Apple ITP 2.1 – What Happens Next?
With Apple’s ITP 2.1 release coming soon, first-party cookies created client-side will only last for 7 days in Safari browsers. Because Safari is default browser on Apple’s iPhone, the majority of website visitors from mobile devices will have limited anonymous analytics data. Safari is extremely likely to be the only browser installed on a non-technologist-owned iPhone.
This is fine for most websites…except for our friends who sell Halloween costumes or Christmas trees online. These websites are only visited once per year. If we know you’re into princess costumes from last year’s purchases then we might want to make sure you see princess costumes on the home page next year. If you buy the really small Christmas trees at bargain prices the day before Christmas, then we know that a 5% off coupon is the first thing you want to see next year when you return. That means these categories of retail websites will want to store an anonymous visitor id in the browser for about 1 year. They’re not trying to invade your privacy – they genuinely just want you to make a buying decision as soon as you come back next year to protect themselves from losing you to the competition.
Along comes Apple with ITP 2.1 changes in Safari with the promise to “protect your privacy” online by making the decision that a first-party cookie (which typically contains an anonymous id) should only exist for 7 days. Instead of giving consumers the right to determine if they want to be forgotten on their own terms, they have taken it upon themselves to state that 7 days is the right number. Historically, most vendors are setting a one-year cookie because that is what EU law allows. And in many places, websites need to prompt to get user permission before using cookies in the first place.
One additional strange scenario is the fact that most software used to “opt out” of web analytics tracking or other marketing pixels uses a cookie to do this. That means after 7 days go by, you’ll need to re-specify your privacy preferences for a site. This means more and more will become ‘desensitized’ to that message that says, “Will you allow cookies?” because they will see it much more frequently. If this messaging becomes extremely annoying then maybe Apple has won and we are forced to install Apps from their App Store simply to avoid the “annoying web” created by a combination of legislation and tech company chess matches.
There are few ways Tealium helps and a few ideas for website owners below.
How Websites Might Respond
(1) Post a message that “Safari is not supported” on their website and offer a link to download Google Chrome.
(2) Only allow 1-2 page views before prompting for a Google or Facebook login — that will allow for a consistent identifier every session (require login every 7 days).
(3) Update web server or leverage analytics software that will set a server-side-generated cookie in first-party domain (this avoids the 7-day limitation Apple has created on client-side-generated cookies).
What Tealium Does
(1) For Tealium’s Customer Data Hub service, you can CNAME your data collection endpoint to allow first-party server-side cookie identification of your visitors to persist (at least for now).
(3) Tealium’s Tag Marketplace provides current and easy upgrades of your Tag Templates (if needed) for specific vendors who update their library code in response to Safari changes.
Reporting and Testing Ideas
Most likely, your website is not significantly impacted by a reduced cookie duration in Safari browser. But keep an eye out in your web analytics software for a potential upcoming spike in “New Visitors from Safari” browsers. Visit and pageview metric trends should not be impacted by this Safari update. Most likely the majority of your visitors are using Google Chrome. Use this browser visitor data to re-interpret the change in trends noticed in your Safari visitor data.
The phone/browser wars are still ongoing and privacy laws are constantly changing. Consult your legal team before pursuing any new technical workarounds as you might consider trying out a test on a subset of your visitors using Safari.
What happens if you recommend they install Google Chrome or if you require them to authenticate? How can you reward them for doing so?
Stay tuned to the Tealium blog for more updates like this in the future.