What is zero-party data and why does it matter now?

In a 2022 survey, McKinsey found that personalization can cut customer acquisition costs in half and increase marketing ROI by a third. In the same survey, 85% of customers say that knowing a company’s data privacy policy is important before making a purchase. 

Consumers respond well to personalization and they want to be in control of what personal information is being used to interact with them. Data-driven marketing can be perceived as problematic and even invasive, and a new quantum wave of legislation and technology that will sublimate the collection and use of data in the marketplace, and the future of personalization.

There is an ongoing wave of new, extensive data privacy legislation to safeguard the consumer’s right to control how they are recognized by brands, and service providers, such as Google and Apple, are eliminating support for third-party cookies used to track users altogether by 2024. 

There isn’t a perfect replacement for the loss of third-party data, but if you want to continue (or start) personalization and profile enrichment in the future, here is how to start assessing the most critical steps for your platform, such as replacing the third-party cookies that help you operate today, the data you collect on customers, or the data that you share out (including partners) while factoring in for data privacy protection, security, and customer experience (CX).

Types of consumer data

Consumer data can be understood in terms of its relationship to the individual, channel ownership, and collection method. 

Consumer data generally includes a user’s self-reported information about themselves, which is zero-party data, as well as their activity across channels and devices, or first-party data, and data that is presumed to be true about a user based on modeling, which can be generally defined as inferred data. 

This chart from Forrester clearly lays out the differences between inferred, observed, and self-reported data:

w0QrIjttqvHNXT1oQNjrKhlj1RdVc4c6gJLiL5KfiEf7Kjnb8tw5uEGkWfxQYTOhkElByX9wOvFooi8Pvebn6uAKXLfuDV0b Xlp Ex9jUgDCVe5jA AnRAUfMdu0pvSwofvFh8JO U5oCH4qTjcV20

Citation: “How To Collect Zero- And First-Party Data You’ll Actually Use,” Forrester Research, Inc., June 22, 2023.

This post covers three common types of consumer data.

Zero-party data

Forrester coined the term “zero-party data (ZPD)” for the “data that a consumer intentionally and proactively shares about herself” when she interacts directly with your brand. This can include:

  • Preference center data: email notification frequency, shipping address
  • Purchase preferences: “How was your last order?”
  • Personal context: content interests
  • How the consumer wants to be recognized: coffee aficionado, dog dad, cat person

ZPD is likely the most accurate information you have about your consumer in a given context because it’s provided directly by the consumer, in the moment

ZPD does not require any analysis to be understood as data about the user because it is from the user, but it can be used with other information you have about the user to enhance personalization.

First-party data

First-party data (FPD) is information collected with prior consent from a known user from your audience or community about their interactions across the channels that you own, such as web activity, social media, or purchase history and other transactions. This can also include: 

  • Loyalty membership activity
  • Salesforce customer churn rate
  • Mailing address

FPD is typically used to aid in user behavior data analysis and CX for activation. It’s probably already being used by your organization for some use cases, such as knowing a user’s purchase history (FPD), and sending them a targeted email to review their purchase (ZPD), or sending special offers to users (ZPD) based on their previous browsing activity (FPD).

Third-party data

Third-party data (TPD) is information gleaned from external sources without direct knowledge or consent of the user. Examples include:

  • Behavior data purchased from Social Media
  • Inferred household income
  • Public demographic information
  • Device ID
  • Purchase preferences

TPD is aggregated data from a provider that has no direct relationship to the user.

Although TPD has played a huge role in interoperability as the scaffolding for how we identify users and connect services, like knowing when a customer has switched from their computer browser to a native app on their phone. 

When users go anonymous, tracking IDs and other identifiers can only be done by encouraging users to opt-in and/or sign in, and previously collected TPD will only become more stale or inaccurate due to its historical nature

Going cookieless with ZPD

To address interoperability lost to third-party data deprecation, it is important to consider use cases where TPD is being used, and how to get the same information by collecting ZPD from your user now

Digital marketing currently leverages third-party data about a user until they convert. In a Cookieless world, users will have to opt-in in order for marketers to get to know them.

Instead of marketers waiting for customers to join the loyalty program after they’ve made a purchase, brand value perception will be assessed at every transaction, and many users will choose to stay anonymous or abandon the platform entirely if they don’t feel like it’s worth signing up. 

Brands that proactively convey the benefits of having a secure, ongoing (consenting!) relationship will get to learn what registered users want to see, share, and buy next. 

Customer engagement touchpoints will become more broad and curated, giving marketers new opportunities to improve CX by learning directly about your consumer with personalized messaging, and drive loyalty with CX, as well as maintain your existing platform. 

Because ZPD is collected from consented, known users, instead of from aggregate sources, ZPD is the most accurate and contextually relevant information you have about your user in between transactions.

Cookieless marketing is all about context — if a user clicked on a Facebook ad for a timeshare in Hawaii during the holidays three years ago, it might look a little creepy asking if they want to go there this year for New Year’s Eve, especially if they never directly consented for you to know that. 

Instead, ask them where they want to go next and offer suggestions for deals based on preferences they express with you at that moment. Brands can use ZPD to offer solutions that are hyperpersonal to their consumers.

ZPD is direct from the consumer now, in their words, who they are today, and what they want now.


KuBDiYtZBGyXlh3uKdjgFSvt vAhw7Zk51WRqRe4JaDouAyqI3bKCfZyP3pFhR7vXaqmxNP4P 9DHD 1zU TebLzYLZN A 9c51COBGaQMEECayZ8fhntuxjrrU5ve3zzne6LOcLvZZq9a8YWUkn1Ao


Asking a few granular questions in-app, such as progressive profiling, in the form of quizzes and other gamified interactions about a user’s current habits that reveal recommendations and unlock deals are friendly and relevant, and improve customer loyalty.

By balancing curiosity with the information you want, you can use the ZPD your users give you to instantly personalize their experience and build a personal connection to be in community with the brand. 

Data privacy and CX

Brands pay big penalties when users are coerced into purchasing a product or when they take users’ data and use it without their consent. A notable marketing company recently paid $18.5M to the FTC for falsely suggesting that making a purchase was the only way to enter a popular sweepstakes.

And it isn’t just users who are misled by dark patterns, which are experiences that are designed to manipulate or coerce. 

Even now, security is a mutual exchange of value with the consumer: If users can safely authenticate, brands can protect the integrity and security of their data against fraud.

CHEQ estimates that in 2022, $35.7M of advertising budget was wasted on fake or fraudulent traffic due to one in ten website visitors being bots or malicious actors. 

  • Marketing fraud generates its own cost, and ensuring users have safe ways to sign in with data privacy baked in will go a long way to stay ahead of the riff-raff.

Summary: The business value of ZPD 

ZPD collection is part of the consumer lifecycle because it is the bridge between an anonymous user, the signup button, and asking your user about their preferences and interests in order to deliver them the next experience, like helping them choose what movie they want to watch next.

Transactional messages will be part of an ongoing conversation with your consumer, and ZPD is information you have about your user collected by you in real-time, so you don’t have to wait to understand them behind the scenes until the next transaction to start personalizing.

  • Any ZPD that is shared is unique to your brand, direct from the consumer, and based on a level of trust that the user has in your brand because consumers are fully aware of what data is being collected.
  • For marketers, collecting ZPD is an opportunity to make a transparent bid for data and build credibility by making customers aware of why you are interacting with them and how that information is going to be used. 
  • The act of sharing ZPD is an indication of initial brand trust to want to opt-in in the first place. 

Greater interactivity means more opportunities to share data for more engaging experiences, and ZPD will potentially play a large role in how web3 and AI-driven personalization will develop as the optics for data privacy are better understood.

Realizing the value of ZPD with Customer Identity 

Forrester’s 2023 data shows that over one-third of marketing decision-makers consider creating a single view of the customer across channels and interactions as their biggest challenge with marketing execution.

CIAM covers authentication and authorization touch points and data that are vital for marketers who want to curate more relevant customer experiences at and in between transactions. 

When the web becomes largely anonymous, brands will only be able to learn more about users when they opt in and sign up.

CIAM solutions make it easy for your users to consent and sign in, and support a secure transition from data deprecation to consumer-driven platforms by providing Identity governance tools backed by industry-led best practices and expertise to help you scale as you build

The easier it is to sign in, the more likely users will convert, and CIAM solutions create a central, secure, and verified Customer Identity, with authentication methods that balance CX and fraud protection such as passwordless and adaptive authentication and bot detection. 

In order to design digital experiences like preference surveys and other CX that capture high-quality ZPD from your customers, CIAM solutions on the market also offer agile tools to swiftly build and deploy new ways of interacting with users to collect consumer data that can keep up with marketing cadence without compromising on data privacy or CX. 

CIAM helps your brand grow and maintain an accurate view of who is really using your services, from visitors to shoppers, and convert in a Cookieless world.

ZPD is your source of truth for personalization, and CIAM is your source of truth for Customer Identity. 

To learn more about how Okta CIC powered by Auth0 can help your ZPD strategy, click here.

These materials and any recommendations within are not legal, privacy, security, compliance, or business advice. These materials are intended for general informational purposes only and may not reflect the most current security, privacy, and legal developments nor all relevant issues. You are responsible for obtaining legal, security, privacy, compliance, or business advice from your own lawyer or other professional advisor and should not rely on the recommendations herein. Okta is not liable to you for any loss or damages that may result from your implementation of any recommendations in these materials. Okta makes no representations, warranties, or other assurances regarding the content of these materials. Information regarding Okta's contractual assurances to its customers can be found at okta.com/agreements.