First-Party Data and Zero-Party Data: marketing & legal tips

Posted in: Digital marketingLast update: 04/03/22

Terms like Zero-Party and First-Party data are being increasingly used in marketing. And more often than not, it is connected to the elimination of third-party cookies. Which in turn, will minimize third-party data collection. If you want to learn more about what these terms mean, and how they affect marketing, keep on reading. We have teamed up with the Letslaw legal team to explain it, and to help you better aim your data collection and audience generation strategies.

The digital marketing world is facing its greatest revolution in recent times: the elimination of third-party cookies. Aka the cookieless effect. Browsers such as Explorer, Firefox, and Safari have already eliminated these cookies from their platforms. Likewise, Google Chrome has announced that in 2022 they might follow suit.

In a context where users are increasingly sensitive to their personal data treatment, and where lawmakers and regulators are demanding companies greater compliance policies regarding privacy, third-party cookies seem to have their days counted. Especially those aimed at personalizing ads on other websites.

Third-party data. Marketing cookies

What this means to the digital marketing industry, is that advertisers won’t be able to source data from third-party cookies. Therefore, the algorithmic formulas for profiling and hypersegmentation will have to be adapted. And consequently, we will need to develop techniques based on first-party cookies to provide users with targeted advertising based on their preferences. Eventually allowing agencies and advertisers to streamline their digital marketing efforts.

It is at this point that concepts like Zero-Party data and First-Party data take the center stage. Their aim is to reduce the volume of collected information up to now and to focus on what is essential to understand the users’ interests, and fine-tune the ads the user sees. Hence, the bet is on quality over quantity and aims to protect the users’ privacy.

Differences between First-party and Third-party data

What is Zero-Party Data and First-Party Data?

Before getting into explaining what Zero-Party data is, it is worth going over the concept of First-Party data. That is to say, data collection through first-party cookies.

On the one hand, first-Party data is the information gathered solely through cookies (or any kind of information retrieval tool) created and stored by the website that the user is visiting.

Keep in mind that any kind of tracking or information retrieving technology falls under the legal definition of cookies as stated by the GDPR.

On the other hand, Zero-Part data is the information that users willingly and proactively share with the website they are visiting. This includes information regarding users’ preferences. Thus, creating their profiles themselves.

This is to say that, while FIrst-party data information collected by the advertiser through its own cookie technology. Zero-party data takes it one step further.  Meaning, the users intentionally define their interests and preferences profile.

Implications on getting consent

To begin with, the use of First-party data and Zero-party data shouldn’t have any major legal implications regarding how to get consent to gather users’ data. Either way, being information gathered through First-party cookies, the same criteria used up to now would apply.

For example, when visiting a website nowadays, the cookie management option will always come up for the users to decide which data can be stored. In this scenario includes both First-party, and Third-party cookies.

Cookie settings

Some of these cookies aim at gathering information on the user and offering a better experience on the site. For instance, allowing users to sign in or manage their shopping cart.

First-party data. Essential cookies

In the case of the EU, Article 5.3 of Directive 2002/58/EC of the GDPR states that the only cookies exempted from informed consent on behalf of the user are those “for the sole purpose of carrying out the transmission of a communication over an electronic communications network”, as well as cookies that are “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. E.g. The cookies necessary to log into a website. 

To learn more about the criteria laid out by the European Committee for Data Protection, you can refer to the Opinion 4/2012 of the Article 29 of the data protection working party.

However, in countries like France, the mandatory status of informed consent is changing in some specific categories of First-party cookies. Specifically, those labeled as non-intrusive first-party cookies.

In fact, in this document issued by the French Authority for Data Protection titled “Cookies: solutions pour les outils de mesure d’audience”, the French agency has decided to authorize the download of non-intrusive first-party cookies through opt-out mechanisms. This is done by presetting the selection of these cookies in the banner’s CMP, or cookie notification.

However, the only cookies that can be downloaded without the user’s informed consent are some very specific ones. Only those aimed at measuring the website’s audience (analytic cookies) on behalf of the website itself. As well as those used strictly to produce anonymous statistical data. Furthermore, this information must never be yielded to third parties. Nor allow the indiscriminate tracking of the user’s browsing activity through these cookies.

First-party and Third-party data. Cookie selection

Having said this, it becomes evident that we are facing a change in the trends within the digital marketing industry. A change that will result in increased transparency for the user. As well as a broader knowledge of the audience based on the information that users willingly share with the brands.

Consequently, new forms of informed consent based on new interpretation criteria of the regulations may emerge. As has been the case with the French data protection agency.

Easypromos and Letslaw will continue to inform on any change that may occur in terms of the use of cookies and privacy.

Luis Seoane

He is in charge of the department of Digital Law at Letslaw. He specializes in digital marketing and intellectual and industrial property. He advises domestic and international clients on data protection, e-commerce, and advertising, among others.

Publication date: 2022-01-24