Internet’s users’ data protection policies are at the heart of industry in 2018. While the DGMP has challenged many companies over this, it still continues to be an important topic. Indeed, last June, Apple announced that it was working on an update of its user data protection system. The ITP 2.0 was released on IOS 12.0 in September 2018 and the apple brand is gradually deploying its new OS on all these compatible devices. Considering that iOS devices alone represent 19.5% of the smartphone market share in France, it can be said that this is not information to be taken lightly. But then what is ITP 2.0? What would be the consequences? What solutions should be adopted in the face of these last ones?

1. How does ITP work?

Before taking a deep look into the subject, let’s get back to the basics! What is ITP?

ITP (Intelligent Tracking Prevention) is Apple’s technology that aims to protect the privacy of user data on the web. More concretely, ITP 2.0 is integrated directly into the browser, in the case of Apple, Safari 11, to impose restrictions on tracking via cookies and specifically on 3rd party cookies.

Speaking of 3rd party cookies, let’s take a cookie break. In order to fully understand the ITP 2.0 update, it is vital to find out how they work.

As a reminder, a cookie is a text file installed on a user’s terminal through the servers of a site, with the purpose of collecting and storing certain user data (username, age, browsing habits etc.).

There are 2 main types of cookies:

• First-Party Cookies

It should be noted that the nominative “party” refers to the owner of the cookie.

First-party cookies are associated with the owner of the domain name on which users browse.

The purpose of these cookies is to improve the customer experience of a site and the relationship it has with its users. Indeed, they will make it possible to analyse the behaviour of Internet users and better understand their browsing habits in order to be able to offer them, for their next visit, a pleasant and fluid experience.

The second major change concerns trackers collusion. Indeed, with ITP 2.0, Safari will be able to detect when page redirections are used for tracking purposes only. That is, when a user is redirected to a domain used only to collect data before landing on the intended page. Thus, from the moment a domain is classified as having tracking capabilities, all other domains linked to it by redirections will automatically be classified as part of a collusion. The cookies collected will then be blocked and impossible to read for the domains.

Another obstacle stands in the way of marketers since Tracker Collusion Protection makes tracking difficult. Indeed, if only one domain is considered as a tracker, then all the domains linked to it will lose the cookies collected, whether it is the agency or the affiliate with which it works.

• Third-Party Cookies

Here cookies are not placed directly by the site but by third parties, most of the time advertising agencies and/or Digital Marketing actors, in order to collect certain data (socio-demographic, behavioural etc.). This data will then be used to retarget, refine targeting or measure the impact of an advertisement for example. It is therefore on Third-Party Cookies that our core business is based.

And it is on these that we will focus in the case of ITP 2.0

2. How will ITP 2.0 affect (or not) the activities of the online advertising industry?

With ITP 2.0, Apple has therefore made it a point to protect users’ data even more by imposing certain restrictions on tracking. To this end, they have implemented 3 major changes.

• Deletion of the 24 hours of authorized tracking

Once the 3rd Party Cookies are placed on an Internet user’s terminal, ITP 1.1 gives 24 hours to third parties to follow them in their research and thus carry out tracking. However, in its ITP 2.0 update, Apple has decided to remove this 24-hour tracking time. This means that it will be impossible to track or retarget without being reported as trackers. In addition, if no interaction with the user takes place within 30 days, existing cookies will be purged. This means that the third party will not be able to access it and that all new cookies generated by this user will be blocked and unusable.

ITP 2.0 then poses a major problem for the online advertising industry as it makes it impossible to use Third-Party Cookies, which are at the heart of the tracking process. So, how can we discern the customer experience without using 3rd-party cookies? How to remunerate affiliates without knowing the source of the value generated?

• Tracker Collusion Protection

The second major change concerns trackers collusion. Indeed, with ITP 2.0, Safari will be able to detect when page redirections are used for tracking purposes only. That is, when a user is redirected to a domain used only to collect data before landing on the intended page. Thus, from the moment a domain is classified as having tracking capabilities, all other domains linked to it by redirections will automatically be classified as part of a collusion. The cookies collected will then be blocked and impossible to read for the domains.

Another obstacle stands in the way of marketers since Tracker Collusion Protection makes tracking difficult. Indeed, if only one domain is considered as a tracker, then all the domains linked to it will lose the cookies collected, whether it is the agency or the affiliate with which it works.

• Origin-Only Referrer

In a further effort to protect user data, Apple has decided, with its ITP 2.0, to no longer provide complete user URLs to the site they arrive at. Instead, the reference URL will be shortened to include only the root domain name. Indeed, a URL can contain a lot of information such as user path details, first and last names, age etc. In concrete terms, if a user comes from https://store.example/baby-products/strollers/deluxe-navy-blue.html then the referencing reports would be limited to indicating only https://store.example/.

Thus, with ITP 2.0, Apple aims to make user data protection much more efficient by strengthening the measures taken to track and manage third-party cookies. But, taking into account the consequences of this update, how will TimeOne adapt its strategy in order to comply with it and exercise its core business?

 3. TimeOne’s response to ITP 2.0

Given the blocking of third-party cookies from the ITP 2.0 update, the current digital ecosystem is aligning with a first-party system only. And if our environment changes, then our technologies must adapt to it.

As TimeOne’s objective is not to replace third-party systems, we have decided to focus on first-party systems for the collection of navigation data. To this end, we have implemented Tag Management solutions designed to fill the gaps that ITP 2.0 could create for our tracking technology.

As a reminder, Tag Management refers to the management of tags deposited on one or more sites. Tags are tools used to display third-party elements (advertising elements, social recommendation modules, etc.) on the site on which they are implemented or to have a tracking function giving rise to audience or conversion measurements, for example.

At TimeOne, we rely mainly on two JavaScript tags:

• Conversion tags that record the conversion and some information about it.
• Universal tags allowing to manage all third-party tags present on a site.

Once implemented, its tags will allow us to track the user on the site and collect tracking information.

However, these first-party solutions can only be applied if the entire advertiser’s site is tagged with a universal tag and the conversion pages are tagged with a javascript conversion tag. It is therefore essential that your site is fully tagged. Otherwise, a single forgotten page may result in the loss of the user’s tracking. To do this, TimeOne teams are committed to supporting each of their advertisers to ensure that their devices are well integrated and functional.