follow me

In the first part of our series, we discuss how companies in the future can capture user behaviour and use it for data driven marketing and real-time personalization.

Part 1 – What are the alternatives and how can they be rated?

How and for what purpose cookies are used

Since the GDPR amendment in 2018, the entire online marketing industry is facing many challenges in the field of cookie-based user identification. For example, according to current legislation, users must now explicitly consent (opt-in) even to the use of non-personal data such as behavioural data for purposes such as marketing, analysis or to deliver personalized content.

In this context we distinguish between two different types of cookies. The setting of “technically necessary” cookies, which contain for example the user’s shopping basket or login information, does not require express user consent. Without these cookies the website would not function properly. The setting of “technically not necessary” cookies, for example, all cookies used for user identification in online marketing, requires the explicit consent of the user.

But even if the user has given consent to the use of data and therefore allowing the cookie to be set, the most common browsers, in particular Safari and Firefox, give cookie-based marketing a hard time. For example, Safari and Firefox generally block all third-party cookies (cookies placed by third parties, e.g. for display advertising) that are set via the marketer’s domain, making it impossible to measure user behaviour with cookies across different websites. Apple takes its Intelligent Tracking Prevention (ITP) even further and after a period of 24 hours it also deletes first-party cookies which are set on the client side via document.cookie. This is particularly significant as the majority of users use mobile devices and since Apple, with its Safari browser, has a high market share in smartphones.

The impact of these measures vary depending on the business. While this greatly affects advertisers who use cookies to build cross-page user profiles and display ads to users at different digital touchpoints on the web, the impact on user-centered content personalization via first-party data is less severe. But here too, the shorter lifespan of first-party cookies described above leads to a limited recognition of users and thus to less individually usable content. The result is lower user conversion rates.

There are some measures to enable the use of first-party cookies even in Safari. For example, first-party cookies with the attributes “HttpOnly” and “secure”, which website operators can integrate via their server, are identified as first-party cookies, but can still collect user data. But those measures can not be transferred to Third-Party-Cookies.

In view of these challenges, both in the third-party and first-party cookie sector, the online marketing industry currently faces the question of what alternatives there are to cookie-based user identification and what are their advantages and disadvantages.

Alternatives to cookie-based tracking


Fingerprinting technology (also known as canvas fingerprinting) has been around since the late 1990s. This technique uses native device information, e.g. device data, browser and apps used by the user of the device. The different pieces of information are put together to create a digital fingerprint of the user. This method is under strong criticism regarding data protection, and the reliability of fingerprinting is also problematic. The problem is that users cannot be clearly identified with this method because it is possible to have several users with the same digital fingerprint. Moreover, Safari and Firefox strongly oppose this method. Since 2017, for example, Firefox has been blocking the possibility of creating canvas fingerprints of users.

User login

Large platforms such as Google or Facebook use a cross-device user ID registration system on a login basis. Once a user has registered for a particular service, he or she gives consent to the company to track the user across all touchpoints and analyse his or her behaviour. Google, for example, has access to the complete online user journey when a user logs into the Chrome browser with his or her Google account. Even using the incognito mode of the browser does not prevent tracking – at least as long as the user uses the normal mode again afterwards, because Google retrospectively links the incognito behaviour data with the Google account.

Basically, it is possible for every company to create such a cross-device user ID via a login function. This approach makes sense, for example, to enable a company to synchronize communication with its customers and users across different channels (desktop, MEW, app, etc.). Alternatively, companies can also join cross-platform login solutions such as the European initiative “netID” or others and thus use a single user ID for user identification.


eTags (or entity tags) are so-called “cache validators” that help the browser to determine whether a resource requested by the browser can be loaded from the local cache or must be retrieved from the server again. eTags are stored in the browser’s cache and have a unique ID. They can only be set if no other eTag is already in place. This unique eTag ID can be read out and sent to the server with the respective tracking calls. The setting and reading of an eTag is similar to that of a cookie, except that the mechanism cannot be stopped neither by blocking JavaScript nor by deleting or rejecting cookies. The setting of eTags can only be prevented by switching off the browser cache. They disappear when the browser cache is deleted, similar to when cookies are deleted.

Tracking methods at a glance

Looking at the advantages and disadvantages of each method, we realize that there is no such thing as “the best” approach and that every marketing and IT team needs to address this issue. Alternatives to cookie tracking have one thing in common: They also do not release from the obligation to get the user’s active consent to use the collected data. In addition, for each solution, the user must be given the opportunity to revoke his consent at any time (opt-out).

In part 2 of our blog: What solutions does Smart Digital use for real-time personalization for customers and what experiences have been made?