Sep 27, 2023

Adobe’s approach to a cookieless world

Jeff Larche

Jeff Larche

Adobe’s approach to a cookieless world

There is a saying in toxicology: "The dose makes the poison." A little of a substance can be harmless. A lot can be fatal. As unlikely as it sounds, the same is true for your digital analytics and advertising efforts. If you feared that the concerns around data privacy, causing a couple of leading web browsers to restrict cookies, would be harmful -- you and your team have so far breathed easier. For our clients, those changes haven’t hurt much.

The reason for that is not the cookie restrictions themselves but the dose.

Together, those two browsers — Apple’s Safari and Mozilla’s Firefox — comprise roughly 10% of all traffic to web properties. Yes, that smarts, but you still have the other nine-tenths of your data chugging along successfully, using completely unrestricted Third Party and (CNAME Cloaked) First Party cookies.

Now picture what happens when Google Chrome follows suit. The 2022 U.S. web browser share for Chrome was 82%. That’s a potentially crippling dose of lost data. Luckily, Adobe has developed an antidote.

“The ‘Cookiepocalypse,’ set to occur in late 2024, is fast approaching. Google will withdraw support for 3rd-Party cookies in its Chrome browser, leaving just one browser in 10 able to deliver the functionality that has supported online marketing and advertising since the birth of the commercial internet.” -- Rethinking Digital Marketing in a Post-Cookie Era, Relay24 and London Research, 2023

First Party Data to the Rescue

As I mentioned in The Importance of CDPs in a Cookieless World, making the data on visitors your own is essential. The reason privacy-forward browsers have greatly limited the lifespan of Adobe’s CNAME Cloaked First Party cookies is that the IP address is owned by Adobe, not your domain. And although Adobe is scrupulous about protecting user data, you cannot be legally expected to enforce what Adobe does once it leaves your possession. Adobe realizes the only solution is to help its clients generate true First Party cookies.

That’s where the concept of a First Party ID (FPID) comes in. It’s contained in a cookie that your organization issues, either from a server (actual or cloud-based) or your content distribution network (CDN).

Simplified, what happens is that a handshake takes place, in real time, between the standard cookie Adobe issues containing the Experience Cloud ID (ECID) and the FPID. And while this handshake can occur during the operation of the Adobe Experience Platform (AEP), which is Adobe’s CDP, it can also happen using a couple of components of its AEP.

WebSDK and the Adobe Edge Network

A general scenario is that when a visitor arrives at your site, the WebSDK, using the Edge Network, determines whether the cookie containing the ECID exists. If it does not, that could be because this visitor falls into one of these three buckets:

  1. Has been to your site before but deleted all cookies

  2. Has been to your site before but because of restrictions on the type of cookie containing the ECID, the browser has deleted that cookie, making the visitor appear to be new

  3. Is indeed new -- never visited before on that device

There is one other scenario, and that is this: The repeat visitor chose during their latest visit to restrict the use of tracking cookies, using a cookie consent app. That’s not listed above because it’s a tracking-killer event. Adobe has developed its system to work with cookie consent to adhere to all regional privacy laws and to follow all user privacy wishes!

If an ECID does exist from a past visit, the WebSDK, working with Adobe Launch, passes that identifier without incident. It also does one extra thing: It ensures there is an FPID in a true First Party cookie and passes it along to Adobe Analytics as part of the ECID-associated data payload, structured within Adobe’s Experience Data Model (XDM).

Two Cookies Are Better Than One

Visits enabled by the WebSDK and the Edge Network become a game of “find the cookie” and producing one where none exists. In all three instances above where the ECID is missing, the cookie containing a new one gets generated. Additionally, if the FPID is also missing (as would be the case in scenario No. 3), that cookie is also generated.

In all cases, the handshake between those two new or partially present cookies ensures that a First Party identity is preserved whenever possible. This is the antidote needed for the “Cookiepocalypse.”

The Bottom Line

This antidote is crucial because what is at stake is these four “poisons” to your digital marketing efforts:

  1. Inflation of unique visitor counts over time

  2. Mis-attribution of digital conversions overall

  3. Reduced optimization of lead generation spending from sources like Meta and LinkedIn

  4. Shrunken look-back window in A.I.-based personalization algorithms

We’re delivering this antidote to our clients within a full CDP implementation or in a “starter phase” that paves the way for a CDP. Want to learn more? Schedule a conversation or request our point-of-view documentThe Cookieless Future and Adobe. It’s free and full of details on how to protect your data before it goes away!

Conversation Icon

Contact Us

Ready to achieve your vision? We're here to help.

We'd love to start a conversation. Fill out the form and we'll connect you with the right person.

Searching for a new career?

View job openings