Chrome 80 – Cookie updates and Eloqua Implications
From the 4th February 2020, Chrome has announced that their new update Chrome 80, will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. In July 2019, Firefox and Safari also implemented privacy improvements that enabled third-party cookies tracking to be blocked if turned on, and there are indications that this may become the default setting within the next two years.
This has some potential implications for our Eloqua customers. The good news is that in response to the changes planned by Google, Oracle announced that on January 28, 2020, the Oracle Eloqua product development team implemented a change to explicitly label cookies with SameSite = ’None’ and the flag set to secure to allowing third-party tracking in Chrome 80.
The background: Why is Google making this change in Chrome?
An international consortium of internet vendors and designers called the Internet Engineering Task force (IETF) has been established to help set global internet protocols and standards. They have defined directives which also include security measures that must be adhered to by the browsers like Chrome, Firefox, Safari, Edge, and Opera.
In November 2019, the IETF proposed changes that primarily affect cookies that track site user behavior and are focused on protecting the user’s privacy especially where tracking info is sent off the site to a third party.
The IETF is also concerned about Cross Site Request Forgery (CSRF) attacks where a malicious site causes the browser to perform an unwanted action to capture personal data, change a password, make an unintended purchase, or embed malicious code.
What are First and Third Party Cookies?
First-party cookies are created by a site and used only by that site. They are used to enable a number of functions, if you choose, in your browser to be set such as:
- Retain member login information
- Enable links like the back button
- Direct you to a thank you page when you submit a form
- Go to another page on the site from a linked image
- Enable iframes from any third party sites
Third-party cookies are created by another site and used to track information when something on the site is viewed or clicked. Third-party cookies include:
- Online ads – both view only and pay per click
- Youtube views and watch time
- Google Analytics (GA)
- Facebook Pixel tracking
SameSite Cookie Attribution
The new IEFT directives suggest that all cookies should be better identified. This is accomplished using three Samesite attributes:
Any cookie that does not have an attribute will be treated as Lax and will not be able to send any data, including tracking data, to a third party site.
All third party cookies must be set to Samesite=None; Secure for the data it holds to be sent to a third party. The onus is on the vendors, in our case, Oracle to update the cookie code which Oracle has done accordingly.
How to Establish New Cookies
Cookies will be updated by the standard tracking mechanisms of clicking through a link in an email, submitting a form to Eloqua, or visiting a landing page. If an existing cookie is not updated prior to a visitor updating to Chrome 80, no tracking data will be lost or removed from Eloqua. However, as of the Chrome 80 launch date, visitors will get a new cookie upon visiting an Eloqua tracked page and become an anonymous visitor until a link can be made through the standard tracking mechanisms.
Eloqua Visitor Tracking Metrics May Be Impacted
It is important to note though, that as a result of this change in behavior, it is possible that Eloqua customers will temporarily see a decline in visitors linked to a contact tracked after the Chrome 80 launch date. Once the association between cookies and contacts is re-established, visitor tracking metrics should pick up again.
This drop in tracked activity can impact marketing actions and metrics that are dependent on the browser reading a third party cookie for tracking purposes.
Cookie’s are also used to enable iframes. If you are using an iframe to present Eloqua landing pages and forms on your website, we would also recommend reviewing these settings to ensure that they are not impacted. Please contact the Marketing Cube technical team here if you need assistance with this.
There are two further actions that Oracle recommends:
1. Move from Third Party Cookies to First Party Cookies
Considering moving to first-party cookies as security and privacy regulations will continue to evolve and become tighter. First-party cookies are less likely to be blocked and may allow you to track visitors more successfully than using only third-party cookies. In the event that an Eloqua third-party cookie is blocked, the first-party cookie tracking data will still be collected.
2. Reestablish new cookies as soon as possible after the Chrome 80 release
Customers concerned about losing the cookie association are recommended to re-engage their visitors to re-establish cookies. This will ensure the association between the contact and the cookie through this update.
To find out more about the implications of these two recommendations or how to implement them, please contact the Marketing Cube team.
For additional information including information on SameSite attributes, FAQs and additional resources, please visit Topliners to access the Product Notice: Eloqua’s Response to the Google Chrome80 SameSite Changes. You will need to login to Topliners to access this article.
Thank you also to MaAnna Stephenson and her interesting and insightful blog post Chrome 80 to Block Third-Party Cookie Tracking – Affecting Site Revenue.
The team at Marketing Cube has been supporting Oracle CX Marketing customers since 2007. We’ve been using Eloqua ourselves for that period and provided agency services as well as traditional application support for close to 150 customers across a wide range of industries & geographies.
If you’ve been using Oracle CX Marketing for some time and are looking for agency services e.g. strategic services, end-user coaching/training, campaign support and more, contact us today to talk further about how we can help you.
Oracle Eloqua Marketing Cloud Service 2019 Certified Implementation Specialist.
This certification demonstrates expertise implementing marketing automation solutions and validates understanding of a successful implementation of the Eloqua platform.
Topics covered include timeline and deliverables, fundamentals of the platform, platform architecture and data model, tasks included in initial, digital, email, and form configuration, features that support data management, configurations required for CRM integration, features that support automation, and additional Eloqua Services.