Apple’s latest privacy updates will affect data sources commonly used by mission-driven organizations. Let’s explore how your organization can adapt to the changes.

In 2017—after years of unease among privacy advocates and users—Apple began announcing and rolling out a series of changes to reduce the volume of data collected and make users more aware of data collection. These changes represent a significant shift for digital marketing, which has long been allowed to collect demographic, psychographic, and behavioral data often without user awareness or approval. While these changes give users more control over how their data and information are being shared, they’re also forcing organizations to change the way they track and report on their digital performance.

To break down the effects of these changes, let’s review three sources of data commonly used by mission-driven organizations that are impacted by Apple’s changes, where you can expect to see these changes in your reporting, and how your organization can adapt to the changes.

1. Fewer return visitors

Since 2017, Apple has included a feature in its Safari browser called Intelligent Tracking Protection  or ITP, which seeks to “limit tracking while still enabling websites to function normally.” In 2019, Apple updated ITP to version 2.1, which for the first time limited the length of time first-party cookies could store information to seven days.

When you visit a website, cookies allow the site to store information on your web browser so it can recognize you in the future and remember information like your language or user name. Cookies are categorized as either first-party, meaning the website storing the information is the one you’re currently visiting, or third-party, meaning the website has included code from an external site and that site is the one storing the information. Third-party cookies are used by ad companies to track you as you visit different sites around the internet, building a profile of you and your interests based on the sites you visit and using that to send ads to you. Because third-party cookies are typically used to track advertising, many browsers already block these cookies and others have announced plans to block them in future versions. Apple’s update goes a step further by limiting first-party cookies, which are often used to improve user experience but can be used for tracking information on visitors.

One of the most common implications of Apple’s change is a reduction in Google Analytics’ ability to report on new and returning visitors. Google Analytics utilizes first-party cookies, so it won’t be impacted by the wider trend of blocking third-party cookies. For most visitors, Google Analytics’ cookie expires after two years without a return visit. However, when someone visits with Safari 12.1 or higher, they would need to return within seven days to be counted as a returning user. After those seven days of inactivity, the cookie will be deleted and they’ll now be considered a new user.

It has taken time for Apple users to update their devices to versions with these new privacy features, and as that’s happened, we’ve seen organizations grow concerned about a slow decline in return visitors. Many organizations have attributed the change to the COVID-19 pandemic and because the Safari browser is only used by about 18% of web traffic, it has often made these changes appear gradually and thus less obviously the result of a technical change. When using the new and returning data points in Google Analytics, we recommend you exclude Safari visitors to ensure data is comparable before and after this change. 

2. Decreased ROI on ad spending

In April 2021, Apple released its next round of privacy updates with iOS 14.5, which included a new privacy feature called App Tracking Transparency. The feature requires apps to prompt users and receive their permission before it’s able to access the device’s Identifier for Advertisers (IDFA). The IDFA allows applications to uniquely identify your device without revealing personal information, such as your name or email address. Prior to this change, apps could share information about purchases and browsing histories with third parties and the unique IDFA made it easy for those companies to weave those disparate data points into a detailed profile about the user.

As users have updated their devices, the vast majority have denied apps permission to access their IDFA, leading some companies to try to continue to collect data on people who’ve declined to share their IDFA by using their IP addresses and other device and network details to create a unique fingerprint of the devices and users. However, Apple has warned that apps that try to skirt its user approval process will face penalties.

For organizations running ad campaigns, these changes could impact results and data in numerous ways. For example, a budget that was appropriate for the size of an audience in the past may now be excessive as some users are online but can’t be identified as a member of your target audience. In this first instance, the advertiser would experience a lower reach and higher CPM (“cost per mille” or cost per thousand is a measurement of the cost an advertiser pays for one thousand views or impressions) compared to when the same audience was targeted previously. Additionally, campaigns may report reduced conversions and ROI, as return visitors are incorrectly tracked as new users rather than returning visitors who previously viewed or clicked on an advertisement. In this second instance, organizations might experience increased donations or sales as a result of an  advertising campaign, but those sales might be attributed to new visitors rather than viewers of the campaign.

3. Declining email open rates

In June 2021, Apple announced that their next software release this fall will include further privacy features, including a feature called Mail Privacy Protection, which is likely to have the largest impact to date on mission-driven organizations.

Though many people aren’t aware, emails from organizations and corporations typically include an invisible tracking pixel that communicates to the sender that the message was opened along with  the reader’s IP address, which commonly identifies their location. With the release of iOS 15 and macOS Monterey this fall, users of Apple’s Mail app will be prompted and tracking pixels will be blocked unless they select to allow tracking pixels on their iPhone, iPad, or Mac. If people respond as they have to previous Apple prompts, it’s likely the vast majority of users will opt-out of email tracking.

Blocking email tracking pixels will result in organizations losing the ability to accurately track open rates, the most commonly used metric in evaluating email performance. Open rate enables senders to track how engaged their audience is and how that engagement is changing over time. Senders don’t typically know what email client their recipients are using, so excluding Apple users isn’t an option, resulting in a situation where senders won’t know if their email was received and not opened or opened and their pixel was blocked. The impact of this change will be substantial as, according to the May 2021 data from Litmus, 93.5% of all emails opened on iPhones or iPads were via the Apple Mail app.

After the software update, email senders will still be able to monitor when users click on a link in an email and identify the specific message opened and link clicked via UTM tags. Not all organizations consistently tag each link in their emails with a unique identifier, but as open rate data becomes unreliable, this data will prove vital in evaluating email performance.

Because senders will be able to track clicks but not the opening of messages, we expect newsletters will move to include a paragraph or two and then require readers to click to finish reading articles. Additionally, we expect to see more surveys sent out via email as organizations attempt to replace information on changes in interest and engagement over time.

An overdue correction

User response to Apple’s privacy features released to date seems to strongly indicate they don’t want to be tracked in these ways and don’t view the value they receive as worth the loss of privacy. This fits a larger trend of low trust in advertising. The most-recently published edition of the Ipsos MORI Veracity Index, which tracks trust in professions in Britain, found advertising executes the least trusted profession with just 13% percent of people saying they trust them, lower than politicians and bankers. This is a strong indication that the all-too common practice of using people’s data without their consent has gone too far and that the public wants more privacy and say over what’s recorded and shared about them.

For mission-driven organizations, this is a moment to question if your organization is collecting more data than is needed and if users are aware and consenting to its collection. Organizations that emphasize transparency and user control are likely to enhance their reputation while organizations that don’t risk eroding trust with their supporters.