“What is 2nd party data?” It’s a common question among marketing professionals looking to create a data-driven marketing strategy.
I’ve Heard Of 3rd Party Cookies, Do 2nd Party Cookies Exist Too?
Spoiler alert: 2nd party cookies don’t exist; a browser only recognizes 1st party cookies (those which exist and are set on your own domain), and 3rd party cookies (those which are set on other domains). In fact, if we’re being really pedantic, 3rd party cookies don’t exist either – all cookies are 1st party, but it’s the context in which they are accessed which determines if they’re treated as 3rd or 1st party. Each time a web resource is accessed, any cookies set for that domain are sent back to the server that served the content, but in a browser that blocks 3rd party cookies, such as Safari, content from any server that does not share the same domain as the primary content, will not receive any cookies, so the server won’t be able to tell if it’s seen this user before or not.
Here’s a refresher on 1st party (1p) and 3rd party (3p) cookies:
Why, then, are we talking about 2nd party cookies at all? In the past, we have received questions from customers about 2nd party cookies, when in fact, they really meant 2nd party data. If this all sounds a little too technical for you, don’t worry – there’s plenty more here to get your teeth into that doesn’t require a PhD in Computer Science!
Using Second-Party Data With Tealium
Using second-party data within Tealium isn’t actually any different technically than using 1st party data, as it is really just another company’s 1st party data, which also means it tends to be very high quality.
There are a number of ways to get 2nd party data into the Tealium platform, and they are largely the same methods you would use to ingest 1st party data. It’s worth noting that whichever method you use will require a common visitor identifier between your company and the external partner; typically something like an email address or phone number. This enables the use of Tealium’s patented Visitor Stitching technology, which can bring together multiple disparate visitor profiles into a single place, and give you a holistic view of each and every customer.
Importing data of any kind can be achieved in Tealium using one of the following methods:
- HTTP API
The swiss army knife of data ingestion! The HTTP API can be used to import data from almost anywhere, without being tied to any specific programming language or platform. - Data Connect
In contrast to the other methods, which rely on data being sent to Tealium, Data Connect can actively monitor external systems, such as Salesforce, Google Sheets, Amazon S3 and Google BigQuery to pull data into Tealium based on triggers in your external systems, such as a customer record being updated in your CRM system. - File Import
The workhorse for bulk data imports, File Import allows data to be imported hassle-free into Tealium, with a simple UI for configuring things like visitor ID mappings; perfect for data where real-time updates are less important. - Language Integrations
Tealium has a whole host of integrations for different programming languages, such as C#, Ruby and Python. And of course, if you can’t find something here that fits your specific use case, let us know, and we’ll look into it.
Can 2nd Party Data Be Real-Time?
Glad you asked! In a lot of cases, 2nd party data can take a long time to travel from one place to the next, and by the time you realize your investment, the customer is no longer interested in what you have to offer. A CDP such as Tealium can significantly shorten the time taken to get value from 2nd party data, because as soon as the data is available, it can be actioned immediately. It’s simple to configure a Tealium AudienceStream Connector to be triggered as soon as any data import happens, which means you can immediately engage with a customer through a push notification to their mobile device, or an email. You could even combine this new data about your customer (for example, their favorite sports team), with location data, to send a hyper-personalized notification when they’re in the vicinity of a store that has the jersey for their sports team in stock. The possibilities really are endless, and Tealium can help you realize the value of your data from the moment you import it. To find out more about our new Data Connect and Data Sync features that can help with this, see our recent blog post on the different types of customer data:
https://tealium.com/blog/integrations/what-are-the-differences-between-internal-and-external-customer-data-sources/
Who Benefits?
2nd party data can bring benefits to consumers and businesses alike. Consumers benefit by securing better deals than they could otherwise get for products and services where brands have partnered with one another, and businesses benefit from knowing their customers better, and being able to deliver more relevant information and offers, ultimately leading to higher revenues.
Consider, for example, the case of a sports team who wants to sell their customer data to a sportswear vendor who sells their team jerseys. The benefits to each party are slightly different:
- The team earns money from selling the data, and potentially a revenue share from shirts sold by the sportswear vendor.
- The sportswear vendor can match the 2nd party data they have purchased against their own 1st party subscription data, and send personalized emails to their customers, promoting the shirt from the sports team they support.
- The customer gets a good experience, as they can navigate directly to the correct page to purchase their team’s shirt, and potentially also get a discount if the vendor offered one, or be the first to know about the new season shirt going on sale.
It can be a tricky line to walk, however; you don’t want to come across as “creepy”, and to that end, you should always be upfront with your customers and let them know their data may be used in this way. This leads nicely on to the next topic…
What About Consent?
Legally, 2nd party data can be a complex matter, and you should take advice from your own legal teams; this blog post does not constitute legal advice, although we have researched the topics to the best of our abilities. From a GDPR standpoint, both parties in a data sharing agreement are Joint Data Controllers, which means they bear equal liability for the lawful processing of their customers’ data. Should there be a breach by either party, both would be equally liable for damages, unless they can prove categorically that they were not responsible in any way. As with all other aspects of GDPR (and post-Brexit, UK GDPR), the user must have freely given their consent for their data to be shared, and both parties must have a lawful basis for processing the data, which may be different for each party in the agreement. A formal agreement between the parties is not strictly required, but is considered a best practice. Another consideration is CCPA in California, and the various other privacy laws around the US and around the world. CCPA is primarily designed to allow consumers to opt-out of their data being sold to 3rd parties, so any company subject to CCPA would need to carefully consider where they stand when it comes to using 2nd party data. Again, if in doubt, check with a lawyer!
Here are the top 5 questions we think you should ask yourself before using 2nd party data:
- Is the data being transferred internationally? If so, GDPR Chapter 5, articles 44-50 apply, and you must ensure that the country the data is being transferred to provides an adequate level of protection.
- Are you sharing only the amount of data required to achieve the intended outcome? A dating site sharing my marital status with a partner who is offering me a free streaming trial would likely be unnecessary, but there may be some other examples where it would be appropriate or necessary to deliver a specific service. This falls under the Data Minimisation principle of GDPR.
- How would I feel if this were my data? This is perhaps the most useful question to ask, and if you find that it makes you uncomfortable, that’s a good indication as to how your customers will feel too. A customer relationship is precious, and the last thing you’d want is for it to end on bad terms because you breached their trust or expectations.
- Is it clear to the customer what data you are sharing (and/or selling), and who you are sharing it with? Many organizations have a clause in their privacy policy that enables them to share data with 3rd parties, but this is usually covered by some generic wording that covers all data, and non-specific 3rd parties. If you know what data you’ll be sharing, and with whom you’ll be sharing it, then tell your customers when asking them to opt in. Not only will this give your customers the feeling that you are being responsible with their data, but it may also lead to higher opt-in rates; I’m much more likely to opt-in to data sharing if I can see an obvious benefit to me, as opposed to just getting the sense that my data will be sold to the highest bidder.
- Do you have the correct documentation in place for your data sharing agreements? This question could be critical should a breach ever occur, since if you have no record of where a customer’s data has been shared, you’ll have no way to inform them. This is an important component of the GDPR Accountability Principle.
Where We’re Headed
The term “data is the new oil” is something of a cliché these days, but it’s still highly relevant, and if we take the metaphor a little further, as with oil, it’s getting harder to extract, and just as controversial. In the days of 3rd party cookies, data was plentiful and very low cost (and possibly low-quality too, though that’s subjective). Now and in the future, the focus is rightly on high-quality 1st party data, and hopefully we’ve shown you here that 2nd party data can also be an important part of your data strategy, especially as opportunities to access 3rd party data are dwindling.
If we want data to stay relevant and usable, we shouldn’t take it for granted. Now is the time to have open conversations with your customers and make sure they understand the value exchange when they extend the privilege of sharing their data with you, and also any 3rd parties you share their data with. It’s clear that in the future, we’ll be even more connected and online in ways we can’t even perceive now, and all the time users are becoming ever more aware of how their data is being used and collected, in part due to the constant barrage of consent modals they’re faced with during their online journeys.
It’s hard to predict where we might be in a few years’ time, but if we look at where big tech is putting their money, it looks as if the Metaverse is going to take off in a big way (which for our purposes we’ll take to mean virtual reality and augmented reality). This presents even more opportunities to harness 1st and 2nd party data. Imagine a virtual reality shopping mall where all the “stores” you might decide to visit are able to share relevant data about your preferences (i.e. 2nd party data). It would take a lot of pain out of the shopping experience if the only things on display were in my size, and in my preferred style/color. Or, to come back to our sports team, I might attend a virtual game where the freebies shot out of the virtual half-time t-shirt cannon (hey, cut me some slack here – I’m a developer trying to be creative!) are personalized in real time to my preferences: perhaps some tickets to a real game when there’s next one in my area. This might be taking things a little too far, but hopefully it shows what might be possible with a strong data foundation as the Metaverse becomes a reality.
For more information on the future of customer data, check out our eBook (partnered with Meta) “The First-Party Future of Marketing” and our “2022 State of the CDP Report”.