Product Notice: Eloqua's Response to the Google Chrome80 SameSite Changes
Google has announced changes to their third party cookie tracking with Chrome 80 in order to help improve privacy and security across the web. These changes, expected around February 4, 2020, require third party cookies to be updated to maintain the same tracking abilities that have been present until now. Fortunately, Eloqua has updated its cookie settings to adhere to the changes coming in Google Chrome.
While we have already updated our cookie setting in preparation for the Chrome 80 update, we have outlined some recommended actions below to ensure you’re able to track and leverage your visitor data to provide a consistent cross-site experience.
Note: customers using Eloqua first party cookies are not impacted by this change to Chrome.
What is the Chrome 80 Same Site Update?
Starting on February 4th, 2020, Chrome will not allow access to third party cookies unless the SameSite attribute is set to 'none' and the secure flag is set. The SameSite attribute tells the browser if a cookie is available to first party and/or third party sites. SameSite attributes can be set to ‘lax', ‘none' or ‘strict’.
Specifically, Chrome 80 will by default label third party cookies as SameSite=’Lax’ if a value is not explicitly set during cookie creation. The default behaviour prior to Chrome 80 assumes a SameSite value of 'None', allowing access to the third party cookie. Third party cookies with a SameSite value of 'Lax' are not accessible on pages at domains other than the domain that created the cookie. Note: Eloqua is explicitly changing the setting to SameSite=’None’ in order to avoid it defaulting to ‘Lax’- more information on this below.
Definition and cookie behavior for each setting:
- SameSite = ‘Lax' enables only first-party cookies to be sent/accessed. The Domain in the URL bar equals the cookie’s domain (first-party).
- SameSite = 'Strict' is a subset of 'lax' and won’t fire if the incoming link is from an external site. This setting is more common in industries that require more stringent security. The domain in the URL bar equals the cookie’s domain (first-party) and the link isn’t coming from a third-party.
- SameSite = 'None' signals that the cookie data can be shared with third parties/external sites (for advertising, embedded content, etc). No domain limitations and third-party cookies can fire.
How does the Chrome 80 update affect Eloqua?
In response to the changes planned by Google, on January 28, 2020, Oracle Eloqua implemented a change to explicitly label cookies with SameSite = ’None’ and the flag set to secure to allow third-party tracking in Chrome 80.
This will allow Eloqua third party cookies to continue to function and track visitors as they always have.
- Establishing New Cookies
- The Eloqua update implemented to accommodate tracking changes in Chrome 80 require that Eloqua cookies be updated for visitors after January 28, 2020.
- If an existing cookie is not updated prior to a visitor updating to Chrome 80, no tracking data will be lost or removed from Eloqua, however visitors will get a new cookie upon visiting an Eloqua tracked page and become an anonymous visitor until a link can be made to their Eloqua contact via traditional methods of clicking through a link in an email, submitting a form to Eloqua, or visiting a PURL page.
- Visitor Tracking Metrics May Be Impacted
- It is important to note though, that as a result of this change in behavior, it is possible that Eloqua customers will temporarily see a decline in visits linked to a contact immediately after the Chrome 80 launch date. Once the association between cookies and contacts is re-established, visits linked to contacts will return to expected levels.
- This drop in tracked activity can impact marketing actions and metrics that are dependent on the browser reading a third party cookie for tracking purposes.
- Move from Third Party Cookies to First Party Cookies:
- While not mandatory at this time, we highly recommend that Eloqua customers start considering moving to first-party cookies as security and privacy regulations will continue to evolve and become tighter.
- First-party cookies are less likely to be blocked and may allow you to track visitors more successfully than using only third-party cookies. In the event that an Eloqua third-party cookie is blocked, the first-party cookie tracking data will still be collected. Learn more now.
- Reestablish new cookies as soon as possible
- Customers concerned about losing the cookie association are recommended to re-engage their visitors to reestablish cookies. For example, send out an email requesting customers update their preferences, providing a link in the email to a tracked Eloqua page. This will ensure the association between the contact and the cookie through this update.
Q: Will this change to tracking impact other browsers or other versions of Chrome?
A: No tracking will be changed to other browsers or previous versions of Chrome as a result of this update.
Q: Is there an impact to Field Merges?
A: Field merges will not be affected and continue to work as designed. If a visitor is known (linked to a contact), the contact’s data will be included in the field merge. If a visitor is anonymous (not linked to a contact), their contact data will not be included in the field merge.
Q: What happens with Web Data Lookups? For example, form pre-population on an Eloqua landing page?
A: This is dependent upon the type of web data lookup. Some data is available directly on the Eloqua visitor profile. A visitor based web data lookup may be affected since some visitor profile values come from contact fields. In the case where a known visitor becomes an anonymous visitor, contact field data will not be available to the web data lookup. When the visitor is linked to a contact, the contact field data will become available again. Often times, visitor and contact web data lookups are used together - i.e. lookup the visitor details to gain specific details that allow lookup of additional contact fields. When a visitor is not linked to a contact (anonymous visitor), the details to perform the contact lookup may not be available.
Q: Will this impact our CRM integration?
A: Indirectly, yes… If new cookies are created and remain anonymous, those activities will not be able to be linked to a contact or lead in the CRM application until the visitor is linked to a contact in Eloqua.
Q: Can I opt out of this change?
A: No. Google has implemented these changes to help improve privacy and security across the web.
Q: If we switched to first-party cookie, will it track all the same data the third-party tracks?
A: Yes, within a given domain. The primary difference between third party and first party cookie tracking is a third party cookie’s ability to track across multiple domains. Example: domain1.com and domain2.com are setup with Eloqua third party tracking. When a visitor visits domain1.com and gets a third party cookie, that third party cookie is also accessible via domain2.com. With first party cookies, the domain1.com first party cookie is accessible only by web pages hosted at domain1.com. If a visitor then visits domain2.com, a second first party cookie is created with a unique tracking id for domain2.com. For more information, please visit: Eloqua Info: First vs Third Party Cookies
Q: Will this impact Insight reports?
A: You may notice a drop in web visits and page views associated to contacts and an increase in anonymous visitors until visitors reestablish themselves as “known”.
Group Product Manager, CX - Marketing: Eloqua