Children are at the center of a new front in the conflict over privacy rules. In 2011, the FTC proposed to expand the scope of the Children’s Online Privacy Protection Act (COPPA) by broadening the meaning of “personal information” to include any unique identifier that can link the activities of a child (or anyone else who happens to visit a designated child-friendly web site) across multiple web sites. Now, Mediapost’s Wendy Davis reports that the IAB has filed a comment with the FTC in opposition to these plans, suggesting that its proposal “would restrict children’s access to online resources by undermining the prevailing business model” and “pose technical challenges to the effective functioning of the online ecosystem.”

As is the norm in these situations, a coalition of advocates also argues that the proposed rules don’t go far enough. There are plenty of resources that analyze the details of this dialog, but the question I like to ponder is this: how disruptive to the online marketing establishment is the idea (strongly advocated by many) of dispensing with multi-site unique id’s altogether?  Some argue this is an academic question, since even if persistent third-party cookies were banned – or “do not track” headers set by default – other techniques, such as fingerprinting or server-side first-party ID matching would quickly take their place and be much more challenging to regulate. There are, however, a few technically plausible scenarios that could effectively block all tracking. For example, widespread adoption of ISP-provided cloud-based privacy proxy servers could insulate web sites and ad networks from any unauthorized direct interaction with user devices. (Technical details are left as an exercise for the reader.) A shift in policies that govern ISP liability for privacy violations might trigger such a movement, although to be clear I don’t expect this to happen any time soon. 

If something like this were to occur, would it lead to the end of programmatic targeting and optimization and a return to the old-fashioned ways of acquiring media, one run-of-site IO at a time? Would it roll back the whole attribution movement and return us to the dark ages of Wanamaker’s 50-percent-wasted advertising? My answer is no.

First, any web site can still insist on some sort of login (likely benefitting Facebook) at which point the user is identified, and once again trackable and targetable across sites. Users might need more incentives than they currently get for taking this extra step, but I suspect the industry is up to the challenge.

Second, and more controversially, I believe unique identifiers aren’t always necessary or even optimal for running targeted ads. I’ll be elaborating on this at Gartner’s upcoming Symposium in October, but, as we’ve been discussing on my previous blog post, campaigns that tell stories in a serialized arc may need to retain no more information about a user than what story is being told and what chapter we’re on. Since that’s not unique, it avoids the entire “personal information” problem entirely. Yet, it still retains the most essential attribution data: a sequential record of interactions leading to a conversion. Such tactics may work better on guaranteed campaigns, which don’t require cookies to facilitate a real-time bidding process, but this prospect should be attractive to both brands and publishers.

So, maybe disrupting the disruptors with stronger privacy norms could actually evolve rather than turn back the digital marketing tide.