Keep on Personalizing: Adobe Target Supports Apple Safari’s ITP Policies for Cookies

Image source: Adobe Stock / Philip Steury.

Privacy and security on the web is a big deal to many consumers. They want to know that when they visit a brand’s website or mobile site, their data is protected and used responsibly. While that’s most often the case, there are other ways to protect consumers that don’t rely on faith in the good stewardship of visitor data. In fact, even well-meaning companies make mistakes, so it’s always a good idea to layer on security.

One way that can happen is by placing limitations related to first- and third-party cookies through browsers like Google Chrome and Apple Safari. I give an explanation of what cookies are in a related article that I recently published on Medium. In that article, I discuss how Adobe Target supports Chrome’s SameSite cookie policies, which are designed to protect the consumer’s data privacy. In this article, I want to explain how Apple is similarly providing protections through its ITP 2.1 and ITP 2.2 cookie policies.

What is ITP?

ITP, which stands for Intelligent Tracking Prevention, is Apple’s initiative to protect the privacy of Safari users. The first release of ITP in 2017 targeted the use of third-party cookies. In fact, Apple blocked third-party cookies in their entirety, causing a severe headache for ad tech and martech companies because they often use third-party cookies to track users and collect user data.

Apple is now on the move to place limitations and restrictions on how first-party cookies are used within Safari. They released ITP 2.1 on February 21, 2019, and capped client-side cookies placed on the browser using the document.cookie API to expire in seven days. On April 24, 2019, they released ITP 2.2, which drastically reduced the seven-day expiry cap to an eye-popping one day.

We want you to understand how that affects you as an Adobe Target customer, and how we’re helping you mitigate that impact.

The impacts of ITP 2.1 and 2.2 releases on Adobe Target customers

Adobe Target provides a JavaScript library that you deploy on your pages on which you want to deliver real-time personalization to your visitors with Adobe Target. Target has three JavaScript libraries, Mbox.js, At.js 1.x, and At.js 2.x. These libraries place client-side Target cookies on your visitor’s browser via the document.cookie API. As you might have guessed, that means that Apple’s ITP 2.1 and 2.2 releases impact Target cookies, causing them to expire after seven days in the case of ITP 2.1, and in one day in the case of ITP 2.2.

Here’s how you may potentially experience that impact:

An increase in unique visitor counts. With the shortened cookie expiration window, you may see an increase of unique visitors coming from Safari browsers. If visitors revisit your domain after seven days in the case of ITP 2.1, or one day in the case of ITP 2.2, Adobe Target would be forced to place a new Target cookie on your domain in place of the expired one. The new Target cookie translates to a new unique visitor even though the visitor is the same.

Decreased lookback periods for Adobe Target tests. Visitor profiles for Adobe Target tests may have a decreased lookback period for decisioning. Target cookies are leveraged to identify a visitor and store user profile attributes for personalization. Given that Target cookies may expire in seven days or one, depending on whether ITP 2.1 or 2.2 is in use, the visitor profile data that was tied to the purged Target cookie can’t be used by Adobe Target for decisioning.

Determining if your current implementation of Adobe Target is impacted

But how do you definitively know if your Adobe Target implementation has been impacted by either release of this initiative? It’s actually not too difficult. In a Safari browser, navigate to the website on which you’ve deployed a Target JavaScript library. If you see a Target cookie set in the context of a CNAME like “ analytics.company.com,” then you are not impacted by ITP 2.1 and 2.2.

If you are using the Experience Cloud Visitor ID library in addition to the Target JavaScript library, your implementation will be impacted in the ways listed in this article on the Medium website.

Mitigating the impact on Adobe Target of ITP 2.1, 2.2, and future ITP releases

There’s no reason to have current and future ITP releases impact your Adobe Target implementation. Mitigate their impact by following these steps:

Step 1. Deploy the Experience Cloud ID (ECID) library to your pages

The Experience Cloud ID (ECID) library enables the people identification framework for Experience Cloud Core solutions and allows you to identify same site visitors and their data in different Experience Cloud solutions by assigning persistent and unique identifiers. Adobe will update the ECID library continuously to help you mitigate the impact of any ITP-related changes on your implementation. For ITP 2.1 and 2.2, you must use ECID library 4.3.0+ to mitigate any impacts.

Step 2. Use the CNAME for Adobe and enroll in the Managed Certificate Program of Adobe Analytics

After installing the ECID library 4.3.0+, you can leverage the CNAME for Adobe Analytics and its managed certificate program. The certificate program lets you implement a first-party certificate for first-party cookies at no charge. Using the CNAME will help you mitigate the impact of ITP 2.1 and 2.2 on your Target implementation. If you are not leveraging the CNAME, talk with your account representative and enroll in the Adobe Managed Certificate Program to start the process.

Once you deploy Adobe Target’s JavaScript library in conjunction with the ECID library v4.3.0+ and you enroll in the Adobe Managed Certificate Program to leverage CNAME, you will have a robust and long-term mitigation plan for any future ITP-related changes.

Adobe Target supports you and your customers in a more secure web

As strides are made to create a more secure web for consumers, Adobe Target is resolute in its commitment to delivering personalized experiences, while meeting and exceeding the privacy expectations of your visitors and customers. Adobe Target has already announced support for Google’s SameSite Chrome Policies in addition to support for Apple’s ITP 2.1 and 2.2. As these policies and others continue to evolve to protect our consumers, Adobe Target will likewise continue to support these initiatives while helping our customers provide best-in-class personalized experiences to their customers.