Whether you rely on 1st or 3rd party data, browsers’ tracking restriction will impact us all equally

  • Posted by Mathieu Roche
  • On Sep 19, 2019

Recent announcements about Safari and Firefox’ restrictions to read and write third party cookies have sparked many press articles explaining that this would signal the end of third party data and that first-party data would rule the world. Just because “data” and “cookies” can both be “First Party” or “Third Party” doesn’t mean these notions have anything to do with each other. The fact that a piece of information comes from a first or third party source is totally irrelevant to the discussion about browser tracking policies…in either case, you will be impacted by their decisions.

Let’s try to clarify this common confusion: 

  • For data, first or third-party relates to who the data is collected and used by first-party data is collected by the party that uses it, while third party data is collected by one or more providers that are different from the party that uses it. E.g.: 
    • Browsing behaviour collected on Website A and used by Website A = first-party data
    • Demographic details collected by Provider 1 and used by Brand 2 = third party data
  • For cookies, first or third-party relates to the server that places cookies on users’ computers: if cookies are created and stored by a server located behind the same domain as the website that the user is currently browsing, they are first-party cookies. If they come from a server located at a different address, they are third party cookies. E.g.: 
    • Cookie dropped by advertising.website.com when a user is on website.com = first party cookie
    • Cookie dropped by analytics-company.com when a user is on website.com = third party cookie

The distinction between first and third party data is irrelevant to the Safari & Firefox debate. Anti-tracking measures implemented by browsers relate to how information can be accessed technically, i.e. which cookies need to be accessed for the website (and its various components, including advertising) to operate. In most cases, data usage for advertising purposes relies on some kind of third party technology. Whether it is a DMP, a CDP, or even a proprietary data lake, the organisation and storage of user data is  outsourced to a specialised provider in most cases. This provider will use tags on pages to collect information about users, which will link to a third party domain and store user identifiers on third party cookies. In the rare instance where the collection and processing rely solely on first-party technology (e.g. technology operating from a sub-domain of the advertiser or the publisher’s domain), the ability to use that data in the programmatic ecosystem will require some kind of sharing with an external party -that is interaction with a third-party technology.

Sharing data between platforms is at the heart of programmatic advertising. It powers retargeting, audience buying, audience extension, bidding strategies, floor price optimisations, etc. And sharing data (whether it is first or third party) between platforms requires access to third party domains to at least be able to match identifiers and create a link between data sources. This logic underpins the entire programmatic ecosystem, and it simply doesn’t work when browsers prevent technologies to retrieve identifiers stored on third party cookies. 
In conclusion, whatever the source of the data you use for digital advertising, you will be equally impacted by the tracking restrictions imposed by browsers. For publishers, brands and ad tech platforms to continue to use data to optimise marketing activities, we need an infrastructure that doesn’t require client-side sharing of information. We need an identification system that can exist in a first party context (i.e. be created and managed by publishers and brands on their own domain) and be leveraged by the entire ecosystem. We need to rebuild the programmatic ecosystem on a shared identity foundation.