Identity is at the foundation of digital advertising. It enables the individualisation of people to optimise the delivery of ads, display different messages to different groups of people, and measure the performance of these actions. Identity can be described as a three-dimensional topic:
unique identifier available across the different websites or applications (cross-domain) visited on a given device
identifier connecting various Device IDs together to provide a cross-device view of a person
ID enabling the reconciliation of a customer’s online identity (ie. its Device or User ID) with offline identification information (such as an email address or a phone number).
This guide is focused on web-based identity. The purpose of the guide is to explain how identity works today on the web and what will change with the deprecation of third-party cookies. This guide will also outline the solutions available to solve the identification challenge and give guidance on how the industry can prepare for the future.
For the past 10 years, the industry has been relying on 3rd party cookies as the main vehicle to store identifiers on web users. These cookies are domain-specific and can only be read by the server who created them. Technology platforms need to synchronise IDs with each other to create a common reference and share user-level information. This process is called “cookie matching”. It takes place on advertiser and publisher websites and creates many issues:
Cookie matching represents a distribution of personal data which doesn’t comply with the requirements of regulations such as GDPR and CCPA in terms of control and transparency
Because of cookie matching, user data can be accessed by companies who have no business relationships with advertisers and publishers, putting their data at risk
Cookie matching causes page latency as more than 100 pixels are called simultaneously when a user visits a web page, delaying the full rendering of content and slowing down navigation
The pool of identifiable users is reduced by 10-20% each time platforms match IDs with each other, creating lost opportunities for publishers to monetise their assets and for advertisers to reach their audiences
A recent study by Google estimated that the ability to identify users accounts for 50 to 60% of publishers’ ad revenue.
This analysis is confirmed in Bidswitch’s Programmatic Insights 2019 report, showing that eCPM are 50% lower on Safari & Firefox (where 3rd party cookies are blocked and therefore user IDs are unavailable) vs. Chrome.
The current identification process based on 3rd party cookies will soon be obsolete. This is a great opportunity for the industry to reinvent itself and to develop a new, better identification process.
There are 2 different paths to solving the identification challenge in a post-cookie, privacy-first era:
In an effort to alleviate privacy concerns and scrutiny from the regulators, and to prevent individual user information to be shared with the ecosystem, some initiatives have focused on local data processing (at the edge, ie. in the browser or on the device). Based on the Federated Learning approach, this method is mostly promoted by Google’s Chrome browser in the form of its Privacy Sandbox initiative. Although in its infancy at this stage, Chrome’s Privacy Sandbox promises to provide technology platforms with APIs to collect aggregated (cohort-level) data about user profiles, as well as aggregated campaign performance data.
Although in principle satisfying from a privacy standpoint (no user-level data would leave the device), this approach presents several challenges and raises significant concerns:
Will a cohort-based approach to targeting & attribution be as efficient as the current user-based solutions?
Will it be competitive with the user-based solutions that will remain available within the walls of the large platforms?
Will ad tech vendors and their clients be able to build competitive advantage by using a common and aggregated dataset?
What happens if each browser builds their own rulesets and features to qualify users and measure campaign performance?
Should publishers, brands and their technology partners be even more dependent from a handful of dominant players, who will define the rules of user qualification, targeting, and performance measurement?
Google will start to phase out cookies by 2022. As an industry, we only have a few months to get ready for this deadline. Creating a new, stronger, and more privacy-compliant identification framework is in everyone’s best interest: