I’m sorry, but before you start reading this article I have to ask . . . do you accept cookies?
If you have been on any website at all in the last 12 months, it might feel like it’s a question you get asked a dozen or more times per day.
In theory, this should have been happening in Ireland since 2011, when the ePrivacy Directive (commonly referred to as the “cookie law”) became law here. In practice, however, these cookie notices have become much more widespread since the General Data Protection Regulation (GDPR) came into effect in 2018 – with heavier penalties and a promise of stronger enforcement, it seems.
How will this affect consumers, businesses and marketers? The answer on all fronts here is probably best understood by looking at the trade-offs involved for each group. These new laws, and the rest that will come in future, have both benefits and costs to all groups, which can probably be best summarised as “great intention with clumsy implementation”.
To understand the effects on business and consumers, it helps to understand a bit more about these laws and their intentions. At a broad level, the European Union believes that the individual citizen should be in control of their own data. If a company wishes to access this data or create data about the individual, they have to ask for consent. They have to do so in a way that is easy for the individual to understand what the company is asking for and they have to get a clear and explicit “yes” in response.
Advertising ecosystem
It sounds straightforward, but these are not the principles upon which much of the internet has been built over the last 20 years. In particular, end-user consent hasn’t factored very large in the digital advertising ecosystem, and its introduction has thrown the industry into a state of flux.
The largest piece that the ad ecosystem will lose during this transition is “persistent context” from third party cookies. For example, if you are reading this article on the Irish Times website, there might be an ad at the top of the page, maybe for an airline or an energy company. But have you already seen that ad once before elsewhere on the web? Maybe this is the 10th time you’re seeing it?
The Irish Times website can know if you’ve seen it on a different article, with a first-party cookie, but it can’t know what you might have seen on other websites. A third party (such as Google) could know that if their cookie is placed on all websites you’ve visited. And now, they’ll only know that if you agree to let them track your viewing activity on each and every website you visit.
If consumers no longer agree to this form of tracking, then companies will have less context within which to choose whether or not to show someone an ad. This is obviously wasteful for advertisers, but it can also be annoying for the end-user who sees the same ad for the 10th time that week.
On the other hand, a lack of "persistent context" is something many consumers will enjoy, escaping from the feeling of being followed around the web with ads for that product they looked at once but chose not to buy.
There are other areas of marketing outside of cookie-based advertising, like email marketing, where the ecosystem has evolved with "opt-in" consent as a foundational part of the model. In email marketing, everyone reacts negatively when the consent is broken (we call that spam) and consent-based persistent context can be a net positive on all sides.
People generally like receiving offers and promotions that are relevant and interesting to them. When a consumer gets an email offering them 20 per cent off a product they just bought the previous day, neither they nor the marketer is happy with that – better targeting and use of data would benefit everyone in this situation.
That is where the conflicts are now arising. Advertisers want the persistent context that cookies provide, but everyone finds it cumbersome to consistently request and confirm the consent to do so. Some of the business models in the ecosystem even relied on an absence of consent and I think many won't be able to adapt. As a result, consumers are being inundated with cookie notices and starting to get "consent fatigue".
Some of these cookie notices will even cookie you before you do or don't click "agree". It's all quite early days, and the transition is still quite haphazard.
So where do we go from here?
At a regulatory level, the EU is working on the replacement to the ePrivacy Directive, called ePrivacy Regulation, which will come into effect in the near future. Part of its intention is to streamline the rules around cookie policies.
At the consumer level, many people will want to opt in to ongoing relationships with brands and organisations that they trust. In all likelihood, options will emerge that allow consumers to manage these opt-ins in a simpler and less time-consuming way.
For example, being able to tell your browser to always accept a certain level of cookie, like Google Analytics, or on a certain set or category of websites. This could happen in your Chrome, Firefox, Safari or Brave browser, or in your iOS or Android operating system.
If the law doesn’t move in this direction then it’s likely that the technology providers will. Even if the EU hadn’t started rolling out new rules to protect user privacy, Apple likely would have, and both will continue to do so.
First-party data
For companies, advertisers and publishers, the use of first-party data will become much more important and much more powerful. If your digital strategy doesn’t include targets against opt-ins and consent-based databases over the next three to five years, then it really should.
In many ways, companies will have to execute digital implementations of some of the oldest business strategies: form relationships with your customer based on mutual trust; and deeply understand how they interact with your service offering and how they like to hear from you.
Do this through your data and digital strategies and you’ll build a competitive moat that other industry players – those who rely on third-party data and anonymous cookies – will not be able to compete with because of continuous changes in both law and technology.
In the 2020s, digital will be less about specific targeting practices and more about old-fashioned strategies of loyalty, advocacy and relationship building.
Peter Tanham is a co-founder of Nimble Metrics, an analytics and data consultancy who partner with Dentsu Aegis Network