketing cookies (generally 3rd-party)

According to the GDPR, any cookies that can be used to identify you are considered personal data and are thus subject to the GDPR’s regulatory requirements. This regulation, alongside California’s CCPA, is set to bring huge changes for marketers, who have relied on 3rd-party cookies for critical aspects of their job:

  • Reaching new prospects and customers
  • Personalizing online engagements
  • Managing campaigns
  • Measuring marketing performance

What’s changing?

For marketers, the short answer is everything. To understand why, let’s return to that long-ago-forgotten year of 2019.

7 out of 10 marketers see the death of 3rd-party cookies as more impactful than both the GDPR and CCPA.

This was the year the cookie crumbled. Fine, not all the cookies crumbled (and, yes, I fully embrace being a cheeseball). So, what did occur? Apple and Google both released statements saying they will be banning third-party cookies from Safari and Chrome respectively.

While this announcement doesn’t foretell the death of the cookie, it does portend a certain death; namely, the death of third-party cookies and thus marketing as we’ve come to know it, which has relied on third-party cookies to track, understand, and engage with prospects and customers. This is why 7 out of 10 marketers see the death of third-party cookies as more impactful than the two biggest pieces of online privacy legislation: the GDPR and CCPA.

Both Safari and Firefox have already banned 3rd-party cookies, IOS is doing so this year, and Chrome, which accounts for 48% of American browser traffic, was set to do so in 2022. Just recently, however, Google announced that they're pushing this back to 2023. While this welcome news buys marketers and advertisers some more time, the reality is the change is still coming and now is the time to prepare. When considered in light of another reality we all know well — ever-heightening customer expectations — it’s no wonder many marketers are anxious.

First-party data to the rescue?

You’re likely already wondering if first-party data will be able to help. Let’s start with the short answer again: yes. You can get to know your customers by using first-party data. However, the longer answer requires you considering how you can reciprocate for collecting it while also being intentional and transparent about how you do.

Here are some best practices for preparing for the death of third-party cookies.

Take stock

The first thing to determine is what data you’re currently using. To ensure compliance with GDPR and CCPA, most organizations have already begun (or finished) this process. But if you haven’t, a good place to start is by considering what you’re using third-party cookies for — identifying people, targeting advertisements, and measuring attribution are some of the most common uses.

Once you know where you’re at, you can determine where you need to go.

Develop a strong, consistent, and privacy-centric data strategy

Low-quality data can lead to poor cross-channel experiences and visitor frustration. This is why your first-party data capture must be accurate, aggregated, and analyzed.

Data accuracy can be assured by implementing good data hygiene practices that increase onboarding and reach rates now. You may need to clean your current data as the first step in implementing a new, accurate approach.

Aggregating your data might mean merging customer profiles from across lines of business, brands, or both. It could also mean considering your strategy around walled gardens, such as Facebook, Amazon, and Google. Sitecore CDP can sync first-party website data with first-party Google analytics data, as one example. (Even though these are first-party cookies, consent is still required.)

A customer data platform (CDP) can support personalization and help optimize conversion rates by linking every interaction on other channels belonging to your website including CRM, social media, e-commerce platforms, and apps. A CDP acts as a central repository for your martech stack. Through gathering first-party omnichannel data and merging email addresses, telephone numbers, and other personal information, it improves the accuracy of your profiles. Another avenue of support for aggregating data is Adtech vendors who are collaborating to support Universal IDs.

In addition to the above, you need to determine the tools, skill sets, and processes that you’ll need to have in place to pull insight from your data. This is where AI and machine learning can offer critical support. On the right platform, AI will do the heavy lifting for you.

With the right systems and processes, every engagement can be analyzed for insight. This planning stage is thus also the time to take a look at workflows and consider implementing different approaches, such as agile, to your marketing.

Let CX drive

Like everything else, data strategy isn’t carried out in a vacuum. As Sitecore’s CMO Paige O’Neil says, your customer experience (CX) should be the North Star of any digital strategy, including a coherent data strategy.

If you can’t draw people in to begin with, it doesn’t matter how much data you can collect. Likewise, if you don’t have unique journeys planned for various personas, the insight capture from your data gained and analysis won’t be very helpful.

It’s worth highlighting something critical that we marketers tend to forget from time to time: whether you’re in a B2C, B2B, or B2B2C context, your visitors are human beings.

While third-party cookies have been effectively legislated away, this legislature would never have passed if end-users were being respected. Targeting became blatant and creepy. Opt outs were ignored. People began to be seen as nothing more than data flows to be manipulated.

It may sound hokey, but it’s true — at the end of every CX strategy is a person. If you’re going to listen to them, you need to follow their cues, respect their wishes, and communicate appropriately. If someone didn’t engage with the first 3 to 5 messages, for example, chances are they’re only going to be annoyed with the next.

Your data strategy should serve your business. But the focus should be on serving your customers, and this service starts with the customer experience. If you’re interested in learning more about how to orchestrate a cross-channel customer experience, this on-demand webinar, “Orchestrating a customer experience across marketing channels,” has some great ideas worth checking out.