Who stole my cookie?

Joint webinar: Legal Monster + Dreamdata + Clearcode

Webinar ended, but you can watch on demand and get slides by filling a form below

Who stole my cookie? How to work with tracking in the post “3rd party cookie world”

Date: Wednesday the 10th of February

To work successfully with digital marketing, understanding your data and traffic, and what the future holds is key. But, with third-party cookies becoming close to extinct and privacy legislation increasing complicating the “tracking waters”, what can you do?

In this webinar, tracking expert Lars Grønnegård, marketer Michael Sweeney, and privacy lawyer Stine Tornmark, will discuss what the future brings. They will also discuss what options we have, and how you as a marketer can measure your marketing efforts in a post 3rd-party cookie world.

Webinar agenda

  • An overview of what is happening with third-party cookies,
  • What does it mean, and what is the impact,
  • What will the future look like for cookies and tracking,
  • Privacy and Google privacy sandbox,
  • Privacy in-app,
  • Apple’s IOS 14,
  • How can you measure your marketing efforts,
  • Insights into cookie consent trends across countries and industries.

The webinar takes one hour, is free, and you can ask questions throughout.

Watch webinar on demand and get slides

Webinar speakers

image

Lars Grønnegaard

CEO, Dreamdata

Lars is the CEO and Co-Founder of Dreamdata.io – a B2B Revenue Attribution and analytics platform.

Before Dreamdata, Lars was a SVP of Product at Trustpilot, one of the largest review platforms in the world. At Trustpilot he strove to continuously make the product and engineering team become ever more data-driven. It is the work he did in Trustpilot that led to creation of the company he co-founded: Dreamdata.io.

image

Michael Sweeney

Head of Marketing at Clearcode

Michael leads the marketing operations at Clearcode, an AdTech and MarTech development company.

Through his work at Clearcode, he helps educate people about how programmatic advertising, AdTech, and MarTech work from a technical perspective, and the impact privacy is having on the industries. He’s the main contributor to Clearcode’s popular AdTech and MarTech blog and co-author of Clearode’s AdTech Book.

image

Stine Mangor Tornmark

CEO, Legal Monster

Stine has over 15 years of legal experience, with a background as a lawyer specialised in privacy and marketing law. She has six years experience from Plesner and six years as VP for Legal and Compliance at Trustpilot.

Transcript

Stine Mangor Tornmark: So hopefully you can all see my screen now. And today we're going to talk a little bit about who stole my cookie. Not my cookie, but actually cookies around the worldwide web. And before we actually jump into it, these are the guys, and myself, being a girl, that are going to talk a little bit about who are stealing our cookies and why. I'll let Michael introduce himself in a short second, and Lars you can maybe introduce yourself before we start.

Lars Grønnegaard: Yeah, so I'm Lars, I'm CEO of Dreamdata. So we are a company that helps many B2B SaaS companies figure out what works and what doesn't work in their marketing efforts. So we do what you call revenue attribution.

Stine Mangor Tornmark: So Lars knows a thing or two about tracking and understanding how it all works.

Lars Grønnegaard: Tracking and understanding what people do is a key part of doing attribution. Of course there are lots of other components, but having a good grasp on that is very important.

Stine Mangor Tornmark: Cool. Yeah, I'm part of Legal Monster. We are a company that helps companies with their online compliance. Which includes helping them capture consents for cookies, which is why we know a little bit about it. And my background is also as an attorney, very much focusing on privacy in tech. And having worked a lot on what is the legal requirements related to cookies and tracking and what can you and what can't you. So in a second, Michael introduce himself, but just before we hear a little bit more about Michael, this webinar will be recorded. Anyone can ask questions, and please do so. Because it is what we want to actually help you guys with, are the questions and things that you're sitting with on a daily basis.

Stine Mangor Tornmark: You'll get a copy of the presentation and the video. And we hope that you have a good cup of coffee, or a cup of tea, and are ready for Michael to actually take us through what is happening with third-party cookies, what does it mean, what's the impact, and a little bit about what is going on with Google and Apple and all the things that you might have heard about in-app. So Michael, the floor is yours.

Michael Sweeney: Perfect. Okay, excellent. Thank you very much. So, yeah, as Stine said, my name is Michael and I'm head of marketing at a company called Clearcode. And we're essentially an adtech and martech development company. So we typically work with tech companies to design and build all kinds of advertising and marketing technology. For those who are familiar with some of the adtech platforms, we've built DSPs, SSPs, ad exchanges. We've also built quite a few data platforms and analytics tools as well. So we very much sit on this technical side of the, let's say programmatic advertising and digital marketing industries.

Michael Sweeney: All right. So shall I continue on with the rest of it? Yup, perfect. Next slide. Okay. So, in the first part is where part that I'll be leading. I really just wanted to provide a bit of an overview about this whole end of third-party cookies topic. And also cover some of the other privacy changes that we've not only seen over the past 10 to 15 years within the programmatic advertising and digital industry, but also what we can expect in the future over the next sort of three to five years at least. Okay, next slide.

Michael Sweeney: Perfect. All right. So for many of you watching, I know that most of you probably will know that the changes to third-party cookies in web browsers is not really the first privacy event that we've witnessed as an industry. There've been a number of other key events that have really shaped the privacy topic in digital advertising/marketing over the years. Probably the first, let's say privacy change to the digital advertising/marketing industries happened in the mid-2000s with the introduction and then the rise of ad blockers. Now of course, there are many reasons why Internet users started to install these ad blockers into their web browsers. Probably the first reason was to avoid some of those annoying ads from popping up all over the page. Which was the case in the early days of online advertising. But definitely there was a big privacy motivation for installing and using ad blockers. So that was the first real test that the digital advertising and marketing industry saw from a privacy side of things.

Michael Sweeney: And then, no doubt, many of us still remember the implementation of the GDPR, which to this day is still having an impact on how we conduct digital advertising and marketing activities. And of course, this wasn't designed solely for the online advertising and marketing industries, but certainly there are a number of key parts of the GDPR that did have an impact on how companies collect and use user data. Obviously primarily of EU citizens and residents. And then of course we're at the stage now which is kind of like the third phase of the whole privacy trends in digital advertising and marketing, and that is of course the changes that are happening within web browsers, primarily with third-party cookies. All righty, so on the next slide there.

Michael Sweeney: So, as I said, just continuing on with that last point there about what's happening with third-party cookies inside web browsers. It's important to note that when we're talking about cookies, there is a, let's say two different types of cookies. There's the first-party cookie, and the third-party cookie. When we're talking about the end of cookies, we are specifically talking about primarily the end of third-party cookies. Because they are the ones that are used for online, so for invocation across different websites. Those are the ones that are often seen as the ones that violate privacy, et cetera.

Michael Sweeney: So when we look at the main browsers and how they handle third-party cookies, obviously in Safari, they block third-party cookies by default. Also back in 2017, Safari introduced a feature called intelligent tracking prevention, or ITP. Which, the sole goal of that feature is prevent companies from identifying individuals across different websites, or a process known as cross-site tracking. Since that release of the first version, they've implemented a number of changes that have only strengthened user privacy and made it harder for companies to identify individuals across different websites and also it's impacted other web browser storage methods, such as first-party cookies and local storage as well.

Michael Sweeney: And similarly with Firefox, they also block third-party cookies by default, and they also have strengthened user privacy over the years. They've also implemented their own changes. They're a little bit different to Safari, but they all have the same end goal, and that is to increase user privacy for people using those web browsers. And as many people know, back in January 2020, so about a year ago, Chrome made the announcement that it, too, would be shutting off support for third-party cookies by 2022. I have written the word there possibly in 2022. We don't have a set date as to when that will actually happen. It is possible that it might be delayed, purely because of the, let's say the replacement that Chrome is working on for third-party cookies, that being its Privacy Sandbox which I'll talk more about later. But whether it is by the end of this year, whether it's early next year or whether it's the end of 2022, it's definitely clear that third-party cookies will be going away very soon in Chrome.

Michael Sweeney: All righty, yeah. So if that is the case, if third-party cookies are no longer available in two out of the three main web browsers, obviously being Safari and Firefox, then why are we still talking about this whole issue of third-party cookies going away? The reason for that is because, purely and simply, because of Google Chrome's dominance of the global web browser industry. So when we look at some of the statistics, the stat counter puts Google Chrome's market share of the global web browser industry at about 63%. Which is quite a significant number. Particularly when we compare that to Safari, which is the second-most-popular web browser, that has about a 19% market share. And then further, if we look at Firefox, that only has about a 3.65% share. When we combine Safari and Firefox together, that still leaves us with about a 23, 24% share of the global market that doesn't support third-party cookies. Obviously at the moment, Chrome still does support third-party cookies. But when they finally pull the plug on those, it's going to have a massive and immediate impact for all of our advertising and marketing activities.

Michael Sweeney: All righty. All right. So no doubt they'll be some people watching that might not fully understand what the role of third-party cookies plays. It might be a bit hard to make the connection between the end of third-party cookies and the impact that's going to have on your day-to-day advertising and marketing activities. Well, the main role of third-party cookies is to identify individuals across different websites. This process is often referred to as cross-site identification, or cross-site tracking. That's why you also might hear or even read in the media articles that refer to third-party cookies as third-party trackers, or tracking cookies. They're all pretty much the same thing. Third-party cookies are designed to identify the same person across multiple different websites. And once you've got that identification piece, you can then use that to power many very important programmatic advertising and digital marketing processes. That no doubt many marketers and advertisers use on a daily basis.

Michael Sweeney: So the main ones we've got, of course, are audience targeting and retargeting as well. So showing ads to specific people because either they're a member of an audience that you've created in a data platform, like a DMP, or even showing ads to people that have visited your website or interacted with your brand. Also, it's used for frequency capping, so despite what some consumers might think, advertisers don't want to show you the same ad 600 times in one day. They also want to put a limit on how many times you actually see a given ad within a certain time period. So that frequency capping is also something that's conducted by third-party cookies. And then of course, very importantly and no doubt something Lars is going to talk about in his presentation, is that third-party cookies also support measurement and attribution. Which for marketers is absolutely key.

Michael Sweeney: All right. So just to maybe highlight the impact of what the end of third-party cookies means on a day-to-day basis. So, as I just mentioned, third-party cookies underpin many of the key processes that we use in our day-to-day lives, as advertisers and marketers, even as publishers, as well. But essentially, when third-party cookies do go away from Chrome, the programmatic advertising and digital marketing industry, and the process we know today won't be the same. It's going to impact things like audience targeting, retargeting, measurement and attribution are going to be severely impacted. And it's also important to note that there is no one-to-one replacement for third-party cookies. There's no silver bullet, there's nothing that we can implement the very next day when third-party cookies disappear. There are of course different solutions and different alternatives being composed within the industries, but there is no one-to-one replacement for third-party cookies.

Stine Mangor Tornmark: Michael, there was one question about, if you could give an example of an adtech platform in the chat. But I can also see that somebody already responded and gave Facebook as an example. Can you maybe just give one or two more?

Michael Sweeney: Mm-hmm (affirmative). Yeah, so definitely Facebook is ... I think most people know that Facebook is a more of an advertising company than it is a social media network. The same could very much said for Google. So yeah, definitely Facebook and Google are the main companies that receive a large bulk of ad spend. It's stated that advertisers will spend anywhere between 60 60 to 70% of an ad budget with Facebook and Google, so they are certainly adtech companies. And they also have a presence on a lot of different websites. And particularly, I'll provide a few examples in a minute about other adtech platforms, but just with the point about Facebook and Google is that while the changes to third-party cookies and other storage methods do impact independent companies, the adtech and martech tools that we use, it also has a very big impact on companies like Facebook and Apple.

Michael Sweeney: So I'll maybe touch a bit more on that a bit later, but some other examples of some adtech platforms ... There's a lot of different types of adtech platforms that are responsible for different things. But to give you some examples, if you're an advertiser, some of the types of adtech platforms you would use to show your ads on different websites might be ones called demand-side platforms, or DSPs. And there's quite a lot of DSPs on the market. Google, of course, has their own DSP that allows advertisers to run campaigns across different websites. But some of the independent adtech companies that you probably would have heard about would be ones like The Trade Desk and MediaMath. And on the other side, on the publisher side, there's adtech platforms that help publishers monetize their websites, these are typically known as supply-side platforms, or ad exchanges. The large ones you would have heard about might have been Magnite, which is previously known as Rubicon Project. TripleLift, what would some of the other ones be? I'm coming to a bit of a blank here. Yeah. There's just so many different platform names coming to my mind, it's kind of ... Pick them out. But definitely we've listed a whole bunch of them on our website, so we've got a whole list of those on our website to check out later.

Michael Sweeney: Yeah, so this next part here, so I just mentioned that there is no replacement for third-party cookies, as least one-to-one replacement. But as I said, there are different solutions and alternatives being proposed. One of those is actually coming from Google itself, so to Google's credit they are actually offering up some kind of solution, they're not just cutting off third-party cookies and just saying, "Okay, that's the end." Kind of like what Apple has done. They are offering up a bit of a solution for advertisers and publishers. It is known as the Privacy Sandbox. There's a lot to cover, really, with the Privacy Sandbox. But the key points are that it basically consists of a set of new standards that will replace the processes that are currently carried out by third-party cookies.

Michael Sweeney: So it's not going to replace third-party cookies, it's not going to be another identifier, but it will aim to replace the processes that are carried out by third-party cookies. So to give a few more examples here, on the ad targeting side of things, if you're an advertiser or a marketer, some of this standards that Google's Privacy Sandbox are proposing revolve around contextual targeting. There's also one for interest-based targeting, which will be done by something called the federated learning of cohorts, or FLoC. This comprises of machine learning and a whole bunch of really new, technical things. I think it's even new for Google Chrome. So the interest-based is very similar to how audience targeting is done now. And then we've also got remarketing, or what we typically refer to as well as retargeting. So showing an ad to someone who has visited your website, for example. So that will be done likely by a standard called TURTLE-DOV, which actually stands for something, it's two uncorrelated requests, then locally-executed decision on victory. It's easy just to refer to it as TURTLE-DOV. Rather than explain the whole acronym.

Michael Sweeney: So yeah, those are the standards that are currently included in Privacy Sandbox for ad targeting. And then there's also a couple of APIs for measurement and attribution as well. But the key thing to note here about Privacy Sandbox, as I said, that it offers up a very different way of running the key programmatic advertising and digital marketing processes that we've seen so far. It's very much moving away from the one-to-one identification that we do currently via third-party cookies and other browser storage methods, to moving towards a more aggregate way of doing things and targeting audiences rather than targeting individuals.

Michael Sweeney: So the Privacy Sandbox initiative is currently being discussed and worked on in the W3C business group. As I said, there's no real timeline, we don't know when Privacy Sandbox is going to be implemented. Some of these standards are more advanced than others, so for example Google recently released some initial tests that they did with the federated learning of cohorts, so that part of the Privacy Sandbox seems to be advanced a lot more than, for example, the TURTLE-DOV part. So, yeah, there's no real word yet as to when we can expect Privacy Sandbox to go live. Because there is a lot of work that needs to be done. It is, as I said, it's something completely different to what we've experienced so far. So it is very much new ground, for not only Google Chrome, but also for all the companies that are collaborating in the W3C business group.

Michael Sweeney: All right. And then just to finish up my part ... Oh, sorry, do you have a question?

Lars Grønnegaard: Yes. It was, so Google is implementing Privacy Sandbox. And what about the other browsers? I think one of the nice things about cookies is that it was a shared technology across browsers.

Michael Sweeney: Yes.

Lars Grønnegaard: And you could do one implementation and it would work in many browsers.

Michael Sweeney: Yup. Exactly. Yeah. And that's definitely one of the challenges. Even when we look at some of the solutions, apart from Privacy Sandbox, there are of course other solutions, other alternatives out there, but as you just mentioned, Lars, the thing about third-party cookies is that it was kind of like the universal way of doing things across pretty much every web browser, going back five years ago, supported third-party cookies. Whereas now, because of all the changes, it has created even different walled gardens within walled gardens. I think the interesting thing about Privacy Sandbox, I don't know whether it will be adopted by other web browsers like Safari and Firefox, I definitely think that when we look across those three web browsers, each of them have a different idea about how to approach privacy. Particularly, I think Safari and Firefox are more aligned, definitely, than those two against Google, for obvious reasons. Google, as I mentioned, as people are writing in, they are an advertising company. So they have a lot more skin in the game, they have a lot more to lose by introducing really strict privacy settings and changes. Whereas Apple and Firefox, they really have no advertising business. So for them, it doesn't really matter whether they go full-blow into protecting user privacy to the extremes. Whereas with Google they need to be a little big more cautious and balance that out.

Michael Sweeney: But yeah, that's a great point about whether some other web browsers will implement something like Privacy Sandbox, or they will implement it. It's really hard to say. I'd probably say at the moment it's doubtful, but maybe in five or 10 years that might be a possibility. I know that with Safari, for example, with a lot of the things that they are developing with Safari around privacy, some of those could, or at least they've mentioned that they might like it to be implemented by other web browsers, to create some kind of unified way of doing things. But at the moment, it's a little bit hard to see that happening. But who knows. Anything could happen.

Stine Mangor Tornmark: Michael, we've gotten a few questions both related to Google and also cohorts. What I suggest is we'll just take the Apple slide that's coming now, or the in-app, and then let's see if we can take some of the questions that both Carl and, for example, Nita have been asking a little later, just to make sure that we actually cover everything.

Michael Sweeney: Yeah. Definitely, cool. So yeah, this is the last slide I wanted to finish up with. So, throughout my part of the webinar I've been talking specifically about the changes that are happening, the privacy changes that are happening in web browsers. But definitely we're starting to see a lot more focus on increasing privacy within the in-app mobile world. Specifically, last year in June, Apple announced that they would be making a series of privacy changes in the upcoming release of iOS 14. Some of those have already been implemented, but the really big part, or the big change, that they announced, hasn't come into force yet. But it is around the identifier for advertisers, or the IDFA. So the IDFA is a mobile identifier. It kind of operates in a very similar way to IDs that are stored in third-party cookies, because it allows for ad targeting, audience buying, and measurement and attribution. So it does carry out many of the same processes that are carried out by IDs in third-party cookies in the web, in web browsers. But it's much more persistent than cookies.

Michael Sweeney: So there are obviously ways that smartphone users can reset their mobile ID, whether it's in iOS or Android. But it's not as common as it is with cookies in web browsers. So that means that an IDFA, for example, will be attached to a person's device for a lot longer than, say, a third-party cookie would be. So the changes that they've announced, that Apple announced to the IDFA, essentially will mean that if app developers want to access a person's IDFA, which there's no real restrictions around accessing it, if they want to access it and then pass that IDFA to their adtech or martech or even mobile measurement platform partners, so that they can show personalized advertising so they can run attribution inside the in-app environment across different apps, they will have to get consent, or opt-in, from users. Via something known as the App Tracking Transparency Framework, or ATT. And the main part of that is essentially going to be showing the user a pop-up message, very similar to one we see on the screen, and basically asking the user to allow tracking, or ask the app not to track.

Michael Sweeney: Now, the interesting thing about this message is that of course, even just reading it, it does sound like a very scary scenario because it's using words like "tracking" and "tracking across different apps and websites." Unfortunately at the moment, there's not really too much customization that can go on with this message, I think it's only the middle part, the small-ish font that you can actually change. The rest for the part in bold and the actual text with regards to the buttons at the moment, as far as I know, can't be changed. So it is likely that opt-in rates for this will be quite low. Most people in the industry say it's going to be under 20%. Which again, within the in-app mobile world, it's going to cause big problems for, not only ad targeting, but also for measurement and attribution as well.

Michael Sweeney: So that's kind of the next phase, I would say, of the whole privacy topic is that currently where there's a lot happening within web browsers around third-party cookies, the next phase is very much probably going to be within the in-app mobile worlds.

Stine Mangor Tornmark: I also know that the gaming industry is very focused on what's happening in this regard. And you got actually a question, maybe you might be answering it. In regards to, are there any concerns within the industry of centralizing of personal data in the future at a few major companies?

Michael Sweeney: Yeah. So there's definitely ... This is one of the main concerns by a lot of the independent companies, particularly the ones that are involved in the Privacy Sandbox initiative. Is that, the Privacy Sandbox initiative from Google Chrome is great. It's a solution to a problem that a lot of companies are going to be facing. One of the key concerns a lot of people have is that it is still going to be Google-owned. It's going to be Google-owned and operated, it's going to be Google-controlled. And I suppose also, in many ways, from a privacy standpoint, a lot of it does make sense. To aggregate the data, to show ads to people based on groups rather than individuals, but with all that data, it's going to be hard to really understand what's accurate or not. Even from the attribution side of things, it's going to be hard to know whether ads are performing well or not, because of just the way that the attribution standard is being proposed. It's going to be delayed, you're going to have the window, basically the attribution window is going to be a lot shorter.

Michael Sweeney: So there are a lot of concerns about centralizing a lot of these processes, but also even the data as well to one company. So yeah, that's definitely a concern. But yeah, we'll just have to wait and see what happens with that, whether there's any kind of change ... I know with some of the standards, a lot of independent adtech companies particularly are working on the TURTLE-DOV part and coming up with different proposals where some of the processes are maybe carried out by, let's say a independent or third-party server, so that it's not being fully controlled and operated by Google, or even on device as well.

Stine Mangor Tornmark: Cool. Thank you so much, Michael. And given the fact that you've just now touched upon how can you then actually do attribution, and is it going to be only related to the big players, I will leave the floor to Lars.

Lars Grønnegaard: Thanks, Stine. I think what Michael shared was super interesting, and it covered what is changing around third-party cookies. And there was a question in the chat about what are some of the alternatives to third-party cookies, and I think, Michael you feel free to jump in here, but basically since ITP was implemented by Safari, there's been lots of attempts to bypass the changes that were being made, and basically it's been a cat-and-mouse game of implementing a restriction, then a tech company's bypassing that restriction. And I think it basically means that it's not just third-party cookies that are affected, it's all types of cookies that are set in the browser that are affected. And it also means that when you ask about alternatives, some of what's been going on is, okay, then you set the cookie in a first-party context, that's been restricted then. You pass data via a query string, in the URL. That's been restricted. And then there were companies that were passing data via the referrer, and then that's restricted.

Lars Grønnegaard: So I think it's just cat-and-mouse game, and I think it's very much led by Apple. And they seem very determined to get to the bottom of this. So I don't think that there are a lot of direct, like also what Michael said, there are not a lot of direct alternatives. They'll be an alternative, it will live for a little while, then it will die. And I think, really what we have to accept is that a lot of these tracking mechanisms are getting weeded out, and that then impacts, like what Michael described, it impacts some of the methodologies in advertising. Like remarketing, and also some of the algorithms that you have that are helping you target people, working out what actually works for targeting people at your website. They're stopping to work because the tracking is stopping to work.

Lars Grønnegaard: So some of the tactics are stopping to work, but also you can say that your ability to understand is working, so as someone who is buying advertising, someone who is trying to acquire more customers, your ability to understand what is working, that is also going away. So retargeting, less and less effective. Ad algorithms, also less and less effective. And basically the compass that you're using, so many of you are probably using Google Analytics, but these compasses that, or some of you might be using other analytics platforms, they are all becoming less and less effective, because the ability to track over time and hold on to individual users is becoming less and less possible.

Lars Grønnegaard: So one side is, it's hard to know what to invest ... The things that you're investing in become less effective. The other side is, your ability to understand if it actually works is becoming less effective.

Stine Mangor Tornmark: Maybe a question, Lars, that we've gotten, from Dennis, is wouldn't it be smarter for marketing teams to find better ways to market their products than using tracking tech? Then, with all this happening?

Lars Grønnegaard: So I think in essence, when you're doing marketing or any kind of attempt to get more customers, it is an investment. So it doesn't really matter what you're doing, if you're doing webinars or if you're doing content, or if you're doing TV or ... Doesn't matter. Whenever you're spending money on acquiring customers, it's an investment. And in the end what you're trying to do is you're trying to buy some revenue. And the problem that you have is that if your ability to understand how much revenue you're getting every time you put money into your marketing effort, if that is going away, then your ability to invest is also disappearing. And I don't think that necessarily going back to ways of advertising that have much less ability to track the results is a good answer here. I think really what you should be looking for is new ways of understanding how can I best see what is working.

Lars Grønnegaard: I think probably all of us in this webinar are in some form trying to buy customers and revenue, and we really all need a way of understanding if those investments that we're making, are they paying back. Are they paying back. If you're growing a lot, then you need to be able to execute experiments and find new ways of acquiring revenue, because if you're growing a lot, then you need to buy a lot of revenue. And then you need a compass that works for this.

Lars Grønnegaard: And I would say, the key thing here is, I would ... So this is, of course, opinion. But I would say, a key thing is to start building up ... Someone also asked about this in the chat, isn't first-party tracking a good solution here? And from where I sit, I think that is the best thing you can do, is to move away from this world where we have delegated a lot of this understanding of what's going on in our funnels, we delegated that to other companies. So ideally you want to bring that data into your own garden, and start understanding what's go ... So that you can do these measurements yourself. So I think that that is a key thing that you want to do. And I would say that is still also flawed, because what we described here is that a lot of these third-party cookies, you don't need those if you're doing your own tracking. But you do need first-party cookies, and they've also been quite restricted. So I think just moving to a world where you do some of this tracking yourself is not going to be all you need to do to solve this. Yeah.

Stine Mangor Tornmark: Dennis has a question now, or maybe more of a comment. Investment is not making tracking okay. Why should I need to be tracked if somebody wants to invest in getting me as a customer? Investment worked well before tracking tech. And yes, this is correct. I think what Lars is saying is that, as all people, and maybe, Lars, related to more [question 00:37:08] but everybody who has a company would like to know whether or not their efforts make sense. And this not about revenue per se, it is more about actually understanding what is permissible. And what is doable. And I personally believe, and also a question asking about whether or not the circumvention that's been going on and, then you're trying to do referrer and using the various links, et cetera. And yes, and that is actually the core of why I think Apple are doing what they're doing. It is because people are trying to circumvent. And but having said that, there is actually also a massive trend on the way right now, where we can actually see that if you're doing first-party data versus third-party data, there is a better security and privacy around it, compared to third-party cookies. And therefore, I think the movement that is going on right now is really interesting.

Lars Grønnegaard: Yeah. But I think it's a very good question. And I think basically as a company that is ... The fact is that all companies, we are buying revenue with advertising and marketing efforts. So we're all doing that. But I think as a company, you need to think about what you think is right, and nobody can really tell you what is right. I sometimes think about, I walk down the High Street, I go into a shop, I look at a pair of shoes. Now, is it okay that the next time I come back to that shop, someone comes up to me and shows me those shoes again? So maybe you think that that is okay, maybe you don't. But that's the equivalent of, say, first-party tracking.

Lars Grønnegaard: Then third-party tracking would be more along the lines of, okay, you go out, and then you walk 500 meters down the street. And now there's an ad telling you to go back to that shop and buy those shoes. Is that okay? Maybe you think it's okay, maybe you don't. That would require third-party tracking to do that. And maybe then you go into another shop, and it's a different brand, different owner of the shop, and they show you some pants, and they say, "Hey, they'd go really well with those shoes that you were looking at." And maybe you think that that's okay, or maybe you don't think it's okay. But I think that's sort of how I think about tracking, and what is the experience.

Lars Grønnegaard: What Apple has been trying to kill off is, at least the last situation here. Which some people would feel like is like surveillance. They don't like that. And most people feel uncomfortable about it.

Stine Mangor Tornmark: It's also because I think a lot of what has been going on in the past has been about, you have no clue what is actually going on.

Lars Grønnegaard: No.

Stine Mangor Tornmark: And you have no control. And the GDPR is all about giving users a choice, in giving them insights.

Lars Grønnegaard: Totally. Totally.

Stine Mangor Tornmark: And that is why, I personally believe, the trend we're seeing with Apple is a way for them also to own the market. Which, they have been ... If you look at what Michael talked a little bit about Safari and Chrome and the ownership of market shares, is one of the ways. But I feel it's giving users the right.

Lars Grønnegaard: Yep. So, I think they're good questions, then as ... So me, and we as a company think that it's okay to track people on what you would call your own property. So the equivalent of remembering who was in your shop, what they did, so that you can serve them better, and you can also optimize your shop.

Lars Grønnegaard: But, of course, some people don't think that that's okay.

Michael Sweeney: Yeah.

Lars Grønnegaard: Yeah? Sorry.

Michael Sweeney: No, I was just going to jump in. I think what you said is really great, Lars. And definitely this is one of the questions that really sparks debate around this whole tracking side of things. Because there's so many different elements to it. There's obviously the marketing performance side of things. And then there's the privacy side of things. So, getting back to what Dennis mentioned about, can't we just do marketing without the need for tracking, certainly there is ways that you can do that, even now. There's things like contextual targeting where you don't need to know anything about the person on the website in order to show an ad, the ad will basically just be connected with the context of the page, very much how the newspaper ads were shown traditionally.

Michael Sweeney: But I suppose from a broader perspective, the main benefit, or main difference, between digital marketing and advertising compared to advertising and marketing in the offline world, is the ability to say that this campaign that I ran produced X amount of dollars for my company. It's quite hard to do in the offline world, certainly there are many different ways that you can measure that. But with the introduction of the Internet and digital advertising and marketing, it really provided companies with a lot more accurate data about what was working, what wasn't. And there are a lot of companies out there that really rely heavily on performance marketing data. They simply won't get the results from showing contextual ads, for example. They really need to see whether this specific ad, or message, was delivering the results or not. As you said, Lars, to then decide whether they keep investing in that particular channel, or they scrap it altogether.

Michael Sweeney: So it is a very interesting conversation to have, because there's so many different parts to it. Certainly the question of whether advertising and marketing could still work if there was no tracking, I suppose we'll probably find out in the near future with Privacy Sandbox and everything else that's happening. But there's a lot of different paces to it as well. And I think that's why a lot of other companies and brands are starting to look for the emerging channels as well, that are not in the traditional web browsers. They're looking at connected TV, OTT advertising, even digital out of home, as a way to still reach their target audience, but just through a different channel and through a different medium as well.

Michael Sweeney: And just the last thing I'll say about that is that, yes, there's certainly independent tech companies that participate in tracking and they place third-party cookies on web browsers, et cetera, but there's a big, in many ways, there's a big difference to that type of tracking that's done by independent adtech companies, and the type of data collection and tracking that that likes of Facebook and Google do. When you go to a website, for example, you are shown an ad. And most of the time, the only information that those independent adtech companies have is a random number, which is like an ID that's stored in the third-party cookie. When you log into Gmail, and then you start browsing the Internet, when you start using Google Search, Google collects all of that data. They know so much more about you than a company like The Trade Desk typically would. And it's the same with Facebook. So I'd say that there's also different levels, even, to this tracking and data collection topic. There's of course the tracking that's done by independent adtech companies, where, in some cases, they don't even really know you apart from just a random string of numbers and letters, and then there's of course what happens with the walled gardens, which is in many ways completely different. And of course we've seen from media reports over the past few years exactly what some of the consequences of that is.

Lars Grønnegaard: Yeah.

Stine Mangor Tornmark: Cool. Lars?

Lars Grønnegaard: Yeah, so from our perspective I think the solution is to set up your own data collection and just like most people have customer data systems where they collect data, like who their customers are, what they have bought, then basically what we advocate is that you enrich that also with behaviors, so that you know what people have done in your shop, or in the context of your marketing as much as you can. So that you can start owning this data and start to do your own analysis. So that you know, as well as you can, what actually works and what doesn't work. So that you can invest where there's impact. And I think we should maybe leave it here, for this, and then jump to your part of the presentation, Stine?

Stine Mangor Tornmark: Sure.

Lars Grønnegaard: Yeah.

Stine Mangor Tornmark: So, jumping a few, which is bit different, but it's actually tied into what Lars is saying. It's more about the insights of what is actually happening today so you get a little bit of perspective. So yes, third-party cookies are dying. I'm just jumping here. What is really interesting is talking a little bit about what is actually going on right now. And when we're talking a little bit about cookies and pop-up banners, as you know, there is a lot of attention from authorities on this area right now. The French authorities have just issued massive fines to Google and Amazon. The English ICO, the ICO, the English data protection agency has gone out and said, "Now we're going to be refocusing our efforts on the adtech business, because of the tracking that is going on, which we believe is potentially a violation of GDPR, and also the EU privacy directive."

Stine Mangor Tornmark: What is also going on is a trend where privacy and ethics are actually becoming a competitive advantage for many companies. But there is also differences from country to country on how tracking is perceived. And do you actually allow cookies or wouldn't you? And this a little of the insights that we're seeing, not disclosing any personal data, I'm not disclosing any companies, so it is okay for me to share it. But what we're seeing is that the Germans, maybe not surprisingly, are way more privacy-concerned than the Dutch people. There are a lot more people in the Netherlands are accepting cookies than there is in Germany. And we're actually talking 30 to 40% difference in acceptance rates. And when I'm talking about accepting cookies, it is where they're actually given a choice. It is not a cookie pop-up banner that says, "We use cookies," and the only thing you can actually press is okay. We're talking about where you actually have the ability to say yes or no.

Stine Mangor Tornmark: And here, what we're also seeing is that the Dutch people are saying accept or yes way more often than the Germans. There may be both a cultural difference, but there's also the difference that we've seen way more attention from the authorities in Germany compared to what we've seen in the Netherlands. But what we're also seeing is actually a trend in other jurisdictions where the French are more now focused on it. The French authorities have actually sent out a thousand letters now to the most-visited websites in France telling them that they need to take closer look at their cookie pop-ups and getting the right consents, and blocking cookies from working up until the point where the user's actually given consent. And when I'm talking about consent, I'm not talking about the necessary cookies, which don't need consent for those, but I'm talking about the analytical cookies, I'm talking about the marketing cookies, I'm talking about the remarketing. The cookies we're talking about in this webinar.

Stine Mangor Tornmark: But what you should also really, and I personally, I find it a little bit surprisingly, but is be aware of what industry are you actually in. There is a big difference if you're in the compliance software industry and have a cookie banner, compared to the sharing economy. And now you would be thinking, or at least I think I would, and I know data, so I wouldn't, there is more people accepting cookies in the compliance software industry than there is in the sharing economy. And maybe just to put a few words. It is, I think, when you're giving people an actual choice, and selling in compliance software and people can see actually see you're doing the right thing, people are actually more inclined to say yes than in the sharing economy. And you would actually, or at least would say that the compliance software's supposed to be more skeptical. I actually think when you're actually given a real choice, and you know about the rules, well apparently you're more inclined to say yes compared to the sharing economy.

Stine Mangor Tornmark: And now a little fun fact, is there are big differences between people you are selling to. So, as an example, we, and this is broad, but just to give you a concrete example, a company that is selling software to security people, here out of the last 30 days there were three people that rejected cookies. Out of, let's say five thousand. On the citizens page, which is a public body that is serving citizens, same amount of total consents, 1200 rejected. That is quite a difference. Meaning, if you're selling to security people, and they trust you and they can see that you're doing the right thing, the likelihood of them afterwards going in and rejecting cookies is way less than if you're a public government. Just FYI, there are of course differences. But these are some of the examples that I actually find funny, and also interesting because you might not think that. You might think that people that are in security would be more skeptical. And they probably are. But if you're doing the right thing, you're actually building trust. And you're actually able to target the right message to your audience compared to if you're, for example a public body, and having citizens visiting your website.

Stine Mangor Tornmark: Then there is the look and feel of your website. This has a massive impact about or, maybe not about, as to whether or not people will be accepting your cookies. So in this scenario, we are talking about a dodgy German website. So firstly, we're targeting the German market, which is a potential skeptical market in the first place. And for this specific website, it was a little dodgy. So when you came onto the site, it just looked weird. And here, the average person accepting cookies was 32%. Versus, this very polished, very trustworthy, UK website. Same cookie pop-up, same brand, same look and feel. But here, 88% actually accepted. That's quite the difference. So I think what is maybe the takeaway here is that, when we're talking about tracking and talking about use of cookies, it's very much about actually what is the service that you're offering to your clients or customers, what industry are you in, what market are we talking about, and what is actually the look and feel of your website? These all have impacts when we're talking about tracking. And I think my key, maybe recommendation or key takeaway is, make sure, for example, that you're actually offering your visitors a real choice. And that it fits in with the look and feel with your website.

Stine Mangor Tornmark: Yeah? That was a little bit about the data and insights into what is actually going on right now. We got a question, and what are the sources of the numbers? Sounds really interesting. Well, the sources of the numbers is the company that I am a part of. I can't share the numbers, the data, other than what I've just shared with you guys. But it is actual data from some of the experiences of delivering compliance software around Europe to a lot of different tech companies. Another question is, what do you expect from the new upcoming EU privacy regulation? So firstly, for those of you who don't know about the upcoming EU privacy regulation, what is happening right now in Europe is that we're going to get a regulation instead of a directive. Today, we have a directive, which means that the cookie directive is setting the minimum set of rules that all EU countries need to abide by when we're talking about EU cookies. But that also means that there are differences from market to market. Both in terms of how you interpret what is a necessary cookie, just as an example, how do you need to capture consent, and also what are the requirements for the cookie pop-up and the mechanisms around that.

Stine Mangor Tornmark: We do have some EU rulings that have helped with setting up a more unified landscape, but the rules in itself aren't completely unified. With the EU regulation coming, it will mean that all companies in Europe will have to abide by the same rules and they will not be able to do their own interpretation of what the rules should be. It will the same. What we're seeing is that it is a really lobbied piece of legislation. Because, surprisingly, surprisingly in quotation marks, the adtech industry is not that fond of the regulation. I personally think that we will be hopefully seeing the regulation being completed by the end of this year. Then there will be an implementation period. There was a new draft to the regulation in end of January, where they talk more about the consents, and where we're seeing that the rules will be toughened around the third-party cookies. And less restrictive on the first-parties. But consent will always be required, unless, for example, that we can do more anonymous data that isn't tracked and passed around.

Stine Mangor Tornmark: But so in general in terms, I think we'll be seeing maybe something after the summer period. Everything has been slowed down due to COVID. And it's going to be very interesting to see. What I'm going to do, if it's okay with you guys, is to stop sharing my screen so that I can see you guys as well. Oh, sorry.

Lars Grønnegaard: Infinity.

Michael Sweeney: Yeah.

Stine Mangor Tornmark: Post video, no. Infinity and beyond. I'm jumping back, just to make sure that doesn't really screw up. And so you don't have to look at infinity and beyond. Johanna is asking, I see a lot of companies that don't follow the cookie regulations. Mostly smaller businesses. Do small businesses ever get fined? And yes. This is a yes. I can actually tell you that the Belgian authorities took a little bit of ... It was a tiny little shop. It was [among one nine band 00:57:20]. He actually had a little legal library, where offered different rulings. And he got a fine. And you're kind of like, what? What? Really? Yeah. We're also seeing that, with the French, as I've said, they've sent out letters to a lot of websites. The biggest in France. But at the same time, every authority in Europe will presumably be prioritizing, that's what they've said, these rules this year.

Stine Mangor Tornmark: So I think the biggest maybe recommendation from my side is that even though you're a small business, do this. Don't do it because you don't want to get the fine, do it because you want to do the right thing because, back to what I've just shown you, it's actually also a way to build credibility to your target audience. People know about the cookie rules. Everybody's seen a cookie pop-up banner. And what we're seeing is that people are becoming more and more aware of whether or not you're giving them an actual choice to say yes and no. So that is definitely something I would be focusing on, and not just focusing on whether or not I was getting a fine.

Stine Mangor Tornmark: Okay. So Kyle is asking a question, "How do we solve the problem of not having to show the cookie consent pop-up almost every time a visitor comes to our site?" Well the thing is, normally what you would do is, when you're delivering a cookie software solution like we are, we're regarded as a necessary cookie. Meaning, we're actually allowed to place a cookie on the device so we can remember whether or not the user gave consent or not. And whether or not the cookie should be blocked. So, the way that we're doing it is that, normally you would get a unique identifier that would then remember whether or not the user's been seen before. But if we're talking about a multiple of different domains, of course we wouldn't know that this is a new user for each of these domains because we're not tracking across sites. But if you're coming to the same site every time from the same device, you should be getting away from the problem of the cookie banner popping up every time.

Stine Mangor Tornmark: Then we got a question, does Legal Monster support Google Consent Mode? It's actually funny that you're asking. It is not supposed to be about Legal Monster, we're actually rolling it out next week. And for those of you who don't know it, Google has come out with a Google Consent Mode, actually also to help with many of the issues that have been around making sure that you actually get a little bit of insights into the visitor's behavior, without it being in any way personalized to a persona, without any type of PII, meaning personal data, being captured. All being anonymous-based, which it's going to be interesting also, back to the development, to see what will be going on in the different areas of the cookie development.

Stine Mangor Tornmark: Cool. So that was actually it. Thank you so much, guys, for the questions, and thank you so much, Michael, for staying up late. And Lars, thank you.

Lars Grønnegaard: Thank you, thanks for having me.

Stine Mangor Tornmark: And as always, if you guys have any more questions, just shoot them off. We're happy to help. And I think it was quite amazing that we had so many join, and even more amazing to hear Michael talk about the upcoming world of cookies, third-party cookies and tracking. So thank you so much, guys.

Lars Grønnegaard: Thank you.

Stine Mangor Tornmark: Take care, and see you hopefully soon!

Michael Sweeney: Yeah, thank you everyone, thanks guys for having me. It was a pleasure. Thank you.