Are cookies dead? What imminent changes to Australian privacy law will mean for marketers

Cookie’s have been the lifeblood of the online advertising industry for two decades — but its starring role could soon be over. 

In 1994 a little piece of code innocuously dubbed the ‘Cookie’ was invented to store the memory of the internet browser locally for the user’s convenience.

From those humble beginnings evolved an industry built on the precise ability to track, identify, and segment users from their internet browsing patterns.

The ‘Cookie’ was the forerunner of similar tools that emerged with the development of new browsing devices and mobile apps. 

At the same time, the global technology giants led by Google, Facebook and Amazon collected and commercialised vast amounts of user data within login-led “walled gardens”.

This explosive growth in data sparked huge innovation in digital marketing technology, giving advertisers the ability to pitch directly to individuals on the basis of their online behaviours, at precision points in their customer journey. 

But all this is now set to change

After an extensive review following the ACCC’s Digital Platforms Inquiry, the federal government is poised to release its draft changes to the Commonwealth Privacy Act 1988 within days.

Australia is not the first, with the European Union leading the globe with the introduction of its General Data Protection Regulation (GDPR) which has had huge impacts on the advertising and ad tech sectors.

The Australian changes are set to vastly strengthen privacy protections for individuals, with bigger penalties for breaches — from $2.1 million up to $10 million. 

There will also be a new binding privacy code for social media platforms and other online platforms which collect and sell personal information.

These changes will have fundamental impacts on data collection for advertising and marketing purposes, reshaping how we collect, use and disclose personal information.

The death of the cookie?

Technology platforms and browsers are already moving away from the use of a cookie as a method of tracking and identifying users, with both Chrome and Safari stopping the use of third-party cookies by 2022. 

Other companies are also assessing their risk and exposure when collecting identifiers online, reducing the volume of businesses who support access to third party data, or are commercialising third party data through reselling to advertisers.

Once a source of huge value, third party data is fast becoming a potential liability. It’s a hot potato that marketers like us want a piece of less and less.

Are we prepared?

A recent report in The Australian noted many Australian companies are “woefully unprepared” for the looming changes. 

Data security experts predicted the government was unlikely to give companies much time to prepare and the time was now to act.

In the lead up to these approaching changes, our team have been closely monitoring the global state of privacy legislation and getting prepared. Europe’s GDPR sets the standard for us and the direction we are heading. We must be agile and adapt: Australian advertisers must be ready for the ramifications that the new Australian legislation might bring.

What is not in doubt is this legislation spells a big shift in how advertisers reach consumers. When the GDPR was introduced it made a lot of advertising technology businesses redundant overnight. An entire industry of data brokers who previously bought massive amounts of user data and sell them on, that business model died a swift death.

The big question for us here in the Australian market is what is going to be classed as personal, or personal identifiable information.

Prior to any regulation, a cookie wouldn’t have been classed as personal information. It could be processed by tech companies and passed on to a third party.

Today, we are looking at that and asking: can it be traced back to an individual user? If it can be classed as personal identifiable information, just like a phone number or medical record, that has legal ramifications.

And that will change the landscape of how data can be used in advertising.

So what takes its place? 

The digital marketing industry is certainly returning to relying on broader audience profiles, but there was plenty of innovation happening as well. 

As the industry shifts away from one-to-one marketing, the art of modelling and profiling groups of aggregated users is having a renaissance.

We are moving from that one-to-one addressability or a hyper-targeted approach, back to the old days of using models, lookalikes, or inferred signals to target that audience.

This completely resets the notion of how we target an audience.

Rather than a return to the digital dark ages, you might say we’ve moved away from the Wild West.

Clean Rooms, Loyalty Programs, and the Privacy Sandbox

For us to be able to continue leveraging first party data, the information that is collected must be done so with explicit consent. 

One solution is the development of areas where data can come in and be analysed, but no IDs can be extracted. These are dubbed “Clean Rooms”, most notably Google’s Ads Data Hub.

This means that brands will also be forced to innovate to win customer data through solutions such as enhanced subscriptions, and loyalty programs. However, the changes may also signal the end of some brands use of their loyalty programs as a data trove which can be on-sold to advertisers.

There is also Google’s new solution on audience profiling, called FloC (Federated Learning of Cohorts). FloC essentially uses an algorithm to turn in-house first party data from user’s Chrome browsing patterns into audience segments without compromising individual privacy. 

Who’s winning?

While no advertiser is necessarily celebrating the imminent changes, the tech giants such as Google and Facebook with existing “walled gardens” of data are in the pole position. 

In the fallout of these changes, these tech giants have been made even stronger because they are the only ones who hold massive amounts of first party data.

In digital marketing, we are adopting a lot of the technologies which Google, Apple, and Facebook are introducing. We’re ensuring that all our teams are across what those technologies are, well before the expected legislation is released. We have had a real focus shift to upskill our staff on the upcoming tools they will need to navigate and strategies to be adaptable in this new landscape.

None of this is without a caveat of course. The platform these emerging technologies run on require a sign-in, and they have the legal ability to track a user using the persistent ID generated with the login. But the changes will still limit the availability and accessibility of user information within the Google and Facebook eco-systems — and they can’t willy-nilly sell that information on to other advertisers.

Planning for the long-term

The marketing agencies which will thrive in this new environment are ensuring their teams are well prepared for change by upskilling their staff in the emerging tools coming online from the major tech platforms — and developing strategies to respond to a range of scenarios.

A big focus at my agency has been collaborating with the major walled gardens and regulators. We want to ensure we are ready for the changes and minimise the impact on client’s ad spend. By developing attribution within Clean Rooms and working on ways to model and attribute across the walled gardens, we can allow clients to access a valuable privacy-safe view of individuals at the cohort level.

It’s revolution time

It’s time to prepare for and adapt to this new, evolving landscape. Is your agency on top of these imminent changes? Getting it right now is going to transform the way we do business and shape client relationships for years to come.

Read the full whitepaper on these advertising changes, here.