Evolving privacy-first dynamics and a cookies refresher
The best of the best businesses are finding it difficult to access, secure and use consumer data effectively.

Your team may be feeling the heat too with the increasing need of real-time, consent-ready customer data. Here are three businesses’ experiences we can take note from as we navigate the changing waters.

There wouldn't be a list of the most innovative technology companies without Apple and Microsoft in it. Unfortunately, these two companies will also occupy a list of companies who have been fined by privacy regulators for violations of data privacy laws or practices. France's privacy watchdog CNIL imposed fines of $8mn and $60mn respectively on Apple and Microsoft in early 2023, for allegedly breaching European privacy laws. What are they being accused of? Microsoft is being fined for not providing just as easy a way of rejecting cookies as they had for accepting cookies, while Apple is being accused of not getting consent from mobile users as it put identifiers into their mobile devices to allow for targeted advertising.

It is not just the big companies taken to task for privacy violations. Easylife Limited, a 50-member retail catalogue company based in the UK, was fined £250,000 by the Information Commissioner's Office (ICO) for breaching the GDPR and another £130,000 for over a million unsolicited direct marketing calls which is a breach of the Privacy and Electronic Communications Regulations (PECR). 

As consumers, we can all appreciate and celebrate governments and technology players getting serious about privacy and data protection. The European Union kicked off with stricter web privacy standards with the Cookie Law that mandated websites to get visitor consent before any files were exchanged or tracking enabled. Apple in 2017 prevented cross-site tracking of users with its Intelligent Tracking prevention update and then in 2018 deprecated all third-party cookies in Safari, and so did Firefox in 2019. Google Chrome's been pushing out dates on deprecating third-party cookies since 2020 but looks like this will finally happen in Q3 of 2024. So 2025 would be the Internet's first full year of cross-site, cookie-less browsing.

A decade and more of web privacy developments

Before we discuss the big bang effects of Chrome shutting off third-party cookies, let’s do a quick refresher on first-party and third-party cookies. Here’s a good summary borrowed from Techtarget.

A first-party cookie, say from techtarget.com allows Techtarget to ensure your language preferences and site form fills are maintained every time you visit their website, while a third-party cookie, eg Facebook's share button on Techtarget's site, can track your browsing behaviour outside of Techtarget, and use that data to show you targeted ads on Facebook and other network sites. 

While third-party cookies are being phased out, first-party cookies will remain a key tool for businesses to collect and use consumer data in a responsible, privacy-conscious manner. In fact, the GDPR allows for essential first-party cookies to be deployed without the need for user content. We must note though that first-party cookies are not being stored indefinitely by browsers. Which means the guest visitor who put in an item in the shopping cart may not find it there ten days later. 

Here is a table showing how long by default these cookies are stored by the various browsers.

Many business leaders have come to respect the adage ‘data is the new oil’ but are yet to build capability within their teams to comply with evolving privacy and governance needs around customer data. The industry continues to evolve ever since Apple’s Intelligent Tracking Prevention update and the GDPR in 2018, and some might say, making business operations harder and riskier. It really is a case of the glass half full or half empty. Businesses and teams who keep abreast of the evolving needs of their customer’s privacy will find a new differentiator in the loyalty and trust bestowed on them by their customers. 

As platform providers for Customer Data and Engagement, ZEPIC is embracing the privacy-first world that’s about to be hit by the Chrome cookie apocalypse. We are cooking up one of the easiest ways of collecting data across web properties and applications without any reliance on third-party cookies. If you are looking to improve your data collection, customer profiling, targeting and personalization, we’d love to chat. hello[at]zepic[dot]com.

The cookie apocalypse is really a Y2K moment for many of us! In our next post we dig into the immediate business effects of the third-party cookie phase-out.

Ofcourse we had to try Midjourney for "cookie apocalypse"

Recent blogs post