What’s the Difference Between Zero, First, Second, and Third-Party Data?

Since we launched our suite of Privacy Solutions, it has generated a lot of interest and educational requests regarding the difference between zero, first, second, and third-party data. So I thought I would take this opportunity to share the differences, as well as my perspective of the future of the industry.

Privacy and Third-Party Cookie Restrictions

If you’re working in marketing and you’re worth your salt, you won’t be surprised when I say that there are seismic changes happening related to data collection. 

Companies have to rethink how they approach consumer data due to past and ongoing restrictions related to third-party cookies across browsers including Firefox, Safari, and Google. On top of that, there are the data collection regulations through GDPR, CCPA, and other forthcoming states. This has also led the entire marketing industry to re-evaluate their tendency towards a “set it and forget it” attitude when it comes to their marketing decisions and spend. They now face the challenge of getting the same conversions in a completely new way, now that cookie restrictions make some of those platforms unusable or at least less responsive.

Your Data – Zero Party Control

With these changes, many brands are reassessing their own data assets to determine if they can get more value. However, if you’re a leader of a brand and you’re talking about “your data”,  just pause for a second. When you step back and think about that data, it’s not your data. I’ve been guilty of thinking the same way, but we need to remember it belonged to the consumer first. They shared it with you for a purpose. They are entrusting you with its safekeeping.

As a consumer, I can understand if you’re storing data within a cookie for my login. If you’re storing things in my shopping cart, that makes sense too. I even appreciate it if you’re paying attention to what I’m shopping for on your website. If I buy something and you ship it to me, I’d like for you to remember that to expedite the next purchase and delivery. When I engage with your brand, I want you to know something about me and to retain that knowledge to service me in the manner I expect. However, I’d also like to understand what data I generate. And I’d like to be in control. It belongs to me first.

The language we as marketers use to describe this data is a little clunky. We refer to the data as “zero-party”, “first-party”, “second-party,” and “third-party.” But most average people have likely never heard of these terms before.

Breaking down the difference between zero, first, second, and third-party data. Zero-Party Data: Information that a consumer actively and freely shares. First-Party Data: Information a company directly collects about consumers as the consumer interacts with their brand. Second-Party Data: Another company's first-party data that your company has permission to use, enforced by contractual agreements. Third-Party Data: Information aggregated from a number of public and non-public sources that may not be given explicitly by the consumer.

Zero and first-party data are easily conflated in traditional definitions, so we need to increase our precision in meaning. Zero-party data is the data you freely share with a brand. In more colloquial terms, it’s your data. You control it, or at least you should. 

It’s our belief that the arrow of time is bending toward zero-party control and personal identity control.

Will you decide to share your Mobile Ad ID with companies and brands? That possibility didn’t exist ten years ago, and in another decade, we fully believe zero party control (or personal identity management) will be the new standard. The ripples of this can already be seen in the industry. Apple recently announced that with its iOS14 update, users will have to consent and opt-in to share their IDFA (Apple’s version of MAIDs) with third-parties. This means advertisers will no longer be able to target those MAIDs by default. Another aspect of the update requires app developers, media owners, and brands to disclose the data they collect and what third parties they share it with.

The trend on the ever-closer horizon is an increased importance of consented relationships on a first-party basis with the brands you deal with, and the partnerships they have with other brands.

The Third-Party Data Explosion

The data that’s been getting all the headlines is third-party data. If there is a marketing boogeyman behind some of the most salacious articles, they’re likely collecting troves and troves of third-party data.

Third-party data refers to information from people that’s been aggregated from a number of different sources, but may not have been given explicitly by the person who created it. 

It isn’t new, but it really began garnering attention when the internet created a ton of web behavioral exhaust that accumulated on vast arrays of servers all over the world. The atomic element for this type of data was a little temporary storage device called a cookie. And then entire advertising industries were invented around the acquiring and management of data within cookies.

The third-party cookie is of particular importance. Entities that you have no direct relationship with as a consumer gather data about you within third-party cookies.  These are set by companies other than the site you are visiting. They collect anonymous information to power advertising, advertising that powers a large portion of the content the world consumes.  

As Google, Apple, and Firefox browsers restrict these third-party cookies, they disrupt a large portion of the monetization of the internet.  Google, and their Chrome browser, is the late entry in providing these restrictions; they warned in January of 2020 that they will disallow third-party cookie use in the future. 

As Google and Apple have the vast majority of browser usage (~70+%) and a duopoly of mobile devices, they control many of the rules that advertisers must adhere to. The more they restrict data under the veil of privacy, they also cement their position of power as the rest of the industry built around the cookie slowly dies.  With that, companies like MediaMath, Adobe, LiveRamp, and Neustar have to invent new methods for publishers and advertisers to serve relevant ads.

Cherished First-Party Data

The other major category of data, and the most powerful for marketers, is first-party data.  First-party data is information a company directly collects about you when interacting with their brand. This data may be collected anonymously, but the most valuable interaction happens after you identify yourself to the brand either through a login, paywall, purchase, consent, and/or registration.

The most powerful first-party data collectors are Google and Facebook. You authenticate yourself with them by logging in and they see billions of people daily, thus they have power and dominance in a restricted and regulated world. Facebook alone reaches a third of the world and has a lot of first-party data that you’ve freely given them for access to their platform. A normal brand just doesn’t see you that often. These two entities benefit from receiving more than half of all digital advertising spend, and restrictions and regulations have thus far only amplified their control of the market.

Private Identity Graph, Identity Resolution, and Second-Party Data

Brands don’t want to be left to the whims of the Walled Gardens: a few large companies like Facebook, Google, Amazon, Apple, etc. To bring the media control back into their own walls, brands are investing more in their own first-party identity technology stacks, creating their own Private Identity Graphs, and building trusted relationships with their customers. They’re using the personally identifiable information (PII) shared by their trusting customers to create a common view of that person to serve them better. This view can be used across their brand and within their sub-brands. 

Although not a new concept, this form of Identity Resolution is much more complicated than it was 30 years ago. Brands that have been heavily reliant on third-party data ecosystems have some catching up to do in maintaining the persistent identity of their customers.

Brands/Publishers are also looking beyond their four walls to combat the walled gardens. They’re gathering consent from their customers to share identity across partner brands and partner platforms in order to garner more scale. This type of data sharing is referred to as second-party data.  

Second-party data is another company’s first-party data that your brand has permission to use. Data use is enforced by contractual agreements and occasionally a digital ledger that maintains the permission the consumer has given. These transparent partnerships that second-party data flows through may be the key to combat the monopolistic tendencies of the walled gardens.  

Privacy Protocols – The Future

Ideally, however, individuals–as in real people–would have more control over how all of this is happening. Often a person doesn’t truly have a complete view of how their information is being passed around. Zero-party control will ultimately address this. 

A consistent ID will be maintained by the consumer and will be leveraged by platforms, brands, publishers, and anyone that you give permission to use it. Digital rights to your information and proper pseudonymization should be embedded within the chain. Personal identity and privacy rights should be enforced through trusted proxies that enable them. The Interactive Advertising Bureau (“IAB”) Project Rearc, which begins to define the standards and protocols around such mechanisms was a start, but over the next 10 years, there will have to be many inventions created in order for true zero-party control to come to fruition. There is hope that it will happen faster, but there are decades of internet economic debt to rebuild under a new paradigm of personal rights.

Recent Blogs