Special thanks to Rahul Marupaka, Manager of Analytics Implementations at Merkle | Cardinal Path, for his collaboration and contributions on this article.
Apple released the latest version of iPhone’s operating system, iOS17, on Monday, bringing new privacy features to market that will create additional headaches for data-driven marketers dealing with the challenges of accelerating data deprecation.
Data deprecation is a reduction in the availability of once-reliable and abundant data, due to privacy regulations, walled garden restrictions, cookie deprecation, and consumer actions like ad blocking and opt-outs. Essentially, it’s a phenomenon that makes previously available data obsolete, making it more difficult for marketers to collect and activate on consumer data for marketing and advertising use cases.
To help marketers understand and prepare for the impacts of Apple’s latest release on data collection and activation strategies, we’ve spent the last few weeks testing iOS17’s Link Tracking Protection and Advanced Tracking and Fingerprinting Protection features – and found some surprising findings, especially for those who rely on Google’s marketing and ad technology.
What’s New in iOS17 Privacy Protections
As announced by Apple back in June, iOS17, iPadOS17, and MacOS Sonoma are equipped with a new Link Tracking Protection feature in Messages, Mail, and Safari Private Browsing to prevent user identifiers from being collected. Now user identifiers, like click identifiers from advertising platforms, will be stripped from all URLs while leaving the rest of the link intact and working as expected, regardless of whether the click-through opens a Private Browsing or regular Safari window.
But that’s not all. Upgraded versions of Safari will now “go even further to help prevent websites from using the latest techniques to track or identify a user’s device” by keeping users’ “most sensitive browsing safe with more aggressive tracker blocking” with the roll-out of Safari’s Advanced Tracking and Fingerprinting Protection. By default, this feature applies to Private Browsing mode, but users can easily apply it to all browsing in Safari.
Rely on Google AdTech or MarTech? Get Ready for Impact
The impacts of Apple’s new privacy features in iOS17 have the potential to be much bigger than you might expect, especially for companies reliant on Google technologies. Based on our recent testing of both the beta and public versions of iOS17, some data collection tools are blocked entirely when users are in Private Browsing mode or have extended the advanced tracking protection to all browsing on Safari. This puts the newest version of Safari more in line with the privacy-focused Brave browser, which blocks many URL parameters, tracking scripts and cookies by default, than browsers like Chrome, which does not block that tracking, in either regular or private browsing windows.
Link Tracking: User Click IDs Stripped In Both Private and Regular Browsing
We found that the Link Tracking Protection feature operates as described by Apple. Regardless of whether a user sticks with the default setting or opts-in to advanced tracking protection for all browsing in Safari, identifiers that can be linked back to a user are consistently removed upon click-through while non-identifiable parameters on the link are left intact. Click identifiers from digital advertising campaigns across platforms like Google Ads, Facebook, and TikTok will be stripped in Private Browsing mode when the device is using Safari’s default setting, and in both private and regular browsing sessions when the user has chosen to extend the setting to all browsing.
Tag Management: Google’s TMS Blocked While Others Are Not
Here’s where things start to get interesting – or concerning, if you’re a modern-day digital marketer. The tag management systems (TMS) we tested don’t all operate the same way in iOS17. In our testing, we found that both Adobe and Tealium’s TMS solutions work as expected in all versions of Safari, but Google Tag Manager (GTM) is blocked entirely in Private Browsing mode and when advanced tracking protection is applied to all browsing. This means that any tag loaded to GTM will also be blocked, whether it’s intended for analytics, experience, advertising, or other important site functionality.
Advertising and Analytics Tags via a TMS: Inconsistent Results Across Implementations
The results become more muddled when testing individual marketing and advertising tags loaded by a tag management system. Even though Adobe Tags and Tealium iQ loaded as expected in all test scenarios, we found that individual tags within them may be still impacted.
Client 1: All analytics and advertising tags tested were blocked when in Private Browsing mode or the device was opted-in to advanced tracking protection for all browsing.
Client 2: All analytics tags and half of advertising tags tested were blocked in Private Browsing mode or when the device was opted-in to advanced tracking protection for all browsing.
Even though these two clients had similar tracking technology in place on their websites, there were different results from Apple’s advanced tracking protection. Pinterest and Bing Ads tags continued to collect data when implemented via Tealium, but not Adobe Tags. And yet, Google Ads and Analytics tags were blocked in both test scenarios.
Analytics Tags: Google Analytics Consistently Blocked Regardless of Implementation Method
What about when tracking pixels are directly embedded in a site? Results are also a mixed bag here, depending on the tech platform. In our testing, we found that Google tags are frequently affected while others are not, in both Private Browsing mode and with advanced protection applied to all browsing.
Advertising Tags: Google, Facebook and DSPs Blocked
We found similar results with advertising tracking codes embedded in a site directly. Some AdTech is impacted, while some is not. Some of the largest players’ tracking codes, including Facebook, Google Ads and Campaign Manager, Criteo and The Trade Desk, are impacted by the advanced tracking protection feature, while others’, including Microsoft Ads, TikTok, LinkedIn and Pinterest, are not, regardless of the Safari browser setting applied.
“Privacy. That’s Apple.”
Though we found the iOS17 impact on data collection is somewhat inconsistent, Apple’s move toward further restrictions should come as no surprise. In the past few years, the company has cleverly positioned itself as a privacy champion in a world of personal data-hungry tech company competitors and released a steady stream of product updates to support that narrative. Several earlier versions of iOS have introduced market-disrupting restrictions on data collection across browsers, apps, and email, including 2018’s Intelligent Tracking Protection (ITP) and 2021’s App Tracking Transparency (ATT), Mail Privacy Protection, and Private Relay features. 2023’s latest release is no exception and further influences the data deprecation trend happening across the industry.
How Marketers Can Respond
Now that iOS17 is publicly available, marketers should test their digital data collection infrastructure on Apple devices to evaluate the impacts to their marketing ecosystem. Apple’s product updates are one influence of many on data deprecation, but a good test case for understanding how a change in one platform has the potential to disrupt many established data collection and activation workflows across a company. Evaluating the effect of data deprecation drivers like iOS17 is a good starting point for identifying where a tech stack is most vulnerable to data deprecation and building a plan to address it.
Understanding the ways iOS17 changes will affect your data capture platforms, especially downstream impacts that create blindspots in media optimization, measurement, and audience creation, is the first place to start. The Merkle | Cardinal Path team is available to help you identify the macro impacts of these types of changes and create an action plan to address the greatest impacts to your marketing strategy.