< Back


The pitfalls of personalization platforms that use supercookies & fingerprinting

August 17th 2023

Mike Austin

By Mike Austin

CEO & Co-founder

The pitfalls of personalization platforms that use supercookies & fingerprinting - featured image

The demise of third-party cookies has been well documented; browsers have been steadily blocking these types of cookies for a while due to increasing privacy concerns and legislation such as GDPR. But in the quest to track website visitors, some businesses go further than third-party cookies using a practice called fingerprinting. This is done using supercookies, which are used in place of ordinary cookies to store user identifiers.

In this blog post, we’ll discuss how some personalization platforms use supercookies and fingerprinting, the pitfalls of this approach and a better alternative for personalizing the customer experience.

What are supercookies and why are they bad?

There are lots of types of supercookies. They used to be flash cookies, but now the term is used for any kind of tracking technology that generates a unique fingerprint for your device, browser, or session and shares it with websites, where they are used in place of third-party cookies.

Supercookies can be used in place of ordinary cookies to store user identifiers, which is why you might hear personalization platforms who use this approach for identity resolution positioning their technology as a move away from third-party cookies.

But there are two problems with supercookies.

For website owners, any trick or technique that acts like a cookie is legally the same as a cookie and must be clearly announced on your website. Regulations like GDPR are independent of the technology used. Any trick that tracks like a cookie is legally the same as a cookie and must be announced on your website and require consent.

And for users, supercookies are much more difficult to refuse and block, or even detect, so it’s harder to protect their privacy. If you as a marketer are invading consumer privacy, there is a high risk of justified complaints and reputational damage.

Many browsers are now cracking down on them: for example Firefox is making changes to greatly reduce the effectiveness of supercookies in a bid to keep all of their users safe.

How personalization platforms use supercookies & fingerprinting

Some personalization platforms go too far and track and share user data across all websites that have the platform’s script installed, enabling their clients to identify a greater proportion of their anonymous website traffic without needing third-party cookies.

The first issue with this approach is that it requires informed consent from the user to share their personal data with third parties. If consent isn’t being given, this approach is likely to be illegal in the EU and UK. And as previously discussed, browsers are cracking down on supercookies and fingerprinting, making this method of identity resolution unsustainable.

The second is that supercookies serve the same purpose as normal cookies so you need to tell users all about them, just like with normal cookies. You have a legal requirement to get consent for all supercookies or fingerprinting techniques that you or your data processors use.

And the third issue is that if you use a personalization platform like this, your company’s data is being aggregated to benefit other website owners, including your competition.

Any company that claims to have unique IP in this area should be avoided, unless it can explain the tech in detail, say why it is legally compliant in your region, and can provide you with full details about their use of fingerprinting and supercookies for you to include along the explanation of your normal cookies.


An example of this is Epsilon’s Core ID, a portable platform for shared personal data. Unlike platforms such as Fresh Relevance which use first-party cookies and have the customer as the data controller (meaning the customer owns the personal data, not Fresh Relevance), Epsilon is a data controller and therefore owns the personal data, which they can use on thousands of websites across the Internet.

Before working with tech providers who track data and personalize the customer experience in this way, ask them how GDPR user rights such as “subject access requests” and “deletion” can be implemented.

An alternative solution

The ability to accurately identify users is a fundamental requirement for creating personalized customer experiences. That’s why it’s important to steer clear of platforms that use questionable tactics such as supercookies and fingerprinting. Instead, look for software that will help your business future-proof its identity strategy in order to continue reaping the benefits of personalization as well as growing and enriching your customer database, something that will benefit your business in many ways in the future.

If a personalization platform keeps each website separate, it doesn’t need dodgy techniques. Standard first-party cookies, stored by your website, are enough.

Find out how your personalization platform identifies users, and opt for a platform that uses a combination of zero-party data (data that people enter into your forms) and first-party data (what they do on your website), steering well clear of solutions that rely on third-party data, fingerprinting or other techniques designed to subvert or get around privacy protection legislation.

Not only is using first-party data the most compliant solution, it’s also more lucrative. A study from Google and Boston Consulting Group found that businesses using first-party data for key marketing functions achieve up to a 2.9 times revenue uplift and a 1.5 times increase in cost savings.

Fresh Relevance’s approach

Fresh Relevance uses a combination of first-party and zero-party cookies. Our cookies are essential because:

  • They help provide a fully-functional shopping experience
  • They are first-party cookies
  • Each of our clients is the data controller and they own all the personal data of their customers
  • Fresh Relevance is their data processor, helping them implement their website and shopping experience

This means Fresh Relevance cookies can be used by default, without requiring consent from the website’s cookie banner.

Further reading on essential cookies:

Directive on Privacy and Electronic Communications (PECR)
Information Commissioner’s Office (ICO)

Learn more about Fresh Relevance’s approach in our Personalization Buyer’s Guide to Identity Resolution and book a demo to find out how we can help you create the engaging customer experience you envision in a legally compliant, future-proof way.

Download the Personalization Buyer's Guide to Identity Resolution

Mike Austin

By Mike Austin

CEO & Co-founder

Mike Austin is co-founder and CEO at Fresh Relevance. Recognizing the challenge of data aggregation in the ecommerce space, Mike launched Fresh Relevance in 2013 with co-founders Eddy Swindell and Pete Austin to solve this need and optimize the customer journey.