May 27, 2024

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

As the future of data collection, storing and processing has changed significantly, and the definitions of what is first party and third party are constantly evolving, one thing is for sure: the era for a limited cross-domain cookie is already here, very much like the end of a 3P cookie (aka cookieless).

The death of the IDFA (and tracking on iOS devices)

Every mobile Apple device has a unique advertising ID called the IDFA. It makes it possible to identify a device (and, by extension, its user) to display tailored advertisements. Advertisers use it extensively to track individuals. They do this by collecting demographic and behavioral profiles for a given IDFA and then sharing them with third parties, who use the data to enhance how they segment and target users.

This has been happening without users knowing or consenting, but Apple is changing that with its new AppTrackingTransparency (ATT) framework. Starting with iOS 14.5, an app cannot track a user without first asking for consent. Apple defines tracking as “the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.” This is a broad definition. It encompasses everything from advertisers to analytics to marketing attribution. And for tracking to continue, an individual must choose to be tracked. Even the most generous opt-in figures show drastic reductions.

Apple’s intended effect is to significantly curtail this activity. However, in essence, it seems like Apple is implementing GDPR with its original intent.

Advertisers and publishers that have over-relied on Google Tag Manager (GTM) are now struggling to keep their marketing signals, measurements and attribution stacks intact.

  • GTM is considered a tracker by all browsers outside of Chrome
  • Cross-domain cookies are limiting identity
  • 3P cookies are the new ‘evil’; cross-domain cookies are trackers
  • Enabling tracking on Google before you run a script allows Google to see every user (for free)

And we are at the beginning of the change cycle. Analytics links to Google Analytics are already invalid in the EU (France, Austria, Ireland).

Google Tag Manager is dead! Long live GTM!

I know this sounds ominous; well, almost! 

But it is true when your tag management system is blocked about 25-40% of the time; it’s hard to imagine that website owners can just continue as if nothing happened. Ad blockers block about 35-50% of Google Tag Management, causing data loss for these site publishers. Don’t believe it — test it for free at – True Traffic drops no cookies or IDs against your consumer but tells you the impact of data loss to your business.

Using tag management systems like Google Tag, enterprises and agencies lose visibility every time an ad-blocking, iOS, Firefox, or a privacy browsing (40% of them) customer or prospect visits their site. 

As every enterprise is expected to think about how they need to own the data, build trust (consent) and think compliance (regional and state laws), customer data must enter their infrastructure and control (controller) before it’s distributed to parties that need to coprocess their data (law).

By delegating the game’s rules to a third party, like Google Tag Manager, you expose your customer to a third party even before asking for permission. That’s a classic catch-22, especially considering Google is the No. 1 advertiser in the world. To help alleviate this, Google has introduced Google Tag Manager using GCP. However, the entire setup is cumbersome, expensive and does not enable site controllers to own their data.

The first-party relationship — directly between you and your users — is privileged. There are no platform constraints on the data that you collect yourself, although privacy regulations like the GDPR and CPRA still require consent for specific uses and types of data.

To do this, you need to collect, manage, analyze and share customer data yourself in your warehouse. Warehouse data can capture consent across platforms and even allow advertisers to decide how to share data. More critically, you can analyze the data that you have captured, and only share what users consent to, allowing you the best of both worlds — understanding your users and engaging third parties as permitted.

So, what’s a 1P tag manager?

A first-party tag manager runs in your domain (and in your control) and makes decisions for you in your infrastructure (serverless edge to your site or app) to decide which coprocessor gets to see your customers’ data, but making you (the site or app) responsible for those decisions (controller). Essentially, it acts as a rule engine and a transformation engine, while replicating data to partners via an ID graph.

Today, even the consent management systems are third-party and lose customer identity every seven days. This creates gaps and personalization issues for sites that have lost track of an existing customer identity via their CMP; a 1P tag manager solves this.

A 1P tag manager:

  • Keeps a copy of a universal lifetime ID to map SaaS, consent, etc.,
  • Keeps a copy of the consent log against the lifetime ID,
  • Creates ID for data sharing and opts out as necessary per partner,
  • Has the ability to transform data and make it innocuous,
  • Has the ability to detect what region customer belongs to, and
  • Has the ability to plug a new data coprocessor by enabling consent for the same, very much like the old Google Tag Manager.

Critically, with a serverless edge tag manager, data never leaves your “controller” infrastructure until you, the controller, decide to share it, using strictly software tools that have no access to this data. However, big wins are 100% visibility over your data, 100% control over who the enterprise shares it with and a trusted relationship with the customer.

What are the benefits?

The No. 1 benefit of a 1P tag manager is a lifetime identity that only belongs to the site domain. This identity helps catalog all the necessary ID mapping, data sharing, opt-outs, consent log changes, etc., that should have been part of the tagging system. 

So, instead of giving your valuable customer data to others, you are better off handling the data yourself. To do that, you will need a first-party data warehouse that manages and analyzes user and campaign data in your own infrastructure. And, if it is designed correctly, it will allow you to adjust to technology and policy changes — like Privacy Shield breaking in Europe — with relatively little difficulty.

As the future of privacy and trust continues to evolve, building trust while conducting business globally, with zoning features, enabling compliance, and getting accurate data analytics for the reality of your business are essential.

Mandar Shinde is CEO of


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers