We All Know What Cookies Are?
Everyone knows what cookies are - or think they do. Put simply it's an alphanumeric file stored on a user's device to identify them and their online behaviors. For a fuller description of this and other terms, see the website links at the end of this article.
There’s also been a lot of talk about the death of cookies and cookieless tracking across digital channels. There have been big changes in the way cookies are handled, with announcements from Apple, Google, and others laying out their visions of a digital future with the internet user having more control over what they see.
The introduction of the GDPR regulations back in 2018 was a wake-up call for businesses selling to European consumers. It is now crucial that companies have documented procedures for dealing with personal information and consent is explicitly given for data to be stored. That includes all affiliate cookies.
Third-Party Cookies Will Disappear
In response to the changes and announcements from Apple and Google, many leading global affiliate companies have joined together to tackle this; the affiliatepartnertracking website provides a useful downloadable guide.
Most affiliate networks are moving over to using first-party cookies or have a thorough plan in place. So from an affiliate perspective, all should be covered. However, along with the changes in tracking there has been a steady movement towards more rigorous cookie compliance. Anyone still relying on third-party cookies will of course not track at all in Safari - that’s 10% of all internet users!
Do GDPR and PECR affect US affiliates?
The General Data Protection Regulation (GDPR) is intended to formalize consumer protection against having their data stored without consent, across all EU markets. That includes the simple information included in cookies - and more importantly any website that can be accessed by European users.
Most people have read that fines of up to 20 million euros, or up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher. That applies to any organization globally where an EU resident reports a breach, which should concentrate the mind of any affiliate business, anywhere.
Of course, apart from publisher websites with memberships such as cashback or forums, the average affiliate won’t be processing personally identifiable data, though all consumer data should be managed according to the best practice in these and other regulations such as the EU-US privacy shield
Don’t forget that California’s CCPR is in place along with similar regulations in other states, so you can’t ignore it.
The basic thrust of the Privacy and Electronic Communications Regulations (PECR)
is that if you use cookies you must:
say what cookies will be set;
explain what the cookies will do; and
obtain consent to store cookies on devices
consent must be explicit and not just an “I’m OK with cookies” button.
Compliance for Affiliates
If you’re using a cookie management platform, the Accept / Deny boxes can be a real block before the website content is shown. Different advertisers have applied it in very different ways. Moonpull has identified that how this is implemented has a significant bearing on both website conversion and the effectiveness of affiliate tracking.
Publishers will need to understand how this all impacts their business, and it doesn’t just cover European affiliates.
US affiliates will need to ensure compliance with the CCPA legislation as well. Using broadcast techniques such as mailing to acquired email lists has already been tightly controlled for some time. Services such as Mailchimp and Hubspot require close management of lists and user consent to ensure continued service.
For most smaller websites there are free tools and WordPress plugins and there are plenty of mainstream options available, with the most commonly applied in the affiliate industry being OneTrust, Tealium, and Quantcast.
7 Key Points for Affiliates
Most networks have issued guidance for publishers but there are a few key points that any affiliate needs to put in place:
Assess the impact of GDPR, PECR, and CCPA on their websites and business
Ensure transparency for website visitors - including of course an affiliate disclosure
Ensure any personal user data is securely stored where strictly necessary and processes documented
Upgrade privacy policies and include a cookie consent capture
Anonymize user data where practical
Keep up to date via affiliate networks’ latest information*
Assess the advertisers being promoted to ensure that their CMPs are compliant and don’t interfere with affiliate tracking.
Publishers need to be aware of changes in how a program tracks to ensure commissions aren’t being eroded. It’s great advice to keep a log of EPCs and conversion rates over time to spot inconsistencies.
But affiliates are no longer flying blind. The Moonpull platform has been designed to shed light on all of this and is uniquely configured to give cookie and tracking analysis in granular detail. The outputs also provide a comprehensive picture to pass through to an advertiser.
This puts the tools in the hands of affiliates to understand this and let the networks and advertisers know how to fix it. It is also a step towards reclaiming the commission erosion and adding 5% extra revenue to everyone’s bottom line.
Chris Tradgett
Moonpullpartners.com
Chris has 20+ years of experience in affiliates, as one of the initial team at the buy. at affiliate network, followed by agency, client-side, and tech SaaS experience. He was the founder of Publisher Discovery and is currently strategic adviser for Moonpull. Off duty, he’s a keen baker and singer.