A mountain scape.

Can Digital Marketing Survive New Browser Privacy Changes?

Cory Underwood
CIPT, CIPP/US, Analytics Engineer
Sep 22, 2020

This is a complex topic – we’re here to help and evaluate how you, specifically, may be impacted.

Which marketing teams will be impacted by new browser privacy updates?

A cascade of darkness shall descend across the landscape, bathing the industry in shadow…

You may think that sounds dramatic, but Analytics and Advertising professionals alike sure need light shed on how to prepare for browser privacy changes, in the coming months, because multiple segments of customer traffic across the open web may ‘go dark’. This article will explore the impact to the advertising industry and what marketing professionals should be aware of as we enter this new world.

Are you impacted?


  • Do you run any marketing campaigns?
  • Do you run any personalization efforts or site testing/optimization?
  • Does your user information help drive business decisions?


  • No customer tracking set up or needed
  • Marketing/tagging metrics not needed past 7 days
  • Existing technical design is compatible with privacy protections

What are the browser privacy impacts on marketing?

For most people, browser patch notes are not, shall we say, an interesting reading. They can be so boring that not even developers who depend on browsers for their job will read them unless something on the website breaks.

However, for the past few years, browsers have been changing, shifting to a privacy-focused mindset. The details come in waves, with major shifts in how web applications have to be built to preserve current functionality. The notes don’t say that of course, it’s hidden behind some bullet point that belies the impact of the words. Let’s take a look at a few…

#1 Campaign Performance
Here’s what the developer notes say:

Trackers executing script in the first-party context often make use of first-party storage to save and recall cross-site tracking information. Therefore, ITP (Intelligent Tracking Prevention) caps the expiry of all cookies created in JavaScript to 7 days and deletes all other script-writeable storage after 7 days of no user interaction with the website.

What’s that mean for marketing?

It means that most client-side tools will stop recognizing users after 7 days in Safari. While it may be tempting to think, “OK, it’s only Safari…” at that last sentence, there are two things to consider:

  • With iOS 14, all browsers on iOS and iPadOS will behave this way
  • In the North American mobile market, iOS holds roughly 53% market share.

So, from a marketing perspective, this means that unless the conversion event occurs within the 7 days (and, in some cases, within a window that could be as low as 24 hours), the conversion won’t be linked to the campaign. This will result in lower Return on Investment on the campaign spend (even if, ultimately, the campaign is the reason for the sale).

The underlying attribution model requires that sticky identifier (commonly found in cookies) in order to deterministically link the campaign with the conversion. Since the browser deletes that cookie much faster than intended, that link is broken.

As a result, it is likely that paid media channels will under-report their actual contribution. The ‘Direct’ channel could likewise be inflated because it’s essentially stealing the conversions from the paid media once the linkage is broken between the two sessions.

This may also mean that affiliate commissions are not being credited, because while the affiliate drove traffic to the site, unless the sale occurs fast enough, they may not have been able to determine it was their traffic, specifically, that resulted in conversion, and thus fail to earn commission.

How Browser Privacy Changes Affect Data Utilization

#2 Remarketing
Remarketing relies on a common identifier shared between two websites and that’s commonly done via what is known as 3rd party cookies.

So a developer may read these notes:

Safari: Intelligent Tracking Prevention by default blocks all third-party cookies. There are no exceptions to this blocking. Third-party cookie access can only be granted through the Storage Access API and the temporary compatibility fix for popups.

Firefox: Enhanced Tracking Protection (ETP) rolls out stronger privacy protections…The default standard setting for this feature now blocks third-party tracking cookies and cryptominers.

Microsoft Edge: Restrict storage access – If a known tracking resource tries to access any web storage where it may try to persist data about the user, Microsoft Edge blocks that access. This includes restricting the ability for that tracker to get or set cookies as well as access storage APIs such as IndexedDB and localStorage.

They all basically mean the same thing in Safari, Firefox, and Edge: Retargeting across sites may not work, because, like in the first scenario, the link that establishes the connection that says, “I am a person on sitea.com who did not buy, and am now on siteb.com and should see an ad,” is broken. Since no previous identity can be established, remarketing is not possible.

This means, from a marketing perspective, that retargeting should be investigated to see if it is working as expected.

#3 Referral Traffic
Here’s what the developer notes say:

All third-party referrers are downgraded to their origins by default. This applies to both HTTP referrer headers and document.referrer. For example, if the full referrer is https://www.social.example/feed?clickID=123456, it will show up as https://www.social.example/.

So what does that have to do with Marketing? It means that we can no longer get the exact referral path when the user is coming from another website. It’s tempting to think “Ok, as long as I know the site…” but we should remember that Google’s AMP (Accelerated Mobile Pages) links all begin with Google’s CDN.

Essentially, this:

Becomes this:

So now we know Google sent traffic. Neat. Was it Search? Was it AMP? Was it some other source? We don’t know (and can’t tell) from the referrer alone. As a result, anything that was looking at the referrer alone to make a determination now needs to be cross-referenced with another data point (if one is available—it’s not always possible) just to maintain being able to determine where the traffic came from.

It’s harder than ever to keep up with the cascade of changes impacting the Internet and catching marketing efforts in the crossfire. It’s hard to tell when that next bullet point in the patch notes may mean there should be a discussion on shifting spend within the marketing plan. I would like to leave you with two things to know about this topic:

  1. It’s a super complex topic that shows no signs of slowing down. The privacy impacts are now part of the organizational day-to-day operations and should be accounted for.
  2. We’re here to help talk about your specific situation, how you may be impacted, and what (if anything) you can do about it. Read more about our services, including FREE website audits to identify the impact browser changes are having on your website tracking; technical services, based on your analytics, to help you meet your goals; and data science solutions to help you work with the data you have to create attribution models that fill the gaps created by browser updates.

How can we help?

Cory Underwood
CIPT, CIPP/US, Analytics Engineer

Cory Underwood is a certified data, analytics, and security expert with more than a decade of experience leading strategies across website development, optimization, and data compliance. As Senior Lead Analytics Engineer at Further, he develops security and privacy strategies for both the internal team and our clients. Cory is dedicated to teaching others the value of data through his blog and numerous speaking engagements. In his free time, Cory can be found playing video games, cooking delicious BBQ meals, or practicing his woodworking.


Read More Insights From Our Team

View All

Take your company further. Unlock the power of data-driven decisions.

Go Further Today