The Evolving Browser Privacy Landscape for Marketers

Browser Privacy Concerns

The competition to be known as the most privacy-focused browser is heating up among Safari, Firefox, and Google Chrome. With third-party cookies, which are essential for website analytics, becoming a key topic in privacy discussions, the browsers are taking a closer look at their role.

Third-party cookies have been utilized to provide users with a seamless cross-site experience and to personalize advertisements based on their online behavior. They can also remember items in a virtual shopping cart when a user leaves a website. However, they also pose a significant threat to privacy as they can track users across the internet and allow unauthorized access to a web system through cross-site forgery attacks. This puts any user’s browsing data at risk of being compromised.

Given the privacy concerns surrounding third-party cookies, the leading browsers have agreed to phase them out. Chrome has even announced that it will stop supporting third-party cookies within the next two years, setting a timeline for competitors with a 65% market share to follow.

While increased privacy protection is critical, especially in regards to personal browsing data, the new privacy guidelines will require marketers to adapt as third-party cookies become obsolete and cross-domain data sharing becomes more restricted.

Browsers are taking privacy more and more seriously…

In a digital landscape where privacy is becoming increasingly important to consumers, browsers are working to provide the most secure and private experience. A recent study showed that 81% of consumers feel they have no control over the data collected by companies. In response, browsers have implemented various updates to enhance their privacy stance.

Safari:

Safari With the release of version 11 in 2017, Safari introduced Intelligent Tracking Prevention. This feature strengthened privacy by eliminating support for third-party cookies and implementing a Storage Access API, which requires user consent to share data across sites.

Firefox:

Firefox Following suit, Firefox rolled out Enhanced Tracking Prevention in version 69 in 2019. This update blocked third-party services connected to sites classified as known trackers. These domains collect, share, retain or use data for tracking purposes. Firefox also gives users the option to switch to stricter privacy settings that block all third-party cookies.

Google Chrome:

Google Chrome Chrome made its own move towards privacy with the release of version 80 in 2020, which introduced default SameSite settings for third-party cookies. The SameSite attribute identifies whether or not a cookie can be accessed and, with specific parameters, allows for first-party cookies to be sent while restricting third-party cookies. After implementing these settings, Chrome announced plans to phase out support for third-party cookies entirely by 2022.

As browsers continue to prioritize privacy, marketers will need to adapt and find new ways to reach and engage their audiences.

Differences between first and third party tracking cookies

It’s crucial for marketers to understand the distinction between first-party and third-party context as browsers enforce stricter privacy policies. Understanding this concept will become increasingly important as the privacy landscape evolves.

First-Party Context First-party context refers to data that is stored within first-party cookies, and the services used by a website share the same domain, represented by the Top-Level-Domain+1 (TLD+1), such as website.com. These cookies create a personalized experience for users while they are on the site and are not shared with third-party websites that have different domains.

Third-Party Context Third-party context means that data is stored within third-party cookies, or services that do not share the same TLD+1. For instance, let’s consider a video on website www.websiteblog.com hosted on www.websitetube.com. In this scenario, the video service is considered a third-party service.

Imagine the service provides an option for the viewer to resume their incomplete viewing the next time they visit the site. The service must store the time the viewer stopped watching somewhere in their browser, and it may choose to store this information in a cookie for www.websitetube.com, which would be a third-party cookie.

Marketers must plan NOW for privacy

Marketers must start examining the customer experience across their brand’s digital presence, especially if they have multiple websites. In the past, third-party cookies have been the primary means of providing a seamless experience for users, but due to the recent privacy changes implemented by browsers, marketers will have to pivot to first-party context. To adapt, they can take the following steps:

  1. Combine Microsites under One Domain: Minimize the number of TLD+1 domains used for offerings and combine multiple microsites under one TLD+1 domain for a more seamless experience. This gives users the assurance that all activity is within the same company and their data is not being shared with potentially harmful third parties.
  2. Assess Third-Party Cookie Dependencies: Work with the IT team to identify which marketing services and sites have third-party cookie dependencies. With the eventual loss of third-party cookies, marketers must have a risk mitigation plan in place to address the impact on their marketing tactics and user engagement.
  3. Give Users Control over their Data: Consider offering users more control over their data in a clear manner. As user consent becomes increasingly critical in the next decade, companies that want to be trusted with user data must prioritize giving users control.

By taking these steps, marketers can continue to provide personalized experiences that drive engagement and loyalty, even as privacy restrictions become stricter.

For more information, check out Salesforce’s help documentation on privacy and browser cookie tracking.

Pardot’s Permission Based Marketing Policy

Permission Based Marketing Policy

Pardot, now called Marketing Cloud Account Engagement, requires permission-based email marketing. Our customers certify that they will use our services only to send email to customers and prospects that have expressly consented (opted-in) to receive them. Our customers are forbidden to transmit spam via our system and/or the Pardot Services.

“Spam” is unsolicited commercial email, junk email, or bulk email that has not been requested by a recipient.

Pardot Customers: Prohibition Against Spam

Our customers may not use the Pardot Services or the products or services provided through or in connection with the Pardot Services to send spam.  Our customers agree not to send emails via our system unless the recipient has explicitly opted-in to receive email directly from the customer. For any opt-in list of email addresses used in Pardot’s system, customers agree to provide us with the source of the addresses, the method used for recipient opt-in, details surrounding the process used, and whatever other information relates to the transaction or sign-up process. This includes, but isn’t limited to, date and time of sign up, IP address of signup, website signed up from, disclosures provided in connection with the signup, manner of obtaining agreement, and whatever other information the customer asked of the recipient at point of sign up.

Our customers certify that they will not use rented, traded, or purchased lists, email append lists, or any list that contains email addresses captured in any method other than express, customer-specific opt-in when using our system to send emails. The use of opt-out lists for such communications is prohibited in our system. Pardot retains the right to review customer accounts and emails to verify that customers are abiding by the privacy and permission policies set forth herein. Our customers are required to comply with our policies and all applicable laws.  Buying lists of email addresses from third parties and sending bulk emails to the addresses on that list is expressly prohibited and may result in the suspension and eventual termination of the customer’s account.

Customers agree that an unsubscribe or opt-out option will be automatically appended to every email sent via Pardot. If an email is sent with an unsubscribe option removed in any way outside of an appropriate transactional email send, it will be considered a violation of this policy and may result in termination of a customer’s account.

In the event that a customer violates any one of our usage rules, Pardot reserves the right to suspend or terminate, without notice, access to the customer’s account and all related data.

Email Recipients: Reporting and Addressing Complaints

Unsubscribe from the email with the opt-out option of your choice and send us a message to notify us of spam.  Alternatively, or in addition, feel free to report the message to a spam reporting entity. For example, Spamcop at www.spamcop.net provides an easy way to report unwanted mail as spam. You can also use your email provider’s (Gmail, Hotmail, Oath) “report as spam” mechanism to notify the ISP that the message is spam. ISPs use this information to determine good senders from bad senders, and we regularly work with ISPs to take action based on that data.

We receive, investigate, catalog, and take appropriate action based on complaints we receive.

Our customer will be notified of the complaint and may be required to provide account access for an independent review of the complaint received. During this review, the email address will be unsubscribed from all future mailing. Additionally, our customer will need to provide information regarding the source and opt-in method of selected email addresses in their overall database or of the specific complaint.

If our customer is unable or unwilling to provide explicit opt-in information, the customer’s account privileges may be suspended and eventually terminated at Pardot’s discretion.

Marketing Cloud helps Marketers Comply with Privacy Regulations

The integration of technology into our daily lives has taken center stage in modern society. From our wrist-worn fitness trackers to the massive data centers powering the internet, computers of all shapes and sizes are now a ubiquitous presence. However, this interconnected world also poses challenges, particularly in regards to privacy and security.

As a response to these challenges, worldwide legislative bodies have enacted regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to give consumers more control over their data and penalize misuse.

To stay ahead of the competition and maintain consumer trust, companies must prioritize data privacy and security. Marketing Cloud Account Engagement (Pardot) is dedicated to helping our customers comply with existing and evolving privacy regulations while providing tailored solutions to fit their specific needs.

OBTAINING CONSENT

Consent is at the core of our approach to marketing automation. Marketing Cloud Account Engagement (Pardot) follows a strict permission-based email marketing policy, and offer our customers flexible configuration options for email consent collection and management. Additionally, we offer options for governing communication suppression, ensuring that data privacy remains a top priority.

EMPOWERING CUSTOMERS TO MANAGE THEIR DATA

Customers should have the power to manage their own data. That’s why we support the right to know, the right to be forgotten, and the right to rectification, allowing customers to search, correct, and permanently delete their personal data records. This support extends to restrictions on processing and restrictions on sale of information, and enables compliance with data portability requirements.

INCORPORATING PRIVACY-BY-DESIGN

We prioritize privacy in the design of our software interfaces and encrypt all data at rest by default. The Data Processing Addendum to the Master Subscription Agreement defines our compliance with GDPR and CCPA through Binding Corporate Rules, offering our customers the necessary certifications and security controls to comply transitively.

THE FUTURE OF PRIVACY

The future of privacy is one that is constantly evolving. From a legal and social perspective, the importance of privacy is receiving widespread recognition and support. Marketing Cloud Account Engagement (Pardot) keeps a close eye on these trends and will continue to support our customers in navigating a changing legal, technical, and social landscape.

We firmly believe that Pardot protecting privacy is a fundamental right, now and always.