AdTech has a challenge with privacy. Historically the problem has grown mostly under the radar for the general public. A quick history overview:
When the internet grew into an advertising medium, organizations used to treat websites as they had TV networks or magazines. Ad impressions were bought based on size and demographics of the audience (e.g. by Comscore and Nielsen). It was soon clear that websites were not like traditional media. Millions of websites and their traffic was hopelessly fragmented in ways that made it impossible to scale an audience by buying ads on individual sites. As was the case with a few dozen TV channels before.
Ad networks soon arose as site aggregators but they, too, became fragmented and unwieldy. Early ones like Yahoo and Google used their ability to index the entire web with keywords, and contextually target relevant ads in their networks. Commonly known in the industry as contextual advertising, this approach still provides a significant revenue stream for Google. Then, DoubleClick (prior to the Google acquisition in 2008) developed a more effective targeting solution. This got known as ‘behavioral advertising’. The principle was based on two properties:
1- Websites could store small, persistent data files called cookies in users’ browsers.
2- Webpages could reference assets on other domains using image tags (Beacons or Tracking Pixels). These tags could store their own cookies and thus track user behavior across all sites. These cookies became known as third-party cookies (TPCs).
TPCs gave rise to large collections of behavioral data, enabling advertisers to push ads based on much more granular behavioral categories like “in-market for a car” or “travel enthusiast”. TPCs could be synchronized using browser redirects, allowing sharing of browsing data from every site visit. Even if the advertiser’s own tracking pixels weren’t there. Vast real-time bidding (RTB) markets appeared where advertisers could bid on consumers as they became visible on the web. Advertisers could identify users on virtually any website using website retargeting. A supply chain emerged around RTB markets consisting of demand-side platforms (DSPs) on the buy side and supply-side platforms (SSPs) on the sell side. In the middle were ad exchanges and data management platforms (DMPs) that allowed all participants to merge and synchronize their first-party data with the third-party ecosystem.
Though claimed ‘anonymous’ data processing, we now at least know better. Some data providers made personally identifiable data collected from public records and other sources available to synchronize with cookies. This enabled the linking of personal information to browsing data. Once disseminated, there was no way for a user, marketer or publisher to control that information, and abuse quickly ensued. Also, the level of detail in these datasets continued to grow almost exponentially.
Then, law caught up. First, translations of the e-Privacy Directive (in telecommunications acts), later the GDPR challenged the foundation of cookie-based data collection. They explicitly declared any data that could be associated with a natural person to be personal data. So what now? TPCs are about to become a thing of the past. Will it be all first-party stuff then?
My colleagues Nader Henein and Andrew Frank wrote about these matters in more detail: Successfully Transition to Privacy-Preserving Marketing and Adtech. This includes:
Bad habits to avoid:
– Dark Patterns in Customer Experience Design
– Fingerprinting as an Alternative to TPCs
Good habits to adopt:
– Data Clean Rooms
– Privacy-Preserving Analytics
– Persona / cohort targeting and identity beyond the cookie
Initiatives to Watch:
As TPCs are retired, alternative approaches are emerging. Initiatives come from browser manufacturers and large data platforms alike to create a new ecosystem. One where privacy hopefully can be preserved better. Aside from strict default-setting browsers like Brave, the following initiatives will most certainly change the adtech industry over the coming 12 months:
- Google’s privacy sandbox A project to provide an alternative to TPCs and limit fingerprinting. Though there are counter responses already.
- IAB’s Project Rearc Seeks to rearchitect digital marketing.
- Facebook’s partially blind signatures A new approach to reporting events, such as ad clicks with greater anonymity
- Apple’s privacy-preserving ad click attribution Creates an alternative where ad click attribution doesn’t require cross-site tracking of users
Now that the history lesson has concluded, let’s see if we can do better in the future. That future starts today.
Stay safe, stay inside (for now), and be well!