Advertiser Integration Solutions for ITP 2.2 and Beyond

Apple’s Intelligent Tracking Prevention (ITP) feature, first released in September of 2017, has imposed greater restrictions on cookie-based tracking behaviors with each release. The most recent release, ITP 2.2, limits certain cookies set in first-party contexts using document.cookie, to a maximum of 24 hours.

This is part two of a series discussing recent digital privacy trends. In part one, we discuss CJ's philosophy; here we share our technical approach.

With this and earlier feature enhancements, Apple intends to improve consumer privacy and data security by preventing the use of cookie technologies to track customer behavior across the internet. An unintended side effect of the setting is that ad-tracking attribution technologies, like those used in affiliate marketing to tie online conversions back to referring publisher websites, are also impacted.

Regardless of an advertiser’s current integration, we highly recommend putting time on your roadmap to ensure that the data needed to sustain CJ tracking, and ad-attribution tracking across your broader digital channels is stored server-side, beyond the reach of client-side browsers.

Google Chrome’s Privacy Update

Google has announced updates to Chrome slated for end-of-year in accordance with the California Consumer Privacy Act (CCPA) deadline. These updates will further impact browser-based cookie and tracking behaviors. Based on details announced so far, the update will require web developers to specify the intent of each cookie they set on a site, by classifying its use as same-site, or cross-site. Google will then allow users to clear or block cookies based on varying purposes, placing control in the hand of customers through a browser extension.

In essence, users can make more informed choices based on Google’s new requirement to specify cookie intent. Chrome will also more aggressively restrict fingerprinting tracking methodology (which CJ does not employ). Google has not announced a release date yet and, as we hear more about dates and features, we will continue to keep you all up to speed.

Update: As of the Date of publication, Mozilla announced that new installments of their Firefox browser will disable 3rd party cross-site tracker cookies by default. For now, CJ’s Cookieless Tracking integrations will preserve tracking for transactions where 3rd party cookies are blocked. We expect that future enhancements will impose greater restrictions on client-stored cookies and will ultimately encourage server-side implementations.

CJ Integration Options Help Advertisers Remain Successful in an Ever-Changing Privacy Landscape

It’s imperative that our integration solutions continue to respect the direct relationships clients have with individuals. With that in mind, we’ve developed new integration options, with a client’s website and/or a server-side implementation, designed to sustain long-term affiliate relationships—while honoring consumer privacy rights. These future-focused integrations will minimize the frequency of requests for development resources from clients.

The good news: at a network level, the majority of transactions occur within 24 hours of the last referring click. Most of our advertisers have implemented our Cookieless Tracking solutions, and CJ does not use fingerprinting in any capacity. That said, we recognize that some Publisher models and Safari-strong brands will experience greater impact with ITP 2.2. Even as browsers limit the referral windows for ad attribution, the affiliate industry is embracing upper-funnel Publisher models in acknowledgement that the customer path-to-purchase can be a research-based journey. As a network, we are exploring new ways to recognize influence along the entire customer shopping journey, and our browser-based adjustments will apply as a method to preserve partnerships that experience the greatest impact—until long-term solutions can be implemented on the advertiser side.

We believe in consumer privacy and transparency. It’s every marketer’s and technology provider’s responsibility to find a balance between a privacy-first approach to consumer data and the ability to provide consumers with the most relevant experiences possible. Both concepts are core to what we do as a business and will continue to be core going forward. The shifts in technology restrictions due to privacy have been rapid, and unprecedented, and impact the entire digital industry. This includes CJ, our clients, partners, technology providers, and our competitors. It’s necessary for all companies to be agile and adapt to these changes, as these shifts are not anticipated to slow down.

• Traditional Tag: Traditional tag integrations place a tag on an advertiser’s conversion pages to report basic order details to CJ’s tracking servers. When the tag fires, we check the customer’s browser for cookies which tell us information about the referring publisher, the link or ad that the consumer clicked on, and the time of the click. When we find a cookie on the browser, we match it to the transaction and validate the transaction against logic imposed by Program Terms. If we are unable to find or read a cookie value, but the advertiser is capturing and passing the CJ Event ID in their conversion tag, we are able to do the same attribution we normally do when we can read our cookie. This implementation is at risk for tracking loss with the introduction of ITP 2.2, if the first-party cookies that capture CJ Event ID values are set using document.cookie. We recommend advertisers schedule time on their road maps to future-proof their integration with one of our server-side solutions and ensure their internal analytics are correctly attributing the revenue driven by affiliate channel partners.
• Batch Transfer: Batch integrations require advertisers to send conversion data to CJ on a regular cadence in a delimited or XML file. The transfer method is not real-time, and limits which platform and network features advertisers can leverage while providing less transparency for publishers than other methods. This tracking method may also be subject to tracking loss due to ITP 2.2 if clients use a URL parameter like source=CJ to write a first-party cookie using document.cookie to store the referring click data (AID/PID/SID or CJ Event) to pass back to CJ for attribution.
• Server-to-Server: Server-to-Server implementations allow advertisers to send conversion data to CJ’s tracking servers, directly from their servers. This method, while seemingly decoupled from the customer’s browsing experience, still requires that the advertiser capture, store, and pass back the Event ID CJ passes on the click. If the advertiser is using a cookie set by document.cookie to store the Event ID, that cookie will be deleted after 24 hours with ITP 2.2.

We recommend advertisers evaluate how their site captures and stores CJ’s Event ID to ensure that they can pass back the correct data to CJ beyond the 24-hour window imposed by ITP 2.2.

CJ’s Server-Side Solution, Tagging, and API Integration

We cannot stress enough how essential it is that advertisers put time on their roadmap to future-proof their integration. Our approach is designed to provide advertisers with CJ’s most robust integration standards that will protect affiliate program tracking integrity from the impact of browser policies, such as ITP 2.2, Firefox Enhanced Tracking Protection, and beyond.

Please contact us if you are interested in learning more about our server-side solution suite or would like to collaborate on future developments.

--

Curious to know more about the philosophy behind CJ's privacy solutions? Make sure to read part one of this series, What in the World Wide Web: Moving Forward in the Face of Privacy Changes.

Read Part 1