Zero-, first- and third-party data: What’s the difference?

Business runs on data, much of which comes from customers, website visitors, app users and others. User data can come in many forms. It can be explicit identifying information, like name, address or credit card number. It can be less explicit, but can become identifying if combined with additional data points, like IP address, birth date, or country of residence. Or it can be based on what people do online or how they express interests and preferences, like browsing history, ecommerce activities, or signups for marketing communications from companies.

All of this is personal data, and in some cases personally identifiable information (PII). Some of it can fall into the category of sensitive personal information. Learn more about PII.

For business purposes, and especially marketing, user data falls into four main categories:

• Zero-party data
• First-party data
• Second-party data
• Third-party data

Three of them are the most widely spread and used.

To date, third-party data collection and use has been the most common online, powering everything from advertising to analytics to marketing tools. However, there are issues with this type of data, and companies are moving away from using it.

Different tools benefit different aspects of data strategy. A preference management platform (PMP), for example, enables consent collection for zero- and first-party data. This can be part of a broader shift to valuing and investing in customer retention as much or more than just focusing on customer acquisition.

Companies are becoming more strategic about what data they want and what they want to use it for, as well as how it can best provide a strategic advantage. It should be noted, however, that there are valuable uses in marketing strategy for all of these types of data, if used in the ways regulations allow and for the purposes to which they’re best suited.

Zero-party data, also referred to as explicit, opt-in or self-reported data, is sometimes described as the “Holy Grail” or “future of marketing”. It is data that customers, visitors, and users intentionally and voluntarily share with a company, typically when prompted by the company.

Zero-party data doesn’t rely on third-party sources for collection, and doesn’t require analysis or inference of user preferences because the user has explicitly stated them. To achieve best practices, these preferences can be centralized in a preference management platform (PMP), which harmonizes collection, storage, and activation of data across tools and systems.

What are examples of zero-party data? The information provided to and collected from forms, surveys, account applications or profile creation, and more, sometimes in exchange for a reward, but not always. Users provide this data to obtain benefits from companies, which can include more personalized offers, recommendations or experiences; communications in their preferred format or frequency; or just enable people to shape their user experience with a brand.

Zero-party data helps provide control to users, as they are in charge of at least some of the personal information they share and for what purpose or benefit. However, if consumers are mainly focused on a specific one-time reward, the data may not be fully accurate as the user is just providing it to get that reward. Companies need to use smart, longer-term strategies and careful messaging to avoid this.

As consumers become more concerned about data privacy, and regulations restrict how personal data can be collected and used, zero-party data solves several problems for companies. It meets several requirements for valid consent (per various regulations):

• freely given
• specific
• informed
• unambiguous

The full list of requirements for valid consent under the GDPR, which remains the source of many privacy best practices, is as follows.

Separate consent is not required since the data would not be accessible if the customer didn’t voluntarily provide it. It is also fairly easy to enable zero-party data use to meet the requirement of being easily withdrawn as well, as a person can unsubscribe from a company’s communications, ignore a survey, close an account, etc.

The biggest challenge to the growth of access to zero-party data is that consumer trust ratings remain low, which is not limited to any specific industry; it’s widespread (see the reference to the aforementioned “Wild West”). Companies need to earn trust over time and across channels by demonstrating transparency and respect for user privacy and providing consistently positive and beneficial experiences before customers are willing to exchange data for discounts, targeted communications, product recommendations, or other benefits.

First-party data, sometimes also referred to as customer, proprietary, owned or in-house data, is obtained in the next most direct way after zero-party data. Insights derived from it can sometimes be less accurate than with those from zero-party data, but it is still a very important data source for companies’ data strategy.

First-party is the data that companies collect from customer web activity via their own channels. What are examples of first-party data sources? Websites, ecommerce shops, apps, social media, email, etc. Anywhere consumers interact with the company.

It includes a broad range of data that can reveal not only who a user is, but what gets their attention and is of interest to them. From IP address to login credentials to timestamps and ecommerce activity, but also clicks, time spent on page or site, scrolling, hovering, and assorted navigation.

What is second-party data?

As a side note, there is also second-party data, which is first-party data, but sourced from a vendor or partner other than the company that ultimately uses it.

Ideally companies want to use a multi-channel approach to get a wider variety of data to create a more comprehensive picture of the customer, while avoiding duplication. Once collected, first-party data is stored in CRM platforms, and does require analysis and activation via other systems to be useful.

Some of the major uses and benefits of first-party data include:

• improved segmentation of different prospect or customer groups by interests, demographics, products, topics, etc.
• higher quality leads
• lower unsubscribe rates
• improved conversion rates
• increased revenue

This kind of data is most useful in aggregate, using many data points to build customer profiles, for example, used for targeting or marketing personalization activities. Or grouped to create larger anonymized demographic profiles. It also enables companies to retarget consumers with relevant messages or offers after they have engaged with the company, left the website, etc.

Increasingly, companies must also obtain consent to collect and use this data, for example, for the use of cookies and other tracking technologies on websites. Regulations also increasingly require companies to notify consumers of this type of data collection and, in some cases, to opt out of it, or at least opt out of the sale or certain uses of it. A Consent Management Platform (CMP) enables this notification and consent collection.

Third-party data, sometimes also referred to as external, aggregated, derived or purchased data, is obtained indirectly from advertisers, aggregators, and other sources. So it is not provided by the user or via their interactions or activities with a specific organization.

Third-party data typically needs to be aggregated with a lot of other first party and third-party data to be valuable, and sometimes consists of multiple datasets “stitched” together. What are examples of third-party data sources? They can include information like buying signals, e.g. if someone is in the market for a new car, demographic information,data obtained via 3rd party tracking technologies and more. It remains valuable particularly for modeling, lead generation and some other large scale operations.

Often when purchased, the purchaser does not know the source(s) of this data, its accuracy, how recent it is, or other often important criteria. A company’s competitors could also buy and be using the exact same data. Under many privacy laws, like the GDPR, data controllers are also responsible for data processors’ activities and privacy compliance, which would include vendors from which data is sourced.

With third-party data, the companies that need it aren’t able to be specific about what data they need, since, as noted, often they’re not the ones collecting it. With the high volume and disparate sources, the quality and relevance of the data can also be limited. On a small scale, this data may be less useful to companies, as it says little about who the user is or what their preferences are.

There have also been consent issues with collecting, processing, and selling this kind of data, as it is quite common for users to have no idea it’s been collected or sold, and thus no chance for them to object to it. As this Wharton School article notes, “Most people don’t know how much of their activities are being tracked.” Additionally, in the same piece, Elea Feit, senior fellow at Wharton Customer Analytics and Drexel marketing professor added, “Most companies are collecting data these days on all the interactions, on all the places that they touch customers in the normal course of doing business… Every time you interact with the company, you should expect that the company is recording that information and connecting it to you.”

Depending on the relevant regulation, not notifying customers or users during these interactions may be a violation of the required notification of users about data collection, purposes, and sharing with third parties, as well as the ability to opt in or out of collection, sharing, sale, or other certain uses.

Google has made several announcements over the past couple of years regarding the eventual end of third-party cookie use in the Chrome browser (which maintains majority market share). Learn more about what a “cookieless future” may look like, and why marketers need new data strategies: Are cookies the next tech dinosaur?

Google has also made proposals (and canceled some) for replacing the use of third-party cookies. Learn about FLoC and Topics and the Privacy Sandbox. Given that Google has also changed the end date for third-party cookie use and could also make (or change) other decisions, it makes sense for marketers to move toward smarter, more future proof solutions.

The most obvious difference between zero- and first-party data is source. Zero-party data comes directly, intentionally and voluntarily from the user. They know it is being collected because they are providing it — typically for some benefit to themselves — and for a specific purpose. This generally means the data is high quality and doesn’t require an additional request for consent, since the company simply wouldn’t have it if the user didn’t want them to. It can be useful and valuable without requiring aggregation and analysis. It enables the company collecting it to achieve specific purposes or goals.

Collection and use of zero-party data can be highly beneficial for marketing as it can improve conversion rates, enable better targeting, build trust, and generate positive experiences and long-term consumer relationships with the brand by demonstrating transparency, respect for the user’s preferences, and enabling personalized experiences.

First-party data collection more significantly benefits entities that are not the consumer. The data is collected using online technologies by the company that wants to use it. So this data is indirectly obtained. Without notification required by regulations, it is likely the consumer would not know it was being collected or why.

Consumers are not rewarded for the collection of this data and it doesn’t really have a role in improving brand relationships or trust, though it can be used to improve user experience and marketing personalization. First-party data quality is still reasonably high, certainly more so than third-party data, but generally less so than zero-party data. First-party data does need to be aggregated, and collection of enough of it to provide valuable insights can take some time. It also requires the user’s direct interaction with a website, ecommerce shop, app, etc.

Where regulations require it, first-party data can’t be collected without user notification and consent. It can provide enough information for individual identification in aggregate. For companies to ensure they obtain consent for collecting and use of this data correctly can be a lot of work without tools to automated functions. For example, many websites use a wide variety of cookies, trackers, and other web technologies. Manually adding each one, or defining custom ones, can take a lot of time and resources. However, a consent management solution like Usercentrics’ provides an extensive list of these services, so companies need only select them. Smart Data Protector also scans the web property regularly and detects any new technologies in use, so companies can ensure they stay compliant over time as they continue to collect first-party data.

Technology shifts are a big reason for companies to move away from the use of third-party data. For example, ad blockers and browser restrictions can make it increasingly hard to obtain this data in the first place.

Ad blockers continue to be popular browser add ons, and are getting more sophisticated in what formats they block and how many. Some blockers may only target popups. Others may pick up on JavaScript usage, or attempt to block all ads. Some ad blockers go further than ads, blocking tracking for analytics use, and can even interfere with cookies and technologies that enable or affect user experience with sites’ ability to function correctly.

Some browser providers are changing some default settings. This can include functions like removing URL tracking parameters, spoofing or stripping referrals IDs, or setting limits on if and how websites can store cookies on users’ browsers. Apple has introduced Intelligent Tracking Prevention (ITP) for Safari and Mozilla has Enhanced Tracking Protection on their Firefox browser. We noted earlier some of Google’s initiatives away from third-party data with Chrome.

As consumers become more aware of and concerned about privacy, and as more data privacy laws come into effect, the more technology will change away previously common methods of tracking and data access. Some of these will be precise, some won’t, and, as noted, will affect user experience beyond their intent. It’s important that marketers evolve their strategies to ensure continued access to and consistent quality data, as well as privacy compliance and earning user trust, as technologies and regulations evolve.

When companies do business online, website visitors, app users or ecommerce customers can often come from anywhere, and privacy laws generally cover people who live in a specific region, like the European Union, the country of Brazil, or the US state of Virginia. This means it doesn’t matter where the company collecting data is located. They have to comply with the laws of everywhere their customers or visitors reside if they want access to the first-party data collected from websites and apps. Given all the different places that have their own unique laws and legal requirements, this can be extremely complex and onerous, especially for small businesses.

Violations of these laws can be extremely expensive and damaging for companies, and that’s just the regulatory penalties and doesn’t even begin to take into account the brand reputation damage and potential loss of customers.

Many of the biggest tech companies, with tools and services used by millions of companies around the world every day, are based in the US. This requires transfers of data between the US and other countries where users (the source of data) and companies are. But the European Union, for example, has not had an adequacy agreement in place with the US since 2020. The two groups are working on it, but it will be some time before the original Privacy Shield is replaced.

Third-party data also is not a great investment. It is more poorly targeted and poor quality overall, which is why so much of it is needed in aggregate to produce useful insights. Perhaps this was the best companies could do with the technology available years ago, but marketing technologies can do so much better now, saving companies money, producing better results, and protecting brand reputations. Companies can now also combine their systems to better analyze and activate data, to ensure even better accuracy and campaigns once user consent and preferences are combined, for example.

Zero- and first-party data are more directly obtained, so companies can ensure it’s more specific, timely, and overall higher quality. They just need to have a strong data strategy to ensure they collect the right data at the right time, and get the necessary consent. These types of data can more easily be used to improve targeting and segmentation to improve conversion rates and revenue. They also help build specific customer trust and loyalty rather than only providing broad demographic-level insights.

The way zero- and first-party data are obtained and shared also provides better security and control to the company that collects it, enabling them to specify with what services (often third-parties) it is shared and for what purposes, like with server-side tagging. It also enables better integration with the platforms companies use to power their marketing operations, like a preference management solution.

In the past, it was commonly accepted that more data was the best strategy, regardless of its quality, where it was from, or whether its owners gave consent to use it (or even knew it was collected). Online businesses are rapidly moving away from that model, however, both because of regulations about data privacy and because they are realizing that large amounts of low-quality data just aren’t that valuable or beneficial in terms of specific needs, uses, and marketing goals.

Good marketing data management brings considerable benefits and enables companies to level up their marketing. It enables:

• better understanding of target customers with segments, personas, etc.
• personalized messaging for groups or even specific individuals
• more accurate and granular analysis of campaigns
• optimization of future campaigns, e.g. channels, messaging
• better lead nurturing through the funnel
• more accurate attribution of results and improved ROI calculations

Companies that are really ready to evolve their data strategy will start to dig into optimization strategies and tools to enable (or improve):

• data security
• data unification, organization, and attribution
• analysis and application of insights
• cross-company communication and collaboration

A perfect data strategy for marketing would involve large amounts of high-quality data. In the past that would have been more difficult and slow to get, and likely very expensive. But that is changing. It’s been proven that transparency and great user experience help build long-term relationships with users and customers, increasing engagement and lifetime value.

These strategies also drive higher consent rates and encourage consumers to provide companies they trust and enjoy engaging with with more data. In this way, companies don’t have to choose between volume of data and quality. They can achieve both, with happier customers and higher revenues. Combined with more sophisticated and better networked tools to store and activate that data, companies can drive their marketing operations with greater precision, control and reach to drive long-term engagement and revenue.