The difference between first, second, and third-party data is how it’s collected.

The Difference Between Zero, First, Second and Third-Party Data

Since we launched our suite of privacy solutions, it has generated a lot of interest and educational requests regarding the difference between first, second, and third-party data—as well as zero-party data. We thought we would take this opportunity to share the differences, as well as our perspective on the future of the industry.

If you’re working in marketing and you’re worth your salt, you won’t be surprised when I say that there are seismic changes happening related to data collection. 

With everything going on in the market (third-party identifier deprecation, regulations like GDPR, etc.), companies have to rethink how they approach consumer data. You can no longer just “set it and forget it” when it comes to marketing decisions and spend.

You now face the challenge of getting the same conversions in a completely new way—so businesses are investing big in data to drive marketing and other strategic decisions.

But to stay in compliance and generate real trust with your customers, you have to use this data well. You have to understand the difference between first, second, and third-party data—and especially zero-party data.

Getting a good grip on data sources is key to making smarter decisions as the future of marketing is shaped by technology, legislation, and consumer consent. 

Why data language matters

As a consumer, I can understand if you’re storing data within a cookie for my login. If you’re storing things in my shopping cart, that makes sense too. I even appreciate it if you’re paying attention to what I’m shopping for on your website. If I buy something and you ship it to me, I’d like for you to remember that so you can expedite the next purchase and delivery. 

When I engage with your brand, I want you to know something about me and to retain that knowledge to service me in the manner I expect. 

However, I’d also like to understand what data I generate. 

And I’d like to be in control. 

My data belongs to me first.

But that’s the end of the line for what the average consumer thinks about their data. 

As marketers, we think about data a whole lot more and know that it comes from different places. 

But the language that we use to identify the different types of data gets a little clunky. We refer to the data as zero-party, first-party, second-party, and third-party. But most average people have likely never heard of these terms before.

Breaking down the difference between first, second and third-party data. Zero-Party Data: Information that a consumer actively and freely shares. First-Party Data: Information a company directly collects about consumers as the consumer interacts with their brand. Second-Party Data: Another company's first-party data that your company has permission to use, enforced by contractual agreements. Third-Party Data: Information aggregated from a number of public and non-public sources that may not be given explicitly by the consumer.

The difference between zero, first, second, and third-party data comes down to how it is obtained. Either the consumer gives it up willingly, or it’s shared by another company. 

  • 0-party data: Shared with a brand by a consumer.
  • 1st-party data: Collected by a brand as the result of consumer interactions.
  • 2nd-party data: First-party data shared with another company through a contractual agreement.
  • 3rd-party data: Aggregated data from a variety of sources.

The ethical lines get a little blurry when it comes to how these other companies are collecting data. Some of it is collected without the consumer’s knowledge—and that’s why there is some pushback when it comes to consumer data collection for marketing.

What is zero-party data? 

Zero- and first-party data are easily conflated in traditional definitions, so we need to increase our precision. 

Zero-party data is the data you freely share with a brand.

When you fill out a survey and share your preference with a brand or submit a personal story through a social media competition, that’s zero-party data.

In more colloquial terms, it’s your data. You control it (or at least you should). It’s our belief that the arrow of time is bending toward zero-party control and personal identity control. 

Will you decide to share your mobile ad ID with companies and brands? That possibility didn’t exist ten years ago, and in another decade, we fully believe zero-party control (or personal identity management) will be the new standard. 

The trend on the ever-closer horizon is an increased importance of consented relationships on a first-party basis with the brands you deal with, and the partnerships they have with other brands.

Related content: How people and brands can take back their data—and their relationships

What is first-party data?

The first-party data definition includes information a company directly collects about you when you’re interacting with their brand, like:

  • What products you’re looking at
  • What you subscribe to
  • What’s in your shopping cart

This data may be collected anonymously, but the most valuable interaction happens after you identify yourself to the brand (either through a login, paywall, purchase, consent, and/or registration). First-party data is used to identify your interests and show you more relevant advertising content.

Out of 1st, 2nd and 3rd party data, first-party is the most important and most valuable to a marketer.

The most powerful first-party data collectors are Google and Facebook. 

Their services are so integrated into our digital lives that they have been able to grow exponentially. Facebook alone reaches a third of the world, and with most users checking in daily, that’s a lot of exposure. 

The average brand just doesn’t see you or interact with you that often. 

All that audience data and exposure puts Google and Facebook at the top of the digital food chain when it comes to controlling the largest share of the ad-spend market.

What is second-party data?

Second-party data refers to someone else’s first-party data that your brand has permission to use. This data use is enforced by contractual agreements and occasionally a digital ledger that maintains the permission the consumer has given. 

These mutually beneficial partnerships are popping up more frequently, because brands don’t want to be left to the whims of walled gardens—a few large companies like Facebook, Google, Amazon, Apple, etc. 

To bring the media control back within their own walls, brands and publishers are:

  • Investing more in their own first-party data and identity technology stacks
  • Creating their own secure identity graphs
  • Building trusted relationships with customers

They’re using the personally identifiable information (PII) shared by their trusting customers to create a common view of that person to serve them better. This view can be used across their brand, within their sub-brands—and with trusted partners (second parties). 

What is third-party data?

The data that’s been getting all the headlines is third-party data. If there is a marketing boogeyman behind some of the most salacious articles, they’re likely collecting troves and troves of third-party data.

Third-party data is information from people that’s been aggregated from a number of different sources. 

The catch is that this data may not have been provided explicitly by the person who created it. 

Third-party data started getting attention when the Internet created a ton of web behavioral exhaust, which accumulated on vast arrays of servers all over the world. The atomic element for this type of data was a little temporary storage device called a cookie

Entire advertising industries were invented around acquiring and managing data within cookies.

Now, the third-party cookie is responsible for many of the shifts happening in marketing today. It all comes down to how these third-party cookies work.

Entities you have no direct relationship with as a consumer gather data about you within third-party cookies. These cookies are set by companies other than the site you are visiting. They collect anonymous information to power advertising, driving a large portion of the content the world consumes.  

Related content: No Third-Party Cookies? No Problem [Webinar]

As Google, Apple, and Firefox browsers restrict these third-party cookies, they disrupt a large portion of the monetization of the Internet. Google and Apple have the vast majority of browser usage (~70+%) and a duopoly of mobile devices. They control many of the rules that advertisers must adhere to. 

And the more they restrict data under the veil of privacy, they also cement their position of power. The rest of the industry built around the cookie slowly dies. With that, companies like MediaMath, Adobe, LiveRamp, and Neustar have to invent new methods for publishers and advertisers to serve relevant ads.

Despite the quality difference between first, second, and third-party data, cookies have been a big part of informing marketing decisions and change will be hard. Now that cookie restrictions make some of those platforms unusable—or at least less responsive—marketers face the challenge of finding a completely new method of achieving the same conversions.

Privacy protocols and zero-party data are the future

Ideally, however, individuals, as in real people, would have more control over how all of this is happening. Often, a person doesn’t truly have a complete view of how their information is being passed around. 

Zero-party control will ultimately address this. 

You, as a consumer, will maintain your own unique and persistent ID that can be leveraged by platforms, brands, publishers, and anyone else that you give permission to use it. Digital rights to your information and proper pseudonymization should be embedded within the chain. 

Personal identity and privacy rights should be enforced through trusted proxies that enable them. Project Rearc from the Interactive Advertising Bureau (IAB), which begins to define the standards and protocols around such mechanisms, is a start. 

But over the next 10 years, there will have to be many inventions created in order for true zero-party control to come to fruition. 

There is hope that it will happen faster, but there are decades of internet economic debt to rebuild under a new paradigm of personal rights.

Want to learn how FullContact is working to make zero-party control a reality? Let’s talk

We’ve got a few solutions up our sleeves that give both brands and consumers more control over their data. 

Check out:

Recent Blogs