In 2008, President Obama revolutionised political advertising with a data and grassroots-led victory against the late Senator John McCain. After successfully repeating the effort in 2012 against Senator Mitt Romney, the data-led advertising approach was adopted by the Republican party, helping President Donald Trump get into the Oval Office.
In the UK, the same tactics were used during the Brexit referendum and more recently during the European Elections, with success.
Along with social media, a significant part of the data-led strategy used during these political events was programmatic advertising, which relies heavily on cookies.
These cookies gather large amounts of personal information about the user in return for tailored advertising. During election season, these cookies are used by political parties to influence the outcome -- sometimes with little transparency.
GDPR is just one side of the apple
With the introduction of the General Data Protection Regulation (GDPR) last year, we were expecting to see a reduction of this type of advertising in the EU.
The Information Commissioner's Office (ICO) has published a lengthy review, warning the industry of the consequences if it does not take steps to address what it perceives as significant failings in its approach to privacy and protection of the rights enshrined in GDPR.
Webkit’s ITP tool is designed to ensure that consumers can browse the web without having to worry about who can view their activity. Currently, the latest version, ITP 2.2, is causing advertising technology vendors -- political or otherwise -- to scramble to address the ability to track users across multiple domains using cookies.
In its latest blog post, John Wilander, Webkits lead on privacy, has taken the approach that no one should be able to track a user’s actions or use profiling to target a user, by effectively disabling cookies apart for those used to ensure functionality in shopping baskets and analytics to improve websites.
This raises two questions. First, what is the difference between Apple’s approach and the regulatory approach of the European Union and the ICO? And why does it matter, if it’s only affecting Safari and Apple devices?
The third-party cookie is crumbling
While GDPR makes political targeting dubious and potentially illegal, Apple’s approach would make it impossible to undertake. Think of speeding -- the GDPR is a slap on the wrist and relies on being found out to then be prosecuted. ITP however, is a speed limiter in your car that you can’t remove.
It is also applied globally, which means that while the US debates whether to adopt a California-style privacy regulation, ITP would simply apply in the US immediately as well.
As Apple’s Safari isn’t the most dominant desktop or mobile browser of the big three -- Google Chrome, Mozilla Firefox, and Safari -- there were no immediate concerns. However, Mozilla then announced an enhanced tracking protection feature that blocks all third-party cookies by default on desktop and Android devices.
There are now fears that Google will follow suit, and with 66% of the global monthly market share on desktop and 64% on mobile devices, it will see the end of the third-party cookie, a reliance on first-party data, and shift towards contextual targeting.
However, in August, Google called out the data practices used by other browsers, commenting that attempts to improve user privacy were having “unintended consequences,” and instead is improving the classification of cookies to give “clarity and visibility” to cookie settings.
With the California Consumer Privacy Act set to come into force in January 2020, and with other states such as Nevada and New York contemplating similar data legislations, if I were a strategist for next year’s US elections…I would be worried.