Google’s planned cross-site tracking changes for Chrome are far from earth-shattering, and with a few safety checks, you should be good to go. Let’s take a look at what Google has planned and what folks in the ad tech and martech world need to do.
How Google Chrome’s privacy update affects ad tech
In February of 2020, Google will be implementing a new secure-by-default model for cookies, enabled by a new cookie classification system. This system will stop sending third-party cookies in cross-site requests unless the cookies are secure and flagged through SameSite, which is meant to prevent the browser from sending the cookie along with cross-site requests.
While SameSite is not a particularly new concept, this will be the first time a secure cookie flag will be a requirement for those using Chrome — not just a best practice, as it has been up until now. Google plans to implement these new requirements with Chrome 80 on February 4 as the first step in a larger multi-year plan to phase out support for third-party cookies, leaving the ad tech and martech industry with just a few weeks left to make the necessary tweaks to ensure their cookies continue to function properly.
The Google Chrome update means a little change, but a lot of hype for ad tech
Given similar changes that have already been made by browsers like Safari, this new update from Google is not something that should send advertisers into a panic. If anything, these updates are part of the ongoing trend in creating more stringent policies regarding data and privacy. While Google represents the most immediate change, Mozilla and Microsoft both have similar updates planned in the future. But while this may soon become the new norm, advertisers need to prepare now in order to avoid data loss and chaos later.
When it comes to privacy updates, fortune favors the prepared
So, what steps should anyone in the ad tech industry take to make sure they aren’t caught unaware in February? First, any organization that hasn’t already moved to HTTPS must do so before the changes go into effect, or risk having their cookies discarded by Chrome. Second, any tech vendors that use tracking cookies will have to set SameSite cookie attributes with one of three values: “strict,” “lax,” or “none.”
A setting of “strict” means that a cookie will not work on any website other than the domain in which it was placed. A setting of “lax” allows cookies to be shared across domains owned by the same publisher, and a setting of “none” allows full third-party cookie sharing, providing other security requirements are met. Today, “SameSite=None” is the default within Google Chrome, but beginning in February, developers will have to manually enable “SameSite=None” in order for cookies to continue working. If they do not, cookies will automatically default to “SameSite=lax,” and will cease working across all websites.
What do Chrome’s privacy updates mean for Impact clients and partners?
To be sure that you won’t experience any tracking dropoff come February 4, you just need to double-check that you’re using secure (HTTPS) tracking links. The default setting within the Impact platform is to use HTTPS links, but it’s possible to manually switch to unsecure (HTTP) links. If you never consciously switched to HTTP, you are probably fine. We’ll remove the HTTP option soon, but in the meantime, partners should also double-check that the links they pull are using HTTPS. The second part of the equation — the SameSite cookie value — is done entirely on our end. Our engineers are changing the way that we set all our cookies across the platform to make sure we are compliant with the new rules. There’s nothing you, nor your partners, will need to do on that front.
What’s the future of cookie-based tracking?
Given Google’s expressed intent to “make third-party cookies obsolete,” it’s clear that the industry needs to be prepared for a world without the ability to track users with third-party cookies. As we’ve said before in the context of Apple’s ITP, the best way to future-proof your partnerships program is to take advantage of server-to-server tracking — in other words, APIs. We believe APIs are the future of online tracking, and not just because they provide a way to circumvent browser policies. When an advertiser can communicate directly with a tech platform without relying on a browser as an intermediary, it means better attribution and less sharing of user data — and that’s a win for everyone.
Want to know the latest on keeping your partnership programs running smoothly and profitably? Contact a growth technologist at firstname.lastname@example.org and we will help you get there.