Privacy and security on the web is a big deal to many consumers. They want to know that when they visit a brand’s website or mobile site that their data is used responsibly and protected. While that’s most often the case, there are other ways to protect consumers that don’t rely on faith in the good stewardship of visitor data. In fact, even well-meaning companies make mistakes, so it’s always a good idea to layer on security.
One way that can happen is by placing limitations related to first- and third-party cookies through browsers like Google Chrome and Apple Safari. I give an explanation of what cookies are in arelated articlethat I recently published onMedium. In that article, I discuss how Adobe Target supports Chrome’s SameSite cookie policies, which are designed to protect the consumer’s data privacy. In this article, I want to explain how Apple is similarly providing protections through its ITP 2.1 and ITP 2.2 cookie policies.
What is ITP?
ITP, which stands for Intelligent Tracking Prevention, is Apple’s initiative to protect the privacy of Safari users. The first release of ITP in 2017 targeted the use of third-party cookies. In fact, Apple blocked third-party cookies in their entirety, causing a severe headache for ad tech and mar-tech companies because they often use third-party cookies to track users and collect user data.
Apple is now on the move to place limitations and restrictions on how first-party cookies are used within Safari. They releasedITP 2.1on February 21, 2019, and capped client-side cookies placed on the browser using the document.cookie API to expire in seven days. On April 24, 2019, they releasedITP 2.2, which drastically reduced the seven-day expiry cap to an eye-popping one day.
We want you to understand how that affects you as an Adobe Target customer, and how we’re helping you mitigate that impact.
The impacts of ITP 2.1 and 2.2 releases on Adobe Target customers
Here’s how you may potentially experience that impact:
An increase of unique visitor counts. With the shortened cookie expiration window, you may see an increase of unique visitors coming from Safari browsers. If visitors revisit your domain after seven days in the case of ITP 2.1, or one day in the case of ITP 2.2, Adobe Target would be forced to place a new Target cookie on your domain in place of the expired one. The new Target cookie translates to a new unique visitor even though the visitor is the same.
Decreased lookback periods for Adobe Target tests. Visitor profiles for Adobe Target tests may have a decreased lookback period for decisioning. Target cookies are leveraged to identity a visitor and store user profile attributes for personalization. Given that Target cookies may expire in seven days or one, depending on whether ITP 2.1 or 2.2 is in use, the visitor profile data that was tied to the purged Target cookie can’t be used by Adobe Target for decisioning.
Determining if your current implementation of Adobe Target is impacted
Mitigating the impact on Adobe Target of ITP 2.1, 2.2, and future ITP releases
There’s no reason to have current and future ITP releases impact your Adobe Target implementation. Mitigate their impact by following these steps:
Step 1. Deploy the Experience Cloud ID (ECID) library to your pages The Experience Cloud ID (ECID) library enables the people identification framework for Experience Cloud Core solutions and allows you to identify same site visitors and their data in different Experience Cloud solutions by assigning persistent and unique identifiers. Adobe will update the ECID library continuously to help you mitigate the impact of any ITP-related changes on your implementation. For ITP 2.1 and 2.2, you must useECID library 4.3.0+to mitigate any impacts.
Step 2. Leverage CNAME for either Adobe Analytics or Adobe Target. You don’t need to use CNAME for both Adobe Analytics and Adobe Target, but having both is recommended.
2.a Setting up a CNAME for Adobe Analytics You can leverage the CNAME for Adobe Analytics and its managed certificate program. The certificate program lets you implement a first-party certificate for first-party cookies at no charge. If you are not leveraging the CNAME, talk with your account representative and enroll in theAdobe Managed Certificate Programto start the process.
Once completed, the tracking server name should be supplied to the ECID library when initializing the library usingtrackingServerortrackingServerSecure. This should match thetrackingServerconfiguration in the Analytics configuration.
2.b Setting up a CNAME for Adobe Target
Adobe Target supports you and your customers in a more secure web
As strides are made to create a more secure web for consumers, Adobe Target is resolute in its commitment to delivering personalized experiences while meeting and exceeding the privacy expectations of your visitors and customers. Adobe Target has already announced support forGoogle’s SameSite Chrome Policiesin addition to support for Apple’s ITP 2.1 and 2.2. As these policies and others continue to evolve to protect our consumers, Adobe Target will likewise continue to support these initiatives while helping our customers provide best-in-class personalized experiences to their customers.