Is Southeast Asia Ready for A Cookieless World?

Though they usually annoy web users, third-party tracking cookies have long been a helpful but imperfect tool to personalize the ads you see and enable other marketing tactics for businesses.

Southeast Asian marketers have been using cookies for years: to monitor website visits, improve user experience, and collect data for ad targeting in the open internet. According to Twilio’s 2022 State of Customer Engagement Report, 78% of Asia Pacific & Japan (APJ) businesses currently use third-party cookies in their marketing campaigns.

However, people are starting to recognise the importance of the privacy of personal information and their rights to data ownership and protection. Browsers are rolling out regulations to govern the use of cookies. International privacy laws are also influencing the shift to a cookieless world.

Some believe that this will detriment the advertising industry, while others see it as an opportunity to improve user experience and business-consumer relationships.

The real question is, is Southeast Asia ready for a cookieless world?

For more than 20 years, cookies have given companies and advertising a peek into the lives of customers and their behaviors.

The journey that started more than 20 years ago is coming to an end, so let’s start from the beginning: What are cookies, and why do they exist?

What are cookies?

Cookies are small text files stored on a user’s computer or device by a website. They’re used to store information about a user’s activities on a website, such as login information, preferences, and shopping cart contents.

When a user visits a website, the website can send a cookie to the user’s browser, which the browser then stores on the user’s computer or device. The next time the user visits the website, the browser sends the cookie back to the website, allowing the website to remember the user’s previous activity and personalize the experience.

History of cookies

Cookies were first introduced in the early days of the web as a way to store user information on a computer. The first cookies were created by Lou Montulli in 1994 as part of the development of the Netscape Navigator web browser.

Their original purpose was to provide a way for websites to store information about a user’s preferences, such as login information and shopping cart contents, so that this information could be remembered and reused across multiple visits to the website.

Over time, cookies became a tool for more sophisticated tracking and advertising purposes.

Types of cookies

HTTP-only cookies

These are cookies that can only be accessed by the website that created them, and not by client-side scripts. This helps reduce the risk of cross-site scripting (XSS) attacks where malicious scripts can steal or manipulate sensitive information stored in cookies.

There are 2 types of HTTP-only cookies:

• Session cookies: These are stored in a user’s browser and are deleted when the browser is closed.They are used to store information that is needed while the user is in the website, like login information or shopping cart contents.
• Persistent Cookies: These cookies remain stored on a user’s device even after the browser has been closed. Persistent cookies are used to remember a user’s preferences or login information that’ll be reused across multiple visits to a website.

First-party cookies vs Third-party cookies

First-party cookies are created directly by the website you are using. As long as you are browsing trustworthy websites or ones that have not been compromised, these are often safer.

First-party cookies are used to store information about a user’s activities on the website, such as login information or shopping cart contents.

A bigger concern is third-party cookies. They are produced by websites different from the ones visitors are presently browsing, usually because they are connected to advertisements on that page.

Third-party cookies are widely used for online advertising and tracking, and are often used to deliver targeted advertising or to track user behavior across multiple websites.

What are cookies used for?

Personalization

Cookies can be used to store information about a user’s activities on a website, such as login information, shopping cart contents, and preferences. This information can be reused across multiple visits to the website, allowing the website to personalize the user’s experience and remember their preferences.

User sessions

Cookies make it easier to link a website activity with a particular user. A session cookie has a unique string (a string made up of letters and numbers) that connects a user session with data and content that is relevant to that user.

Tracking

Some cookies keep track of which websites people visit. This information is delivered to the server that placed the cookie the next time the browser needs to load data from that server. This process happens each time a browser loads a website that uses a third-party tracking cookie.

These cookie uses are all helpful to both website users and marketers. However, the widespread use of cookies for these purposes has also raised significant privacy concerns, leading to increased scrutiny and the development of alternative technologies and regulations aimed at protecting user privacy.

How cookies affect user’s privacy

Cookies can be used to record browsing activities, especially for advertising reasons.

However, a lot of people don’t want their online activities monitored. This is exacerbated by the fact that users have little access into or control over how monitoring services use the information they gather.

And even when cookie-based tracking is believed to be not linked to a specific user’s name or device, no one knows if that’s completely true. It could still be possible to connect a record of a user’s browsing activity with their real identity.

All this information can be used in various ways such as creating browsing history profiles that can be used for unwanted advertising, or even stalking and harassment.

Malwares and viruses can also be disguised as cookies. Supercookies can be used by a hacker that controls a malicious website to imitate or delay genuine user requests to another website with a top-level domain or with a similar public suffix.

Why the world is progressing towards a cookieless world

Users want more choice and transparency

With the aforementioned issues concerning cookies and online privacy, users are starting to demand more choice and transparency. Some browsers have started to block third-party cookies, posing unintended implications that might harm both users and the online ecosystem.

With these, it’s clear that the web ecosystem has to shift to meet users’ growing demands for privacy– that’s why privacy laws are emerging, and they have a big influence on the decision to phase out cookies.

General Data Protection Regulation (GDPR)

The toughest privacy and security regulation in the world is the General Data Protection Regulation (GDPR). Although it was created and approved by the European Union (EU), it imposes requirements on any organizations that target or gather data on people living in the EU.

An extensive list of legal terms are defined in the GDPR. They divided regulations under these categories:

• Data protection principles
• Accountability
• Data security
• Data protection by design and by default
• Data processing
• Consent
• Data protection officers
• People’s privacy rights

The rule became effective on May 25, 2018. The GDPR imposes severe fines– two categories of fines have a combined maximum of €20 million or 4% of global revenue (whichever is higher), and data subjects also have the right to demand compensation for damages.

Google’s Cookieless Update

In August 2020, Google announced Privacy Sandbox, a new initiative developed to significantly improve online privacy. Privacy Sandbox aims to enhance web privacy and security for users and to support publishers.

According to Justin Schuh, Director of Chrome Engineering, Google’s decision to phase out third-party cookies is due to users “demanding more privacy, including transparency, choice, and control over how their data is used.” This growing demand is evident in a survey done by KPMG:

• 70% of business leaders claim that their business has gathered more customer personal data in the past year.
• 86% of Americans are deeply concerned about data privacy.
• 68% are worried about how much data businesses are collecting.
• 30% don’t want to reveal their personal information for any reason.

However, the ad tech sector has refused Google’s move to eliminate third-party cookies in Chrome.

In particular, marketers and advertising agencies are concerned that a full ban on third-party cookies will harm the internet economy, particularly start-ups, and are pleading with Google to maintain third-party cookies in use until proven alternatives are in place.

Because of this, Google announced a two-year delay for the third-party cookie phase out and is scheduled to start in 2024.

Are SEA marketers ready for a cookieless world?

The readiness of Southeast Asian marketers for a cookieless world depends on many factors, such as their level of awareness on the transition towards privacy-focused technologies and their ability to employ new ways of collecting and using data.

Cookieless world as a challenge to SEA marketers

The transition to a cookieless future might be alarming for companies. In 2020, Adobe conducted a survey and found that only 37% of marketers and advertisers believed they could succeed in a cookieless world.

In 2021, following Google’s initial announcement that it will postpone the sunsetting of third-party cookies— Adobe conducted the research once more and discovered that that time, only 33% of marketers felt ready for the change.

Businesses are invested in technology and strategies relying on third-party cookies. South-East Asian marketers have been using cookies for years: to monitor website visits, improve user experience, and collect data for ad targeting in the open internet.

Chrome holds 73% share in Southeast Asia, and Google’s announcement of cookie’s phase-out shook the advertising ecosystem in Southeast Asia. This is certainly a challenge to SEA marketers– strategies now need to be reviewed, exacerbated by shrinking budgets and ongoing uncertainties in the macro environment.

However, this can be a blessing in disguise too. Brands will have a great opportunity to review and revise their addressable strategies and improve or regain their audience’s trust by leveraging the privacy and security that cookieless search offers.

Cookieless world as opportunity to improve marketing strategies

Jessica Martin, head of Asia-Pacific (APAC) privacy GTM at Google, said that consumers are becoming more aware of the importance of privacy and how their personal information is gathered and used for advertising.

Privacy of user data is among the top five technology concerns for consumers in India, and in the top three for consumers in Japan. According to a survey on APAC consumers:

• 90% had one or more concerns about corporate data practices
• More than 50% felt uneasy about the data collected from them
• 85% of people took action in response to their dissatisfaction with the data policies– 23% of them switched to a different business with better data policies.

Southeast Asia is a subregion of Asia-Pacific (APAC), and this is valuable information for SEA marketers who’ll be forming new strategies.

They can use this shift as a pivotal step in creating more effective marketing tactics. Adding greater value at each stage of the customer journey is important, given that today’s tech-savvy consumers are aware that businesses have their data and want them to use it to improve every aspect of their brand interactions.

To do that, SEA marketers should take a different strategy rather than completely relying on third-party cookies.

Learning to adapt other alternative ways to collect data will be a competitive advantage when the cookieless world comes.

How businesses can prepare for a cookieless world

First-party data

Once third-party data becomes a limited resource, look for innovative methods to use first-party data. This data will be gathered directly, such as through user registration, guest WiFi, email marketing, surveys, reviews, and other feedback initiatives.

Gated content and progressive profiling

The next step after user registration is to do a more comprehensive data collection on the user, whether it entails obtaining firmographic, demographic, or other user information. Progressive profiling is done by gating material or even whole websites.

Users must give their full consent before sharing this information willingly.

Federated Learning of Cohorts

An algorithm on web browsers called Federated Learning of Cohorts (FLoC) classifies online users into “interest cohorts”– a cohort is a collection of individuals with the same identification. Identifiers could be a specific region, an event attended, or an app downloaded.

This allows you to monitor them as groups rather than as individuals. Without disclosing the information to the browser vendor, the browser modifies the cohort.

Second-party partnership

Second-party data is the first-party data of one business shared with a partner under the terms of a contract, either by dropping a container on the partner’s website or by transferring files.

These partnerships are especially beneficial for businesses that operate in related industries or serve similar consumers. Still, consumers should be asked if they agree to this sharing– transparency with them is essential.

A Cookieless World

Cookie restrictions have taught businesses alternate ways to get to know their customers. That’s a positive direction where everyone online can keep their privacy as they prefer and still experience personalization where they need it. SEA marketers thankfully have a large pool of highly active online users to test and perfect their new tools and techniques.