GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

In recent years, brands have started butting up against the line between convenience and privacy.  Shoppers love the convenience of personalized experiences that their data powers, but then horror stories such as the Cambridge Analytica scandal make people skeptical about how much information companies should be collecting and sharing.

Related: Apple battles Facebook over consumer privacy

Fundamentally this comes down to the underlying user identity, what data it contains, who generates that data, and where it resides.

Here we’ll discuss the implications to the third-party tracking and data which has been most impacted by recent privacy regulations and protocols. First it is important to understand the different degrees of data privacy.

Degrees of privacy

Customers share their information either explicitly through forms and transactions, or implicitly through their behaviors such as searches and clickstreams. Data explicitly provided by the user is considered “zero-party” data.

In ecommerce, this commonly comes in the form of a registration, a review, or a purchase. This is used for communication, personalization and targeting tactics that the user basically opts-in to when they submit their information. Check out the examples below from Forrester’s blog.

“First-party” data is different from zero-party data. First-party data is based on inference collected from either implicit or explicit events that are collected internally. User insights or personalization based on signals such as searches and clickstreams are examples of this. The user most likely is not aware of what type of behavioral information is being collected on them or how it is actively being used.  Users concerned about this tracking can disable tracking and opt-out.

“Second-party” data is essentially the first-party data of another organization. Marketers frequently purchase or share first-party data from another partner organization. Another common scenario in ecommerce is in multi-brand or multi-site situations where the customer profile is shared across sites.

Data collection red flags

All of this leads us to “third-party” data. Third-party data is generally implicitly collected, used and shared from an external party across sites. A third-party system could use a combination of a remotely hosted tracker and third-party cookies for web or MAIDs (mobile ad identifiers).


These have been used by advertising networks to retarget the user across multiple touchpoints on the web. The end user generally is not aware what information is collected on them, how their information is being used nor by whom. That raises a major privacy red flag. Device fingerprint data is a good example of information that could be automatically shared without the user knowing.

Sure, retargeting a user based on their interactions on other sites may help warm up a personalized experience and help to drive more relevant ads, but doing so without the user’s consent is a big no-no. Regulations such as the California Consumer Protection Act (CCPA) in the US and General Data Protection Regulation (GDPR) in the EU address this, particularly when personally identified information (PII) is involved.

This also triggered companies such as Apple to incorporate significant privacy protection in their Safari browser back in 2017 which has now become a standard across most of the major browsers. ITP restricts not only tracking but storage of user data in the form of third-party cookies or MAIDs. This has created a challenge for organizations dependent on third parties for capabilities such as analytics and personalization.

E-commerce impacted

Third-party data restrictions primarily impact the marketing, personalization and analytic functions of ecommerce. For example, remarketing through an advertising network based on cross-site behavior will be a challenge.  Similarly, building campaigns around third-party audiences will no longer be possible.

From a personalization perspective, retargeting experiences based on cross-site behavior will no longer be possible. Analytics data collection requiring third-party trackers will be blocked as well as the ability to generate insights using any third-party data.

As more ecommerce experiences leverage customer data platforms (CDPs), those CDP’s that are not based on first-party data will no longer be of use. Finally, by storing any third-party PII data you put your business at risk in achieving compliance in audits such as SOC ?, ISO 27001. etc.

Some known workarounds exist, including:

•Hosting a tracker locally such as on a subdomain or your primary domain so all traffic and storage is treated as first-party

•Using server-side API interactions to exchange data

•Integrating additional customer touchpoint data both offline and online across your enterprise to augment your customer intelligence

•Just using zero- and first-party data only

First-party superiority

Here are the big five that make first-party data superior to the others we’ve discussed:

•Control: Dictate what data you want to collect and how to collect it

•Context: Enrich your data further with additional surrounding and situational data specific to your touchpoints

•Freshness: Important for continuous and real-time 1:1 experiences across touchpoints

•Accuracy: Collected directly from your customers versus third parties

•Low cost: No need to pay a third party for data

A balancing act

Consumers have come to expect personalization, but they don’t want their every move to be tracked.  Numerous research studies show that predicted experiences based on first-party intent are significantly more effective than prescriptive approaches based on intent calculated by third parties. Predictive approaches are possible by pairing first-party data with ML-based models.

The regulations and protocols go a long way to protect consumer privacy without restricting organizations’ capacity to provide a phenomenal digital experience. Invest in technology that can collect first-party data and transform it into insights to power a better digital experience, minus the creep factor.

About the essayist: Sanjay Mehtha is the head of industry & ecommerce, at Lucidworks, a San Francisco-based supplier of ecommerce solutions that empower personalized search, browse, and discovery.

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: