Nieman Foundation at Harvard
Ah, summer — the season for school vacations, trips to the beach, and anticipating the impacts of iOS privacy updates on the advertising business.
Last year, marketers breathed a sigh of relief as iOS 16’s new privacy features didn’t have any industry-shaking impact.
Well, it’s that time of year again, and Apple has a new way to mess with ad tech in iOS 17, announced last month at WWDC.1 Here’s Marty Swant in Digiday today:
With iOS 17 — which expands to public beta in July before the official launch in September — Apple will start automatically removing link trackers from URLs sent via Message and Mail as well as from links in Safari Private Browsing…By having Safari 17 block “known trackers and fingerprinting,” Apple will boost user privacy protections and make it more difficult to identify individual users. However, some marketers say removing URL parameters could make campaign analytics less reliable. Some of the “unintended impact” changes could include URL trackers related to ad measurement, embedded media, social widgets, fraud prevention, bot detection, audience measurement and funding websites that rely on targeted or personalized ads…
One ad-tech exec who works closely with Apple told Digiday they’re “sure glad I’m not a website analytics provider.”
(May I pat myself on a back a bit? Two years ago, when the email changes were announced, here’s what I wrote: “Should we expect stripping URL parameters to be a feature in iOS 17?” Please clap.)
So what are we talking about here? If you look at that link above to the Digiday piece, you’ll see this:
https://digiday.com/media-buying/the-privacy-changes-as-part-of-apple-ios-17-and-googles-chrome-could-mean-a-messy-month-for-marketing/
But that’s not the URL that was in my browser. That was:
https://digiday.com/media-buying/the-privacy-changes-as-part-of-apple-ios-17-and-googles-chrome-could-mean-a-messy-month-for-marketing/?utm_medium=email&utm_campaign=digidaydis&utm_source=daily&utm_content=230705
All that stuff after the final slash, known as URL parameters, doesn’t affect the web page I see, but it does let Digiday’s analytics know more about how I got to it. The various elements tell Digiday my pageview originated in an email — specifically the Digiday Daily morning newsletter. And the “230705” lets them know it came from today’s specific edition of the newsletter, since all the story links in it contain that string. (230705 = July 5, 2023.)
In aggregate, those URL parameters can tell Digiday a lot about its email products. At the micro level: Which stories got the most clicks today? At the macro level: How much does placement within the newsletter affect an article’s clickthrough rate? Do certain types of stories work better with email subscribers than with, say, people on Facebook? Does the timing of clicks suggest we’re sending the email at the wrong time of day? Should we revamp the Friday email, since no one seems to read it? And so on. (And since Apple already screwed up open rates two years ago, the importance of clickthrough rates — all tied to these URL parameters — has only increased.)
Personally, I have no problem with Digiday collecting that data about me. But other companies (including many publishers) add an additional parameter to that string that personally ties the click to me. Optimistically, they could be using that data to personalize what they offer me — to send me more stories about x because I always click on stories about x. But more often, they’re just adding it to the Great Ad Tech Pile of Personal Data to improve ad targeting — often more to the benefit of the ad tech company than to the publisher.
The changes Apple will be bringing to iPhones and iPads in September will only affect that more personal kind of link tracking. The URL parameters that Digiday is using now, the ones that let them know I clicked a link in its July 5 morning email? Those will still be fine. But Apple will strip out the specific-to-one-person links in Apple Mail, Messages, and Safari Private Browsing. (Not regular Safari browsing — yet.) As Apple puts it in this WWDC video for developers:
To give people control over where they can be tracked, another new protection is removal of tracking parameters as part of browser navigation, and when copying a link. When a tracking parameter is detected, Safari strips the identifying components of the URL, while leaving nonidentifiable parts intact.
Assuming Apple is good about differentiating between “identifying” and “non-identifying” parameters, this should leave the big-picture data on an email’s effectiveness relatively intact — though it will wreck a lot of individual-level click data. (R.I.P. your “hasn’t clicked on a link in an email in six months” ESP filter.)
That said, a lot of this will come down to implementation. Early tests suggest that Apple is only stripping out a set list of parameters, primarily those tied to big players (Facebook, Google, Microsoft, Mailchimp, Hubspot). Your own bespoke tracking tags might slip through. As Steve Atkins wrote: “It seems pretty clear that the target right now is the large scale marketing and social media attribution PII [Personally Identifiable Information] sharing marketplace, not click tracking and attribution by ESPs or email marketers.”
(Those early tests also suggest that Apple’s changes may be breaking things they probably weren’t intended to break — what Apple terms “unintended impact.” That’s why they call it a beta, I guess.)
I don’t expect the impact of this change to approach the size of Ask App Not to Track — and, like those previous changes, the impact will disproportionately affect the Facebooks and Googles of the world. But it’s another reminder of the value to publishers to owning your own first-party audience data — and of how much of the media business depends on digital infrastructure that publishers don’t control.
