Cookies are used to target, serve, track and optimize ad campaigns, pre-populate online forms, personalize user experiences and measure site visits and interaction, but P3P policy tracking agents are throwing a wrench into those everyday business mechanisms that Web publishers take for granted.
“A lot of people don’t know it’s going on,” marvels Eric Picard, director of product management for online marketing and ad serving firm, Bluestreak.
In order to prevent personally-identifiable data from being tracked, Microsoft’s Internet Explorer 6 browser’s default settings allow cookies to be set only by the domain visited, not third party domains unless they have P3P-compliant statements set up. That means any cookies served along with any type of Web content through another domain that’s not P3P compliant will not be accepted by IE6 users. Around half of Web surfers globally use IE6 according to Browser News, and the steady flow of upgrades from IE5 will continue to boost version 6 penetration rates.
“Every time I come back it thinks I’m a new user,” explains Dave Morgan, president and CEO of audience management software company Tacoda Systems. Morgan cautions that since cookies are being rejected, visitor numbers can be inaccurate and frequency caps on ads like pop-ups can fail.
The most at-risk publishers: sites and networks that serve content from a variety of Web domains and/or those that manage their own ad serving in-house. By now, most any third party ad serving platform managed off-site has implemented P3P. Some estimate that two-thirds of the top 100 most visited sites have not implemented P3P on their servers.
Cookies are blocked when users access CBS MarketWatch content through The New York Times on the Web. The same goes for cookies served to iVillage visitors who click on “horoscopes” or “beauty”.
“Most of the time, privacy policies are much broader than what the P3P statement says,” states TRUSTe executive director, Fran Maier. TRUSTe approval requires only that P3P policies be consistent with site privacy policies, but doesn’t require that sites have P3P implemented.
In addition to legal concerns, the P3P system could give users a false sense of security because compliance is voluntary. Technically, tracking agents like IE6 and the AT&T Privacy Bird could give the green light to cookies served from a site even if it doesn’t abide by the standards its P3P policy says it does.
How are publishers dealing with P3P problems? Find out in the second part of this two-part series, coming soon.