Apple IOS 14 Privacy Changes

Share This Post

Privacy is a hot topic for product and marketing managers, thanks to the higher level of regulation in the European Union. Apple’s IOS 14 operating system includes stronger privacy protections for Apple mobile users. Whether those meet the requirements of the GDPR is still under debate, but regardless, advertisers will need to be aware of how IOS 14 changes will impact their ability to measure and personalize advertising.

Since 86% of Apple iPhone and iPad users have upgraded to IOS 14, businesses that advertise online need to be aware of how these privacy changes will impact the creation and management of digital marketing across different applications.

To understand how these privacy changes will impact advertisers, it helps to understand the engine that drives digital marketing personalization and tracking – cookies. I can remember “clearing the cookies” every time I closed my browser. (I’m old, let’s admit it.) But cookies have become such an integral part of how the Internet works that we’ve become less aware of them.

There are several categories of cookies, grouped by function and attributes. Not all of these are impacted by the IOS 14 privacy changes.

  1. Session cookies – These are a website’s short-term memory that allows a site to recognize you as you move from page to page within the site. If you’re shopping, session cookies are what allow you to build a shopping cart, view it, continue shopping, return to the cart, and take the cart contents to check out. Session cookies are temporary and are automatically deleted when you close your browser.
  2. First-party cookies – These are persistent cookies specific to a site. These allow you to set web site preferences such as language or themes, and they also save your credentials so that you don’t have to login every time you visit a site. These expire after a set period of time. Some first party cookies can also record data about a user’s browsing habits.
  3. Third-party cookies – These do not match a domain that you have visited and are not associated with the site-specific benefits of first-party cookies. They exist only to track user browsing and purchasing behavior and demographics.
  4. Secure cookies – A cookie with a “secure” attribute flag is only transmitted over an encrypted channel. Meant to enhance data security, secure cookies are nonetheless not “hack-proof,” especially if a site has both an HTTP and HTTPS version.
  5. HTTP-only cookies – Cannot be accessed by scripting languages like JavaScript, making it more secure from hacking.
  6. Flash cookies – These are basically stealth cookies that are disguised behind the Flash plugin to make them harder for a browser’s native cookie management tools to detect. (Gross!)
  7. Zombie cookies – Related to a Flash cookie, Zombie cookies take advantage of storage outside of the browser’s cookie folder and recreates itself if deleted. (Double gross!)

Session cookies aren’t impacted by the IOS 14 changes. First- and Third-party cookies are though, in that users have the option to say “no, don’t track me across different sites and applications.” So, LinkedIn wouldn’t be able to track that I went to Michaels to look at picture frames, to the IRS to register an EIN, and to Shopify to look at pricing plans, and therefore serve up ads for small business loans and matboard cutters next time I visit.

What does this mean for advertisers who want their marketing to reach the right audience but need to remain compliant with changing privacy requirements?

If you’re advertising on Facebook, you need to know about their Aggregated Event Management feature that enables personalization within the confines of IOS 14 privacy rules using Facebook pixel events.

What the heck is a pixel event, you might ask? (I did, don’t feel bad.)

Facebook Pixel Privacy

A pixel event is an action defined on a website using embedded code which sends information to Facebook when the event is triggered by a user. For example, you could define View Product, View Product Details, View Product Reviews, Add to Cart, and Purchase as pixel events, each of which would communicate data concerning the user action to Facebook. There are 17 pre-defined standard events which are widely used. This data helps Facebook advertising in three ways:

  • Tracking – Facebook is able to identify that someone who clicked through to your site via an ad converted to a sale, helping you to understand how successful your advertising campaign is.
  • Optimization – Facebook can use conversion statistics to help you reach other likely customers.
  • Targeting – You can use the pixel event data to target a specific audience. For example, this person came to your site, viewed products, and left. Can you target them with a promotion that might make them more likely to return and buy?

In order to ensure IOS 14 compliance, brands will be limited to tracking 8 pixel events per domain. This includes both standard and custom pixel events. Brand managers will need to define these 8 events and rank them in order of priority in Facebook’s Events Manager feature. For users who select IOS 14’s opt-out feature, Facebook will only track the last event touchpoint in order of priority.

So what does that really mean to you?

First, make sure that your domain is correctly registered with Facebook.

Then, determine what part of your sales funnel is most important to you from a strategy point of view. It might seem like 8 events is a lot, but it really isn’t. You’ll need to analyze what events will bring the most valuable data to your marketing team.

Then, you’ll need to set up your Facebook advertising campaigns to correctly utilize the available events. For example, each ad set you create can only optimize for one of the 8 designated events. If you attempt to optimize for an event outside of the eight you have prioritized, that ad campaign will automatically be turned off and can’t be reactivated. You don’t want that to happen!

Another restriction that you need to be aware of is that one mobile application is limited to 9 IOS 14 ad campaigns at any point in time. If you set up more than 9, the over-the-limit campaigns will not deliver until another campaign is turned off or expired. It takes 72 hours for a turned-off campaign to reset.

Once your campaign is correctly set up and running, you’ll want to access reporting on its effectiveness. This too, is changing with the new privacy constraints. The 28-day click through, 28-day view through, and 7-day view through data will no longer be available. What will be available?

  • 1-day click
  • 7-day click (default after Apple prompt enforcement)
  • 1-day click and 1-day view
  • 7-day click and 1-day view (initial default)

(Quick Reminder – A click is when someone activates a tracking link to go to a destination page. A view is when someone visits a webpage that has a tracking pixel.)

Does this seem like a lot to figure out? Are you concerned about losing the value of your advertising dollars given these additional restrictions? Reach out to us and start a conversation about how we can help you successfully navigate this changing landscape and keep your business thriving. We’re here for you!


More To Explore