A comprehensive look at tracking and privacy concerns in 2023

Have you ever wondered how the multi-touch attribution process tracks individual users?

How can it recognise that the person who viewed an Instagram ad on their smartphone yesterday, clicked on a search result on their desktop today, and then made a purchase is the same individual?

The answer lies in creating a chronologically ordered list of all the marketing touchpoints that the user encountered. This list strings together every touchpoint to paint a complete picture of the consumer journey.

At the core of modern multi-touch attribution methodology is the ability to track consumers and their exposure to various marketing touchpoints. Several tracking technologies are employed to achieve this, including cookies, pixels, and tags.

Let’s explore together what they are and how they relate to data privacy.

Defining cookies

Cookies are small text files that are stored on your device when you visit a website. They help the website remember your preferences and activity, like the items in your shopping cart or your login details.

There are two primary types of cookies, first-party and third-party cookies, and they each have their unique characteristics.

First-party cookie is data your company has collected directly from your audience, whether customers, site visitors, or social media followers. There is no third party collecting the data or getting in the way of collection. It’s just you and your audience.

Third-party cookies, on the other hand, are created by a domain other than the one the user is visiting. They are often used for advertising and tracking purposes and can be used to collect data about a user’s browsing behaviour across multiple websites.

Marketers have grown reliant on third-party cookies, but Google announced its intention to phase them out in 2024. According to eMarketer 88% of brands believe this decision will significantly impact businesses’ ability to scale.

But failing to grasp the importance of dealing with the consequences of a future without cookies can be risky for many businesses.

Another thing to note when it comes to the ending of third-party cookies is the increasing role of zero-party data.

Zero-party data is data that is purposely and willingly shared with a brand. It is gathered through direct interactions between brands and customers, such as via quizzes, questionnaires, direct messages, and more.

Privacy concerns surrounding cookies

Cookies and data privacy regulations exist along a spectrum, with certain types of cookies being more or less invasive.

Cookies that are necessary for a website to function are generally accepted, while cookies that track browsing behaviour from site to site or store sensitive information can be concerning.

Privacy regulations also have varying attitudes towards cookies. For example, The ePrivacy Regulation requires websites serving EU citizens to obtain user consent before loading any cookies except for strictly necessary ones.

At the opposite pole lies The California Privacy Rights Act (CPRA) which only requires businesses to notify users that the website will be using cookies and provide them with the option to opt-out of tracking personal and sensitive information.

The key consideration with cookies and digital tracking technologies is whether they collect personal information or not.

Defining tracking pixels

You’re probably familiar with the general definition of pixels as the smallest units on a digital screen. When it comes to tracking, they are used in a specific way.

Tracking pixels are 1×1, transparent images that are embedded in a website, email, or advertisement and contain a link to an external server.

When a user interacts with an email, navigates to a website, or views an ad with a tracking pixel, the user’s browser downloads the invisible image file. This triggers a request from the pixel server, providing the server owner with information such as:

• who downloaded the pixel
• the operating system and browser used
• the time of interaction
• the IP address

This information can be used for various purposes. Marketers are using pixels to determine when a visitor has clicked on an ad and then made a purchase.

Privacy concerns surrounding tracking pixels

If you use tracking pixels, same as for cookies, you most likely gather some specific personal data. The use of pixels raises a number of concerns since they are not visible on a website or email, and users are unaware they’re being tracked.

Under main privacy laws, you are required to disclose whether you collect any personal data that can be used to identify an individual. It is the case with pixels and therefore, you have to:

• specify your use of tracking pixels in your privacy policy;
• request user prior consent to using these technologies (European laws);
• provide a means to opt-out (US laws).

Defining tags

Tags are small segments of code that execute when a website loads. Usually written in HTML or JavaScript, tags describe a function or element on a website.

There’s a lot of overlap between tags and cookies and pixels.

Cookies and pixels are typically set by tags. This means that if you want to block a cookie, you can target either the cookie itself or the tag that sets it.

Privacy concerns surrounding tags

In terms of data privacy, tags play a significant role as they set tracking technologies such as cookies and pixels.

As a result, businesses that are subject to data privacy regulations may develop additional infrastructure to allow or block tag scripts from firing based on whether the visitor has consented to data collection. For example, if a user rejects marketing cookies, the associated tags that set those cookies won’t fire.

There are various laws and regulations that address privacy concerns surrounding tags. For example, General Data Protection Regulation (GDPR) sets guidelines for the collection and processing of personal data, including through the use of tags.

5 tips to achieve compliance

Understanding the various tracking technologies and how they relate to data privacy is just the first step. Here are 5 tips that can help you comply with all the requirements:

• Provide clear and concise information — When requesting user consent, provide clear and concise information about the types of cookies you use, how long they will be stored, and what data will be collected.
• Conduct regular audits — Conduct regular audits of your data collection practices to ensure compliance with relevant regulations, such as the GDPR or CCPA.
• Select a cookie consent management platform — It will help you achieve compliance. Cookiebot or OneTrust are great examples.
• Use Google Analytics 4 — The latest version of Google Analytics uses a different tracking mechanism that doesn’t rely on cookies.
• Educate users — Misinformation and failure to educate and offer privacy options to users are being perceived as bad for a brand as data breaches. Good transparent & educational practices are key to building brand trust and gaining consumers’ loyalty.

If you’d like to know how we can help you be compliant, get in touch with our team.