The Effect on Affiliate Tracking
This follows on from an earlier article on Consent Management Platforms (CMPs) for the affiliate industry and some of the options available. It also covered the legal standpoints for affiliate partnerships and stressed the importance of understanding the effect of CMPs or cookie consent banners on affiliate tracking.
The affiliate industry is currently at a juncture where most programs have implemented first-party tracking as we have covered in earlier articles. From analysis of Moonpull audits, it is clear that in spite of this, over 80% of advertisers also have third-party cookies still in place. So even where a user rejects cookies, the third-party legacy tracking may well still operate.
Variations in Cookie Consent Banners
With over 20 consent management platform suppliers, many of whom offer several products, plus cookie bars being used, it is not surprising that there is a huge variety of consent banners, buttons or screens being presented to the internet user. We covered some of this in the article on consent management platforms.
There’s also wide variation in how the user is being led by these devices. Correct PECR compliance settings should mean that the CMP device offers options to the user without variation in colour or prominence of the Accept or Decline options relating to non-essential elements being put on the user’s device. This is quite a rare approach in practice however, as advertisers almost always rely on cookies and scripts to deliver desirable website functionality (beyond the essential), along with analytics and of course affiliate and other tracking.
As we shared in the earlier article, the UK regulatory authority (ICO) had to roll back from their original fully compliant CMP as 95% of users were rejecting all non-essential cookies; so advertisers who need onsite technologies to work properly – and affiliate partnerships to be rewarded correctly will need to achieve far better acceptance rates.
From an affiliate publisher perspective, the most attractive advertisers will be the ones where the consent notice is appropriate to the advertiser’s audience to maximise user acceptance of cookies to be set and thereby aid conversion. Advertisers’ affiliate managers and their colleagues in ecommerce teams will therefore need to balance the needs of partners with their legal requirements in their approach to compliance to allow for a successful program.
Examples of Consent Banners
Moonpull is presenting these examples from the perspective of how they illustrate a range of approaches. Different advertisers may have different legislative requirements based on their use of differing technologies. So, these are illustrations of approaches and not recommendations or judgements on compliance.
There are many advertisers at the totally non-intrusive end of the spectrum:
1 – this example on the Wickes.co.uk website:
2 – Marks and Spencer offers clearer options (as of October 2023):
‘Accept all cookies’ is presented as perhaps the more attractive option. One month earlier M&S showed this version:
3 – JamesMartinChef.co.uk is one of the quirkiest we’ve encountered:
Silver lists no cookies, with a different colour button; gold and platinum 6 cookies each.
4 – British Airways
This is similar to many of the more common implementations of consent messages, though here it doesn’t show their brand – although those in the know will recognise their fonts and colour palette – and the user has to agree or customise:
Previous versions required a lot more from the user to grant access, which may have led to the change potentially due to too little consent being achieved for satisfying their commercial objectives, as in the example of the UKs ICO website mentioned before.
5 – At the extreme compliance end of the scale this example from VisitLondon, though still this steers the visitor to accept:
Marketing may have had to pull rank over legal to avoid the lack of visitors – as this with a much less compliantred button to Allow all cookies replaced the banner during September:
6 – The most compliant are set out as described at the beginning of the article.
This example from the Webgears group:
The Consentmanager CMP does not allow preview to the site unless the CMP has been engaged. Interestingly, if the user clicks elsewhere on the page, a second tier banner appears (try that yourself). This presents two options for Reject all or Accept all, equally presented.
7 – TUI is a rare example of a consumer website with no button being shown as preferred:
Perils of non-compliance
The reason we are seeing such significant difference in the cookie banners that websites greet visitors with is that compliance is legally important across an increasing number of markets. PECR regulations are just that and not a ‘best practice’ recommendation. And this can end up with some significant fines for non-compliance.
CookieYes highlighted 8 in a recent article:
- TikTok was fined $5.4 million in January 2023 by CNIL France
- Microsoft Ireland was fined $65 million by CNIL France
- Sephora was the first fine, of $1.2 million or violating California’s CCPA
- Google was famously hit with $162 million fine in December 2021, again by CNIL France
- Facebook was also fined at that time $65 million by CNIL
- Amazon was an early fine in December 2020, $38 million by CNIL
- CNIL also fined Carrefour $3.23 million for violations including cookie consent
- Twitter was fined $32,000 by Spainish agency AEDP source: CookieYes
This has given advertisers’ legal teams a much stronger voice at board level to urge for stronger website compliance. This led to extremely compliant banners being introduced particularly by larger retailers, often resulting in websites being almost unusable if all cookies are rejected. Many as we see in the examples above, have rolled back the compliance to make them much more user friendly for consumers.
What can we learn from this?
This review of consumer and retail websites shows that there is a variation, which continues to develop and change. Overwhelmingly, we see that more consumer focused sites don’t show much granularity beyond Accept / Manage / Reject. Also there is almost always a nudge to Accept all either by colour, button size or page positioning. More corporate websites tend to be more strictly compliant to PECR regulation.
This applies across most European markets with a requirement for one of the buttons to be engaged with. We are increasingly seeing adoption across other markets. Australia, Canada and Thailand all strengthened privacy legislation over the past year, along with many US States.
The picture will vary across the USA as privacy legislations are enacted. The US now has eleven states with privacy legislation, a doubling since last year, which all vary in requirements, making a tricky landscape to adapt to for advertisers. Many of the CMP providers offer increasingly intelligent solutions to cover much of the variation.
It is also fair to say that from this brief examination of CMPs, that it does appear that many websites are adjusting their positions on how to present cookie consent banners along the spectrum from full legal compliance to the marketing friendly and simpler devices. All will of course be keeping an eye on legal cases and fines already being levied for non-compliance.
From and affiliate publisher’s point of view, it is important to regularly check the most important partner merchants and advertisers to understand what your visitors are met with on the affiliate referral. Moonpull audits enable a publisher to schedule regular audits of the top 20 or more advertisers to monitor changes in both tracking and CMPs, something that is increasingly important to ensure affiliate revenues are protected.