User consent is becoming a big topic within affiliate marketing — and one that is increasingly affecting affiliate tracking in the US market. In this article we hope to demonstrate that it is unfortunately not a non-issue in the USA. For affiliate marketers in the USA, consent **does** matter.
Three years ago there were only five US states with enacted privacy laws. Since then this number has grown to 20 with many more states going through the same process.
Consent is only one aspect of the affiliate model that can cause tracking losses. The more familiar matters underpinning losses (like incorrect tag management) are prevalent regardless of consent complications and are estimated to cause losses of up to 50% depending on the advertiser.
Learnings from Europe
Most marketers in the US know that Europe has strict rules on the setting of cookies. There are exceptions within the strict rules — in 2024 there was positive guidance for UK cashback and loyalty sites for tracking cookies to be seen as analytics and therefore essential.
For advertisers that decide that all cookies need permission, they need to implement technology to follow the legislation and often this is with a proprietary consent management platform.
US Consent Laws
In the USA, the most-commonly cited legislation is **CCPA**, which is a Californian law. As mentioned, many other states have similar legislation. All require consent for certain businesses where personal information is involved. The law principally provides consumers with:
- The right to know about the personal information a business collects - The right to delete personal information collected from them - The right to opt-out of the sale or sharing of their personal information - The right to non-discrimination for exercising their CCPA rights
It's not about cookies, but if a business uses cookies it needs to conclude if the use of the cookie and its contents comes within the scope of the legislation.
The Refresh Trap
Moonpull analysis shows that there are many businesses taking the view that affiliate marketing requires consent in the US. It doesn't matter if the consent management platform is intended to control affiliate tracking or not — sometimes it can operate to break first party affiliate tracking.
One example scenario:
1. A user arrives and prior to consent, the JavaScript for setting the first party cookie is withheld 2. The user gives consent, so the tracking can be enabled 3. The advertiser's site is coded to "release" the JavaScript tag when the user navigates to another page 4. The tag release happens on the navigation and it reads the URL of the new page 5. Unfortunately the URL of the new page does not contain the network's Affiliate Network Identifier 6. The tag therefore tries but fails to set a first party cookie
We call it the **"refresh trap"**, as a refresh of the page after giving consent usually triggers revisiting the page using the full landing URL that still contains the Affiliate Network Identifier. But normal users don't typically do such a refresh.
Consent Issues in the US
Technical issues arise due to advertisers having to implement a consent infrastructure to comply with CCPA that cause problems like the refresh trap. Commercial decisions to deem affiliate marketing as having personal information can lead to first party tracking being consent controlled.
For now, the impact of declined consent is mitigated by Chrome still recognising third party tracking within the hierarchy of tracking. This does not apply to tracking limited by Apple's ITP rules.
So consent causes lost sales globally. Across a portfolio of links losses are currently usually lower outside of Europe. For a specific program or product link, though, the advertiser's stance on the consent matter and its technical implementation are both important contributors to generating untracked sales.
What Can Be Done?
**For advertisers:** understand affiliate tracking, how it applies to your business and whether your affiliate tracking will get captured within your business's personal information use.
**For publishers:** be aware of tracking and consent issues and monitor to optimise your revenue, including having the right information for conversations with your partners.
**For agencies and networks:** be on top of both the actions for publishers and advertisers and represent affiliate marketing as a good first party channel.
Moonpull can show you examples where advertisers need consent from California but not Ohio, where consent platforms break tracking in unintended states, and where the refresh trap prevents cookie setting regardless of consent.
If you would like to see more of how Moonpull can benefit your business, we'd love to hear from you. Please get in touch via our [contact page](/contact).