How ITP 2.1 works and what it means for your web analytics
Big changes are coming to the way businesses collect web data. Browser manufacturers, led by Safari, continue to introduce privacy updates to prevent third parties from tracking users across websites. Although these measures target advertising companies that track users across different websites, they also impact businesses using web analytics to optimize their websites and provide visitors with the best possible experience: especially businesses relying on third-party web analytics tools, including Google Analytics.
In this article, the first in a two-part series, we’ll review some of the browser privacy updates in detail and explain why and how they impact companies doing web analytics. In the second article of the series, we will cover how using first-party rather than third-party data collection tools can insulate companies doing legitimate web data collection from these types of browser-based measures.
How does Intelligent Tracking Prevention work?
Apple introduced Intelligent Tracking Prevention (ITP) in 2017 as an effort to restrict third parties with no direct relationship to a website’s visitors from tracking those visitors across different websites. To better understand how ITP works, it is helpful to first take a look at the difference between first-party and third-party tracking.
First-party vs. third-party tracking
Say you own a company called Brilliant Clothing and you have a website, brilliantclothing.com. If you track visitors on brilliantclothing.com this tracking is called “first party”, because you (the owner of the website) track users on your own site.
If, on the other hand, you add a tracking snippet from “Advertising Technology Company”, who own the website advertisingtechonlogy.com, to your website brilliantclothing.com, so the team at Advertising Technology Company now tracks your users, that tracking is called third party, because a third party (not you, the first party, and not your visitors, the second party) does the tracking.
First-party vs. third-party cookies
Cookies are also essential for user tracking; a new user to your website can be assigned a unique user ID. This value gets stored in a cookie that is recorded with every web page the user loads. It is then easy when looking at the web data to identify all the different web pages the user has looked at (they will all be stored against the user cookie ID) and build an understanding of what this user was doing.
When a cookie is set by the website owner, such as Brilliant Clothing in our example, it is called a “first party cookie”. If the cookie is set by Advertising Technology company, then it is a “third-party cookie”. When cookies are stored, they are stored against the domain that sets them - so cookies set by brilliantclothing.com can only be read by brilliantclothing.com, and cookies set by advertisingtechnology.com can only be read by advertisingtechnology.com.
This helps explain why Apple’s measures to prevent third-party advertising companies from tracking users across websites targeted the setting and storage of cookies used by those third parties. Read on to find out how Apple’s ITP has evolved since its original version and the impact it has had on ad tech companies and web analytics.
From ITP 1.0 to ITP 2.2: Changing approaches to web analytics tracking
The first version of ITP (ITP1.0) targeted cookies set by third parties that the user did not interact with. For example, if a user on the Safari browser visited brilliantclothing.com and had a cookie set by advertisingtechnology.com, Safari monitored to see if the visitor had any kind of relationship with advertisingtechnology.com, e.g., does the user visit advertisingtechnology.com? If not, then advertisingtechnology.com was classified as a domain performing cross-site tracking, and the cookies set on advertisingtechnology.com got “partitioned”, so that values set on one website would not be readable on another. This means advertisingtechnology.com could no longer use these cookies to consistently track Safari users across different websites. Since these measures targeted third-party cookies a website visitor had no relationship with, they did not impact web analytics tracking.
There were multiple subsequent versions of ITP (ITP 1.1, ITP 2.0) that updated the treatment of third-party cookies, but none of which interfered with the cookies set by third-party web analytics providers. However, the ITP 2.1 and 2.2 updates now limit the use of first-party cookies as well. Let’s take a closer look at the recent releases and the changes they introduce.
Let’s explore why Apple introduced this measure and what impact it has on web analytics data collection.
Since many web analytics platforms use first-party cookies, ITP 2.1 and ITP 2.2 are likely to impact the quality of data they collect, creating unintended consequences for businesses that rely on third-party web analytics solutions.
What ITP means for businesses using third-party data collection
Needless to say, this presents a huge challenge for any business relying on a third-party web analytics solution for user data they need to make decisions around marketing, product and business intelligence.
For example, say a retailer uses a marketing attribution tool to track and report on advertising campaigns:
If the user clicks an ad, and makes a purchase within seven days, the web analytics system will be able to spot that it is the same user who clicked the ad and then made the purchase, and correctly attribute the transaction to that ad campaign.
On the other hand, say the user clicks on the ad and makes the purchase after eight days. Since the cookie was purged the day before, the user will look like a new user, and the web analytics system will not be able to spot that it is the same user who clicked the ad eight days ago. This means the ad campaign will not be correctly attributed to the transaction.
Here are a few additional ways ITP 2.1 impacts a business’s web analytics strategy by significantly decreasing the effectiveness of third-party data collection solutions:
Returning users become “new” again after seven days, making data less reliable and user journey mapping more difficult
Businesses lose insight into user behavior over an extended period of time
With only a seven-day window for A/B testing, results might be inconclusive or inaccurate
The good news? Long-term solutions exist that enable businesses to collect customer data without having to worry about future ITP updates. The next blog post in this series will dive into how you can reliably collect web analytics data in an increasingly secure and privacy-aware, ITP world.