Apple’s Intelligent Tracking Prevention (ITP) is on the advance. 

The Safari feature – which aims to curtail the use of cookies for cross-site tracking and targeting – was introduced in 2017 and Apple has since expanded its scope several times over, each time pushing the rules further. 

The latest update – ITP 2.2 – limits the tracking window for first-party cookies to 24 hours. 

As with previous updates, this has naturally prompted speculation around the impact for publishers, advertisers and affiliate networks alike, especially in regard to affiliate marketing, which has traditionally placed cookies at the centre of tracking. 

An update to the UK Information Commissioner’s Office (ICO) privacy advice on the use of cookies has only added fuel to the fire. And with Apple’s WebKit team now saying they’ll treat violations of ITP on a par with security offences and may take action against all users for any infractions of the new tracking rules, it is understandable that players across the affiliate industry are concerned.

But do they need to be? 

When it comes to ITP and affiliate tracking there are two things publishers should keep in mind: 

Steps the major affiliate networks have already taken to future proof tracking between publishers and their advertisers 
Their own compliance with the General Data Protection Regulation (GDPR) when collecting data on individuals 

What steps have affiliate networks taken? 

The affiliate industry operates in a challenging privacy landscape. 

Consumers are unwilling to share personal information without their consent and the big platforms are now keen to close up any loopholes in their privacy rules. 

But the major affiliate networks are not idle. In fact from Awin to Rakuten Marketing to CJ affiliate, much thought has been given to a cookieless future and what that means for existing models of tracking conversions from publishers to advertisers. 

As ITP 1.0 originally focused on third party cookies, initial solutions have typically been built around the use of first-party cookies

This has generally taken the form of a site-wide tag deployed across an advertiser’s entire website. More than 80% of advertisers have these solutions installed. CJ also says that at a network level “a majority of transactions occur within 24 hours”, which coupled with Safari’s smaller affiliate market share as a browser has for now minimised the impact on affiliate tracking. 

For the future, networks including Impact, Rakuten Marketing and CJ Affiliate have all referenced “server-to-server” or “server-side” implementations.   

Impact describes this as, “an advertiser…passing conversion (sale or lead) data back to a tracking provider via API or FTP.” The solutions enable the networks to track transactions using data that advertisers’ already possess, without collecting fresh information on an individual, which is when restrictions kick in on storing data under ITP. Rakuten Marketing goes as far as saying their own server-to-server solution, “is not affected by cookie-blocking technology”. 

The affiliate networks’ alternative tracking features, coupled with a continuing philosophical commitment to respect relationships between advertisers and individuals, should future proof tracking against continuing changes to cookie rules.  

What about the ICO update? 

The ICO issued its latest update to the Privacy and Electronic Communication Regulations (PECR) on July 3. 

PECR – which also covers electronic marketing, phone calls, SMS messaging, emails, faxes, the security of electronic communications services and privacy of users of electronic communications services – regulates the use of website cookies to track visitors. 

In practice, where participants of the affiliate marketing industry are compliant with GDPR, the update changes little. 

So long as the purpose of collecting cookies is “clear and comprehensive” PECR is not prescriptive about what information should be provided to end-users when gathering consent. GDPR is, in fact, more specific on this, giving firm guidance on how to communicate around consent collection. 

PECR does, however, apply to other tracking technologies, such as browser local storage and flash cookies and even files stored by a mobile app, so it’s not exclusive to browser-based applications.

With this in mind, the primary thing affiliate players should understand from the guidance is the importance of continuing compliance with GDPR and other privacy measures, which include ITP and it’s successive updates. 

What does the future hold?

The privacy landscape continues to change. There will be more developments, across more browsers and platforms, which players in the affiliate industry will have to contend with. 

Consumers are today ever-increasingly conscious of the information they share online, what it is used for and who has access to it. Platforms are likewise keen to respect their wishes, manage the ad tech ecosystem to curtail exploitation of private information, and keep their users happy. 

Fortunately, affiliate networks are mindful of this and committed to the same goals. They already have solutions in place, built with respect for consumers in mind, and future solutions will also be designed with this in mind. As long as the affiliate industry continues to respond to regulations in this spirit, it has nothing to fear from them.