The Advertising Identity Guide

What is identity?

Identity is at the foundation of digital advertising. It enables the individualisation of people to optimise the delivery of ads, display different messages to different groups of people, and measure the performance of these actions. Identity can be described as a three-dimensional topic:

Device ID:

unique identifier available across the different websites or applications (cross-domain) visited on a given device

User ID:

identifier connecting various Device IDs together to provide a cross-device view of a person

Customer ID:

ID enabling the reconciliation of a customer’s online identity (ie. its Device or User ID) with offline identification information (such as an email address or a phone number).

This guide is focused on web-based identity. The purpose of the guide is to explain how identity works today on the web and what will change with the deprecation of third-party cookies. This guide will also outline the solutions available to solve the identification challenge and give guidance on how the industry can prepare for the future.

How does it work today on the web?

For the past 10 years, the industry has been relying on 3rd party cookies as the main vehicle to store identifiers on web users. These cookies are domain-specific and can only be read by the server who created them. Technology platforms need to synchronise IDs with each other to create a common reference and share user-level information. This process is called “cookie matching”. It takes place on advertiser and publisher websites and creates many issues:

Privacy compliance

Cookie matching represents a distribution of personal data which doesn’t comply with the requirements of regulations such as GDPR and CCPA in terms of control and transparency

Data leakage

Because of cookie matching, user data can be accessed by companies who have no business relationships with advertisers and publishers, putting their data at risk


Cookie matching causes page latency as more than 100 pixels are called simultaneously when a user visits a web page, delaying the full rendering of content and slowing down navigation

Value loss

The pool of identifiable users is reduced by 10-20% each time platforms match IDs with each other, creating lost opportunities for publishers to monetise their assets and for advertisers to reach their audiences

A recent study by Google estimated that the ability to identify users accounts for 50 to 60% of publishers’ ad revenue.

This analysis is confirmed in Bidswitch’s Programmatic Insights 2019 report, showing that eCPM are 50% lower on Safari & Firefox (where 3rd party cookies are blocked and therefore user IDs are unavailable) vs. Chrome.

Solutions & opportunities

The current identification process based on 3rd party cookies will soon be obsolete. This is a great opportunity for the industry to reinvent itself and to develop a new, better identification process.

There are 2 different paths to solving the identification challenge in a post-cookie, privacy-first era:

Cohort solutions

In an effort to alleviate privacy concerns and scrutiny from the regulators, and to prevent individual user information to be shared with the ecosystem, some initiatives have focused on local data processing (at the edge, ie. in the browser or on the device). Based on the Federated Learning approach, this method is mostly promoted by Google’s Chrome browser in the form of its Privacy Sandbox initiative. Although in its infancy at this stage, Chrome’s Privacy Sandbox promises to provide technology platforms with APIs to collect aggregated (cohort-level) data about user profiles, as well as aggregated campaign performance data.

Although in principle satisfying from a privacy standpoint (no user-level data would leave the device), this approach presents several challenges and raises significant concerns:


Will a cohort-based approach to targeting & attribution be as efficient as the current user-based solutions?


Will it be competitive with the user-based solutions that will remain available within the walls of the large platforms?


Will ad tech vendors and their clients be able to build competitive advantage by using a common and aggregated dataset?


What happens if each browser builds their own rulesets and features to qualify users and measure campaign performance?


Should publishers, brands and their technology partners be even more dependent from a handful of dominant players, who will define the rules of user qualification, targeting, and performance measurement?

Shared User ID solutions

Declared identifiers

When users provide a piece of information (like an e-mail or a phone number) to identify themselves on a website, this information can be used as a consistent identifier by all the websites that have collected it. They can be hashed and then passed along the adtech value chain and used as a unique identifier by brands to collect information, deliver messages and measure the performance of campaigns on their audiences.

Login alliances have emerged to facilitate the collection of declared identifiers across publishers. By providing a shared login solution for consumers across websites, these initiatives improve user experience while facilitating the collection of declared identifiers by publishers.

Inferred identifiers

When a user connects to a website, passive identification signals such as IP address and the device’s user agent are shared via the HTTP Protocol. These signals can be processed by algorithms to infer the uniqueness of a user across websites, and create a pseudonymous identifier able to power advertising use cases. Because some of the signals are considered personal data (inc. IP addresses), user consent is required for this identification method to comply with regulations like the GDPR or the CCPA.

Both declared and inferred identifiers can be collected and stored by publishers in a first party context (in a 1st party cookie, in local storage, or in a server-side database). They are therefore viable in a 3rd party cookie-less world, and can be used as a “common currency” between buyers and sellers of digital advertising.

Prepare for the future

Google will start to phase out cookies by 2022. As an industry, we only have a few months to get ready for this deadline. Creating a new, stronger, and more privacy-compliant identification framework is in everyone’s best interest:

  • Publishers will improve their consumers’ experience and maximise the value of their inventory and data assets
  • Advertisers and agencies will have better access to digital audiences and will benefit from a more competitive marketplace
  • Technology vendors will maintain their ability to differentiate from each other and provide their clients with innovative digital advertising capabilities

Here are some recommendations on what each stakeholder can do to support the development of this new identity infrastructure:


  • Quantify the problem: look at CPMs on Safari and Firefox - what’s the value of your cookie-less traffic?
  • Define your product strategy to maximise engagement with consumers, maximise consent and encourage logins
  • Participate in industry initiatives (Project Rearc from the IAB) and adopt services available in the marketplace (such as Prebid’s ID modules) to help define the future of identity


  • Isolate and evaluate the importance of identity-based strategies
  • Define use cases to test alternatives to 3rd party cookie-based IDs
  • Engage the discussion with your technology partners (DSPs, DMPs, ad server, attribution vendor) to test these solutions
  • Participate in industry initiatives (Project Rearc from the IAB)


  • Prioritise identity-related projects in your 2-year product roadmap
  • Evaluate different identity solutions to discover what’s best aligned to your product and your customers goals
  • Look for “quick win” implementations to build experience and business cases

To find out more about the importance of identity for digital advertising and the solution to the deprecation of 3rd Party cookies, fill the form below and get in touch with ID5.