IAB Tech Lab has prepared the following preliminary commentary on the developments from last week’s Apple Worldwide Develops Conference in San Jose.
We will be discussing this within our councils and committees over the coming weeks and welcome any questions or comments you might have for the community and for the IAB Tech Lab.
At Worldwide Develops Conference (WWDC), Craig Federighi, Senior Vice president of Apple Software Engineering indicated that Safari would block tracking but he specifically mentioned that it will not impact ads.
While this is technically correct – Safari will not prevent ads from being requested from ad servers – two changes are going to impact the value of ads that can be delivered to Safari users.
Details are a little sparse, but this will likely align with Apple’s position for Safari on iOS prior to 10 – Safari on desktop will simply ignore the autoplay attribute, the play() method, and similar. However, since Apple enabled auto-playing video on iOS 10 in order to reduce resource usage, it’s unlikely that we’ll see auto-playing re-enabled in desktop.
This move by Safari likely means that all video will need specific user action to trigger, transforming what can be a seamless user experience (click link and see a video) into a multi-step process. It also potentially changes the nature of all pre-roll advertising delivered to Safari users, making these specifically user-initiated.
The “Intelligent Tracking Prevention” feature described by Apple aims to close the option for a single first party event to establish a long-lasting cookie available for 3rd party reading.
Safari will determine algorithmically whether a domain has the ability to track a user cross-site. It will do this by examining the local browsing only – this is not a case where Apple is pushing out a list of tracking domains.
When a domain is flagged as being able to track a user cross-site, two new rules are enforced on those cookies by Safari:
- 24 hours after the most recent first party interaction with the domain, the cookie payload for that domain becomes unavailable in a 3rd-party context.
- 30 days after the most recent first party interaction with the domain, the cookie payload for that domain is purged.
The window between 24 hours and 30 days is meant to minimize the impact on single-sign-on (SSO) systems.
The move by Safari eliminates a major way that’s been used to establish a consistent, cookie-based identity for use by third party advertising systems. This means:
- Companies who have a persistent first party relationship and an advertising system are poised to become even more powerful.
- Efforts by the industry to create a standard ID are challenged. These efforts are seen by many as a necessary path to improving the experience and control available to publishers, advertisers, and users.
- Industry opt-out is challenged in two ways:
- Current policy is to have non-cookie tech subordinate to cookie-based opt-out, because non-cookie tech is historically less deterministic than cookies. Intermittent and uncontrolled deletion of cookie-based opt-out makes maintaining proper opt-out state in systems using both cookies and non-cookie tech less reliable.
- Opt-out for advertising systems that have occasional access to a first party context can be purged earlier than intended, resulting in occasional 24-hour bursts of targeting even when the user had previously specified an opt-out.
 The public comment period for the New Ad Portfolio showed that there was insufficient consensus to support the draft’s position on auto-play – that there’s more complexity to be evaluated before establishing a position.