Keep in mind that the data supply chain is exactly that, a chain. If one partner has not implemented the change correctly, it messes up the flow of data. The chain is only as strong as its weakest link. Brands that rely on bad data could start to see disparities between metrics reported in various systems.
What is SameSite?
As a precursor to the many internet privacy changes to follow, Google in 2020 made a SameSite cookies update to its Chrome Browser. In this article, we’ll explain what that means for marketers and some glitches it may be causing on your site that could lead to the loss of valuable data on conversion tracking.
The SameSite warnings look like this:
What is the SameSite cookie update?
If you see errors for the domain Google.com (or another tag manager), it usually means that cookies placed within the tag manager have an error. Brands should also audit all their experiences to address challenges described in the “What’s Happened” section above.
SameSite provides a way for developers from Adtech companies like Google, Facebook, and Criteo to explicitly specify how their cross-site cookies work on a website. If set up correctly, it lets the browser know that the cookie should be there and what it’s doing there, and it’s free to communicate with the third party.
While 2020 was a veritable cornucopia of privacy headlines, lost in the mix was a small, but significant change implemented by Google–the enforcement of the SameSite cookie attribute.
To find out everything you need to know about the new restrictions, cookies, IDFA, first-party data, and all things privacy from our Tinuiti experts, check out The Future of the Web.
Beginning with Chrome 84, released in August 2020, Chrome stopped supporting cross-site third-party cookie sharing by default. This means data collected on a website (the first party), will no longer be shared with the company that placed the cookie (the third party) unless action is taken.
What is the potential negative impact if SameSite is not implemented correctly?
Most brands cannot implement a change directly themselves. Since cookies are set by third parties, it’s the third-party that needs to make the change. If cookie errors are present on the website, brands should push on the ad-tech developers (3p) to update their cookie with the SameSite attribute: ‘SameSite=None; Secure’ to ensure browsers like Chrome or Edge accept their cookies.
- Advertising & Retargeting Pixels
- Anything with 3rd party iframes (any iframe trying to session authentication)
- Checkout/Purchase flows
- Email Retargeting/Post-Click Browsing
- Legacy Domains & “Cross-Owned Domains”
- Login/Authentication Systems
- Member Areas
- Widgets & Ad Banners
The good news is that companies like Google, Microsoft, and Facebook have implemented the change correctly across their products. Criteo has also actively worked with its partners to protect their data supply chain.
What are the next steps for marketers?
Prior to the onset of COVID-19, consumer privacy was the biggest hurdle digital marketers and advertisers were expected to face in 2020. California launched the first wave of privacy regulation with CCPA, Apple commandeered privacy, and Google announced the death of the cookie by 2022.
- Open up Chrome, hit F12 to open up the developer console. If it looks like you hacked into a mainframe, you’re doing this right.
- Hit Escape to open the console drawer (pops up on the bottom).
- Click the three dots to the left of the console drawer that just popped up and select Issues.
- Click on the issues tab and review the warnings on the site.
But as of June 2020, only 33% of cookies were set up correctly (source: HTTP Archive). This means data collection outside of Google and Facebook could be restrained and possibly undetected in the short run.
For business owners and publishers, it’s important to make sure your cookie settings are up-to-date on your website. Here’s a quick way to check if a site may be adversely impacted by the changes:
The following sources/channels could be impacted in a negative way (if SameSite is not implemented correctly):