Elaine Malone, of tech blog XOmisse, takes a look into how browser updates and regulations surrounding cookies may impact our website metrics and ad revenue.
Data is the core of digital businesses and we have cookies to thank for the majority of data we are able to collect. As content creators, we rely on cookies more than we realise. We use them to track users’ activity, gather stats and metrics, serve ads, learn customers’ behavior, and display media.
But as we all move for more control over our privacy online, new laws are going to have an impact on how we market our services, products and content. The result of this is likely to have an effect on our site metrics and revenue. And it’s already started!
An analysis, conducted by Flashtalking, of twenty companies worldwide found that 64% of their tracking cookies were either blocked or deleted by web browsers. They also found that 75% of mobile cookies and 41% of desktop cookies were rejected.
What are cookies?
A cookie is a small text file that is downloaded onto a device when the user accesses a website/app. It allows the site to recognise the user’s device and store information about the user’s preferences or past actions.
Cookies can be used in numerous ways, such as remembering what’s in a shopping basket, supporting users to log in to a website, analysing traffic to a website and tracking users’ browsing behaviour.
In general, there are three different ways to classify cookies: their provenance, duration and purpose.
Provenance
First-party cookies are set directly by the website the user is visiting. Third-party cookies are set by a domain other than the one the user is visiting. This typically occurs when the website incorporates elements from other sites such as images, functionality such as social media plugins or embeds, statistics and metrics tracking and advertising.
Duration
Persistent cookies remain on a user’s device for a period of time specified in the cookie, while session cookies allow website operators to temporarily link the actions of a user during a browser session (from when the user opens a web browser until they close it).
Purpose
The UK International Chamber of Commerce (ICC) developed the following system for classifying cookies as documented in their UK Cookie guide.
- Strictly necessary cookies – these are essential in order to enable users to move around your website and use its features (such as accessing secure areas of a site, page navigation and holding items in shopping baskets).
- Performance or statistics cookies – these collect anonymous information about the pages users go to most and if there are errors on these pages. These can also include web analytics if the data collected is limited to the website operator’s use only for managing the performance and design of a site.
- Functional or preference cookies – these allow the website to remember choices made by the user (such as username, language and location).
- Targeting, marketing or advertising cookies – these are used to deliver adverts that are relevant to users and their specific interests.
How Brexit, GDPR and other cookie laws affect our websites
Cookies for analytics, advertising and functional services that could identify users are subject to the General Data Protection Regulation (GDPR), which came into force in May 2018.
If you’re based in the UK, you are also subject to the requirements of The Privacy and Electronic Communications Regulations (PECR), which sit alongside the Data Protection Act and the GDPR, and give specific privacy rights in relation to electronic communications.
The Information Commissioner’s Office (ICO), who are the UK’s data protection authority, issued new guidance that consent is necessary for all statistical/analytic cookies.
They feel that analytics are not necessary to provide your services (as an example users should be able to access your website whether analytic cookies are enabled or not).
However, in the EU, first-party analytics are exempt from having to obtain consent as they believe that analytics are functional since they provide us with information about how visitors engage with our services.
In terms of Brexit, as you may suspect there doesn’t seem to be any concrete news for what’s coming. However the ICO have said that there will be a transition period of roughly eleven months starting from the official Brexit date, where GDPR rules will still apply in the UK.
It is uncertain what will be the case after that period, but as the UK was heavily involved in drafting GDPR it’s likely some form of the regulations will continue to apply.
How browsers deal with cookies
Google’s Chrome browser is the biggest in the market with 64% share according to StatCounter Global Stats.
In August 2019, Google announced on their Chromium Blog that they are planning to phase out support for third- party cookies in Chrome within the next two years.
Their goal of this new initiative (known as Privacy Sandbox) is to “make the web more private and secure for users, while also supporting publishers”. Before completely phasing out support for third-party cookies, they hope to address the needs of users, publishers and advertisers as well as develop workaround tools.
They are confident that they can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete. In February 2020, Chrome started to roll out version 80 of their browser.
Chrome 80 will change how it handles cookies as part of their long-term plan to increase security. It will now restrict cookies to first-party access by default, requiring web developers to explicitly mark cookies for access through secure connections in third-party contexts.
• Cookies without a SameSite attribute will be treated as if they had SameSite=Lax set, which will restrict them to first-party only
• Cookies for third-party contexts must be marked with SameSite=None; Secure.
This change may block some cookies from loading on your site and therefore break some functionality. You can check this in the Chrome development tools under Console.
If this happens and it is a first-party cookie, you (or your developer) will need to update them. You should also make sure that your self-hosted site is running on the latest PHP version.
PHP 7.3 supports the SameSite attribute. If it’s a third-party cookie, you may need to get in touch with the company for support. But following the changes, cookies will only be available in third party contexts if they are being accessed from secure connections.
And because developers will now have to declare their cookies’ SameSite attribute to stop Google changing their settings to a more secure option, it could break sites that haven’t been able to address the issue. Both Apple’s Safari and Mozilla’s Firefox have strong measures in place to prevent third-party tracking already.
Firefox 72 blocks fingerprinting scripts by default for all users. Fingerprinting can be used to track users for months, even if browser storage is cleared and even if private browsing mode is used; with Firefox 72, users will be protected from this increasingly used tracking method. Safari made tracking users more difficult by deleting third-party cookies after 24 hours.
How to check and update your PHP version
WordPress is written in a programming language called PHP. This allows content to be saved and read from the database, pulls in different files and just makes your site run as it should.
WordPress recommend PHP version 7.3 or greater. Ensuring that you are using an up-to-date version will mean your site can run faster, be more stable, use resources more efficiently and be more protected.
A simple way to check what version you are currently on is by installing the Display PHP Version plugin or Wordfence security plugin. You can then update the version within your web host panel, which is usually under PHP settings, PHP Version Manager or something similar.
If you’re not sure you can contact your web host or developer, who should be able to do this for you. It’s important to note that updating your PHP version may cause some compatibility issues with outdated themes and plugins. But as mentioned, staying on an old version of PHP can have a negative affect on your site’s performance, leave it open to security issues and now also, block cookies.
Moving forward
It’s clear to see that cookies are evolving and that tracking as we know it is changing too. It will be interesting to see how browsers, mobile devices and regulators have an impact on our websites, our stats and our revenue.