What Do We Actually Mean by “Cookieless”?

There’s a perception that first-party data is just login demographic data, but it’s so much more than that.

First-party data is all sorts of things, such as contextual and behavioral data. It also includes site navigation patterns and single session page views, time spent on the page, frequency and recency, not to mention multi-session interest topics, and ad placement analytics.

It’s rich data publishers can use because it’s more privacy-forward than third-party cookies. It’s more than contextual, as mentioned before, but it can also scale across all channels (i.e., tablet, CTV, mobile app, desktop) and browsers.

Lastly, first-party data can offer much more accuracy in terms of targeting than third-party cookies. And with them deprecating, now is the time to shift the focus to first-party data. 

Some issues with third-party cookies regarding targeting tactics include:

• Fragmented media buying based on various solutions available across browsers and platforms.
• Campaign reach may be impacted given the likelihood of overlap in targeting strategy due to competition solutions.

The solution would be to consider first-party data, including the publisher’s proprietary IDs, analytical data, and audience segmentation, to run a more successful campaign. Tools powering first-party data matching will become valuable assets to campaign buyers. And lastly, publishers can define audiences based on first-party data to help shape first-party execution.

How Will Third-Party Cookie Deprecation Impact the Market?

Google Chrome has a ⅔ market share, so the impact will be monumental once they deprecate third-party cookies in 2024. The four most significant effects it’ll have are:

– Identity and Ad Targeting: One of the main reasons privacy regulations have come to the forefront is the way third-party cookies collect user data and transfer it to third parties. A proposed alternative is the Privacy Sandbox based on cohort analysis rather than individual user data. There are also universal IDs that can significantly expand the reach of advertising campaigns. This multi-channel and cross-platform offers more advanced and secure identifying and targeting features than third-party cookies. By using first-party data solutions, consumers can have better control over their privacy preferences. Not to mention contextual targeting, which emphasizes content and keywords over-relying on personal information.

– Ad Fraud: Many believe doing away with third-party cookies will increase ad fraud, which is simply not the case. Ad fraud is already rampant and underreported. For instance, bots can dump and get new cookies like users can when they clear cookies from their browsers. Bots can also pretend to be any audience segment an advertiser wants, hurting advertisers by paying for higher CPMs. They can also trick search and cart abandonment retargeting algorithms and way more. So with these practices and more being lost with third-party cookies, less money will be lost to fraud.

– Cost Savings and Better Outcomes: Advertisers can personalize their customer experience better, use CRM retargeting, make the most of first-party data, and use contextual advertising. 

3 Must-Haves in Your Cookieless Arsenal:

Among other considerations, exploring and using tools from companies that have established a presence for the target audience is a great way to fill in the gaps while considering first-party data. It’s also worth taking the time to consider building partnerships to match data and stay privacy-forward. 

As a result, consider these three must-haves for when third-party cookies finally deprecate: 

Data collection optimization — Publishers define a data strategy and decide what data is valuable for targeting purposes.

Industry or first-party identity solutions — Publishers with a significant amount of login information and the right to use it should focus on adopting an industry identity solution or developing a first-party identity solution, enhancing user privacy controls. 

Platform participation preparation — All publishers should prepare to participate in platform solutions, like Google’s Privacy Sandbox. They should work with their partners to understand and prepare for the changes. 

If you want to learn more about addressability and how to unleash your first-party data, check out our Privacy and Identity Prepper Playbook for Publishers.

The post Armed and Cookieless: 3 Must-Haves for Publishers in a First-Party Data World appeared first on TripleLift.

Preparing for Privacy Regulation

Over the years, we’ve seen numerous regional and country-specific data privacy laws and regulations come into play. From the GDPR to the Colorado Privacy Act (CPA) and everything in between, publishers have continually had to shift strategies and optimize to stay compliant. And just when you think you’ve got your data processing activities fully compliant, along comes more potential legislation to flip everyone over their head, such as American Data Privacy and Protection Act. With the turn of the calendar year and increasing regulatory pressure, now is the perfect time for publishers to audit how they collect and use first-party data. They’ll need privacy-forward first-party data strategies and identity solutions to help with the changing considerations around addressability.  Match rates with ID solutions will likely be low and largely replicate third-party cookie dynamics. Some solutions will enable advertisers to use an ID from one publisher to buy from a different publisher. In contrast, others will be truly first-party and used solely to sell the inventory of the publisher with whom the user shared their data. Publishers should look to new and innovative first-party data solutions to protect their data while offering scale to advertisers in both direct and programmatic channels.

First-Party Data Strategies

Forget about Google and whether they will deprecate third-party cookies. Today, over 50% of all web ad requests come from browser environments that already don’t support third-party cookies, including Safari, Firefox, Webview, and Chrome (when consumers use Incognito mode with third-party cookies disabled or other advanced privacy settings).

There are increasing choices publishers can make to improve the addressability of their inventory using their own first-party data.  However, choosing a path can be daunting, with many options that aren’t exactly clear. As the trend toward first-party data becomes the norm, publishers must focus on protecting their data while maximizing near-term value and investing in innovative new solutions that don’t rely on identifiers or fingerprinting.

However, when it comes to first-party data, simply staying on trend isn’t a long-term solution. Many first-party data solutions will work now but have degraded performance as the large platforms increasingly limit user agents, IP addresses, and email addresses to create identifiers.

Any solution that relies on these data points will face increasingly degraded performance over the coming years. Further, many of these solutions re-create the dynamics of third-party cookies by enabling one publisher’s data to buy audiences on another publisher.  

To fully take advantage of the first-party trend, publishers must invest in the right solutions quickly. As an alternative to identifiers, innovative first-party data solutions will be released in 2023 that increase addressability and enable scale for advertisers but don’t leak data and don’t rely on user identification. This could mean stable revenue growth in the coming years despite platform changes and new regulations for publishers who invest in these solutions now. 

Curated Deals Services

According to data from eMarketer, programmatic digital display spend on deals (a.k.a. PMPs) has surpassed open exchange spend. That trend will continue as publishers seek to protect their data and maximize the value of their inventory.

To jump on this bandwagon, publishers can work with partners to help them curate their inventory into deals and sell those deals to advertisers. While curating deals has long been a valuable strategy for publishers that sell direct to advertisers, there is also significant value in working with partners who include publisher inventory in highly curated multi-publisher deals. Partners can then help sell those deals to advertisers.

While not a new concept, curated deals are gaining momentum in the market. Advertisers can target the exact inventory and audiences they want to reach, and publishers can participate, with little additional overhead, to drive more revenue.

2023 will be the year publishers embrace curated deals. Publishers will opt to partner with curation services that can work with first-party publisher data in all browser environments and survive significant platform and regulatory changes.  When executed correctly, this process will ensure publisher data remains protected and increase revenue, especially in browser environments that don’t support third-party cookies.

Measurability

Getting a user’s attention is stiff competition. From push notifications to auto-play videos and plenty of algorithms in play to give users what they want, publishers are doing all they can to keep the focus on their page while balancing the quality of the experience.

Publishers need the metrics to back up all the investments spent on new strategies to drive results. We see impression counts slowly fade into irrelevance and be replaced by attention metrics.

Currently, there’s no one standard for attention metrics. Namely because it depends on how and what content is being consumed. For instance, you could consider active time in view to see the amount of time a piece of content or an ad is viewable or how the user interacts with an ad by scroll rate or depth.

Advertisers and publishers who leverage attention metrics to create better content and user experiences will remain a continuing trend in 2023. Check out more AdTech trends for advertisers.

The post Trends for Publishers to Look for in 2023 appeared first on TripleLift.

The Addressability Spectrum, in Brief

Cookieless addressability is the ability to identify individual consumers as they move across online domains so they can be targeted with advertising. There are viable solutions available such as first-party data. TripleLift has previously discussed the value of looking at addressability as a spectrum by seeing addressability as a range of approaches: 

The cohort/group approach (less individual addressability). Based on grouping consumers into cohorts, the cohort/group approach is an industry-wide collaborative effort. Espoused by Google’s Privacy Sandbox, this approach is evaluating and iterating on group/cohort proposals on a browser-by-browser basis that’ll solve some advertisers’ targeting use cases. This browser-level approach can significantly impact advertisers, who may need to set up and run separate browser-based campaigns that solve for Privacy Sandbox.

The first-party data approach (mid-level individual addressability). As discussed more fully below, the first-party data approach lies in the middle of the addressability spectrum. This approach helps publishers package their data, making a wealth of first-party information available to advertisers.

The cross-domain identifiers approach (greater individual addressability). The cross-domain identified approach is based on:

• deterministic data, such as device data
• more threatened probabilistic identifiers, such as IP addresses

The approach is typically offered by ID solution partners who match advertisers’ email data with publishers’ login data. This provides more individual addressability on the addressability spectrum —but at times, this may mean limited scale, among other issues.

Leaning into the Portfolio Approach

Most advertisers agree that choosing one approach on its own won’t work—not even the cross-domain identifier approach, even though it lends itself to use cases that marketers are already familiar with. Instead, a portfolio, or multi-modal, approach is the better option for de-risking the future.

Dealing with addressability is about more than choosing the right approach, though. Advertisers need to target multiple data types to find matches with inventory across the addressability spectrum. And they should consider each of the different approaches. But first-party data bring invaluable insights to the ad-purchasing process. Because of this, it represents the key to maximizing addressability across the system.

The Spotlight on First-Party Data

The writing’s on the wall: Third-party cookies are going, and they’re not coming back. So what does this mean for advertisers? 

A portfolio approach to addressability covers all the bases: 

• integration with leading cross-domain ID solutions to take advantage of valuable cross-domain data whenever that data exists
• leveraging the wealth of first-party data that publishers have already accumulated and will continue to collect
• continuing to solve for the Privacy Sandbox by testing and challenging its proposals 

But on a closer examination, it’s clear that first-party data deserves to be advertisers’ main focus.

More than Just Login Data

There’s a common misconception among advertisers that first-party data consists of login information only. The reality is that publishers collect many different types of first-party data, including: 

• login data
• contextual data, which can provide a certain degree of information about what users are reading
• other publisher-owned data (for example, site analytics, survey data, customer support/feedback data, and purchase histories).

Higher Value than Third-party Data

Data collected by third-party cookies have historically been inaccurate because the third-party cookie is a method of data collection prone to errors. It’s difficult, for example, to know the specific origins of third-party data or how up-to-date or complete that data is.

However, the value of first-party data lies in how it’s collected. Publishers obtain this data directly from the source: their users. This means they know how, where, and when specific data was collected, something third-party data sets can’t provide.

Look to Where the Opportunity Lies

With only 10% of users estimated to be cross-domain identified, cross-domain solutions are predicted to represent a minority of the data available. This means most of the opportunity lies in choosing a mix of first-party data and cohort targeting — tactics represented by the rest of the addressability spectrum. And it’s an opportunity for advertisers to take advantage of now.

Advertisers need to take action now, and first-party data is the approach that allows them to do just this. Environments where third-party cookies are non-existent or limited — for example, Safari, Firefox, or even unidentified users in Chrome — are fertile testing grounds for first-party data today. Advertisers don’t need to wait until 2024 for total third-party cookie deprecation to ensure they’re set up for success. 

For Advertisers, Wait-and-See Isn’t a Viable Option

There’s an overall industry need for viable, compliant solutions. But to succeed, these solutions must:

• Allow for consumer privacy and controls
• Reflect industry-wide adoption and scale
• Do more than merely try to replace third-party cookies 

First-party data is poised to be a powerful tool because of the rich insights it holds.  Advertisers can’t afford to take a wait-and-see approach when they can take action now. They can do this now by working with their supply partners to test first-party-based campaigns in third-party cookie-constrained environments. 

The post Advertisers’ Approaches to Cookieless Addressability appeared first on TripleLift.

Why Cross-Domain ID Solutions Don’t Stack Up: HEM

HEM is a cross-domain ID solution that uses hashed emails, a form of deterministic data—data supplied directly by users—to create identifiers. It works by matching publisher-collected emails with advertiser-collected emails to create an anonymized ID. This anonymized ID can be applied to some of the same use cases as third-party cookies.

Why HEM Is Trending as a Cookiefree Alternative

Add in the benefits of HEM, and there’s good reason why many in the industry see HEM as a viable successor to the third-party cookie:

• Deterministic data is generally high value and accurate because consumers supply it directly.
• Because it’s based on deterministic data, HEM is considered more privacy-compliant since consent is implied.
• The nature of email use means that a user’s email rarely changes and can be tied to that specific user. 
• And finally, HEM enables tracking across domains without being reliant on cookies. 

But while these elements combine to present HEM as an elegant solution in a world without third-party cookies, on closer examination, there are clear reasons why it’s not as smart as it seems. 

HEM’s Major Weakness

The root of HEM’s potential efficacy lies in its ability to track individuals across domains. But this ability is also its Achilles’ heel: tracking users across domains impacts consumer privacy, and there’s little doubt that privacy will continue to be a regulatory priority. 

This means web browsers and platforms like Apple and Google actively prioritize privacy protection. A current example is Apple’s iCloud+ Hide My Email, which enables individuals to generate unique, random email addresses that can be used just like their personal email. These emails automatically forward to the individual’s email, where they can be replied to like a regular email, all while keeping the personal email private. 

This aspect alone derails any long-term potential of HEM to replace third-party cookies. But HEM also faces other difficulties:

Collection challenges. Emails are often costly and difficult to collect. For example, even those publishers doing well see only around 10-15% of traffic logging in. And while brands have fewer problems collecting emails, the emails they collect are typically from existing customers rather than non-purchasing website visitors.

Difficulty of scaling. Even if a publisher were to have a phenomenal 80% login rate, each hashed email from that publisher could only be matched with a hashed email from one advertiser. But to scale, that hashed email needs to be associated with several different domains across the web. 

And other scaling obstacles exist. For example, wide adoption is required to scale, but the adoption rate is roughly 10%. Add to this the lack of a standardized approach to email collection, resulting in a higher potential of the same emails not matching, and the scaling problem becomes evident. 

These issues point to the unlikelihood of HEM’s capacity to rise to the top as a viable third-party cookie option. 

Why Cross-Domain ID Solutions Don’t Stack Up: Fingerprinting

While HEM uses deterministic data, fingerprinting is an ID solution based on probabilistic data such as IP addresses and user agents. This data is used to create data points stitched together to generate an ID of a device or browser. 

Fingerprinting comes in two flavors, active and passive. Active fingerprinting requires some form of code, such as Javascript, on a local client, so users can potentially detect it. Passive fingerprinting, on the other hand, utilizes web requests and doesn’t require any code to be executed, making it less likely to be detected.

Why the Industry is Eyeing Fingerprinting’s Potential

Like HEM, fingerprinting offers several benefits that enable industry players to replicate some of the techniques that work within a third-party-cookie environment:

• Passive fingerprinting can collect IP addresses and user agent information undetectable to the user, so it’s not intrusive to the user’s experience. 
• Unlike cookies, the data is stored server-side rather than user-side, and it’s harder to block or delete. 
• Regarding scalability, it’s easier to collect probabilistic data than deterministic data.
• And finally, fingerprinting enables tracking across domains without the need for cookies.

Fingerprinting’s Major Weakness

Fingerprinting has the same Achilles’ heel as HEM: its ability to track users across domains means it’ll be a regulatory target. 

In fact, browser interventions designed to prevent fingerprinting have already been implemented or are currently underway. Google has stated its anti-fingerprinting goals, for example. And Apple has rolled out anti-fingerprinting initiatives such as opt-in requirements for mobile device IDs and its iCloud Private Relay, which masks IPs by sending requests through two separate internet relays. Masked IP techniques, in particular, make fingerprinting IP addresses virtually useless. 

Fingerprinting also comes with a slew of other issues, including:

Lack of consent. Regardless of the type of fingerprinting used—active or passive—there’s no user consent. From a privacy perspective, this is highly problematic. 

Needs deterministic data. While it’s easier to collect, probabilistic data doesn’t score well when it comes to accuracy, as it’s based on probabilities and inferences. So instead, it’s best used to enhance deterministic data and provide scale.

Lack of persistence. Unlike email addresses or phone numbers, people change devices and browsers more frequently, making fingerprinting less persistent than HEM techniques. 

These issues mean that fingerprinting isn’t just a runner-up to HEM-based ID solutions. It’s also unlikely to qualify as a contender in a post-third-party cookie world.

Alternatives to Cross-domain ID Solutions

Cross-domain solutions fall short, but how can they be avoided? Fortunately, there are some viable alternatives with long-term potential.

Google’s Privacy Sandbox

Google’s Privacy Sandbox is aptly named: it’s a playground for innovation and experimentation, where the industry can solve for targeting use cases using behavioral cohorts rather than individual identifiers to create a set of open standards on which to base a cookieless ad ecosystem.

While the Privacy Sandbox continues to be an exciting industry-wide initiative, it’s already faced several challenges:

• The evaluated proposals will solve some targeting use cases, but cohort analysis will only be marginally helpful for other use cases. 
• There’s been significant pushback from vendors already about efficacy. So the question is, will proposals be practical or widely adopted?
• Solutions are browser-by-browser, requiring significant changes in how advertisers set up their campaigns.

First-party Data

In a world without third-party cookies, first-party data, with its ability to provide rich insights about customers and visitors in a privacy-compliant manner, will be more valuable than ever. Made up of more than just log-in information, first-party data can be collected from numerous sources, including visitors’ website behavior, survey results, social media interactions, and customer feedback. 

Despite its value, though, first-party data is up against several obstacles:

• Like all deterministic data, first-party data tends to be costly to collect and difficult to scale.
• Many organizations aren’t structured to collect data in one central storage place across all their systems.
• To get the most out of first-party data, it’s necessary to add meaning to it through contextual and behavioral elements.

Seller Defined Audiences

A concept developed by IAB Tech Lab, seller-defined audiences is a specification that creates a standardized taxonomy based on context and first-party data. It aims to enable both publishers and advertisers to scale publishers’ first-party data without the risk of data leakage. 

While sound in theory, the concept isn’t without its issues. Because individual publishers self-define segments within the standardized taxonomy, buyers can lack consistency when purchasing a particular audience segment. 

For example, while one publisher might define its “basketball fanatic” segment as someone who reads articles about NBA game scores, another publisher might define that same segment as someone who reads any NBA-related article, including celebrity-based reporting. 

Combining Approaches: Opportunities in the Making

While each of these alternatives offers promise, they each confront obstacles that must first be addressed. In the current experimentation environment, the answer may lie in combining approaches. For example, pairing the power of first-party data with the standardized taxonomy offered by seller-defined audiences has the potential to provide both publishers and buyers with the best of both worlds:

• Level of engagement data—the number of articles read, time on page, scroll depth—adds the behavioral elements that take the data beyond just context. 
• The platform defines the segments within the standardized taxonomy rather than individual publishers.
• Publishers can remove specific segments from inventory (for example, to use for targeting direct ads), giving them complete control over access to their inventory.

For advertisers, the benefit of this combined approach is quality, consistency, and simplicity: They can stay focused on the buy without worrying about anything else.

Publishers benefit because they can put more highly engaged readers into a programmatic environment without fear that their data will be used for media purchases on other sites. The result? Publishers can raise CPMs while leveraging their first-party data in a cookie-constrained environment. 

TripleLift’s platform, which uses 1plusX to define its segments, is one example of such an approach. The platform also strips any unnecessary information from the bid requests going out to buyers, resulting in packaged deals for buyers based on segment IDs and the bid request, with no identifiers to connect data between domains.

How Do the Solutions Compare to Third-Party Cookies? A Note About Measurement

The challenge for any potential cookieless solution lies in measurement. Unfortunately, the reality is, no matter how viable the solution, it’s impossible to make a comparison to third-party cookies because of how success is currently measured. 

This challenge reflects several issues:

• Current metrics are, undeniably, not very accurate.
• Widespread adoption of ID identifiers is necessary before accurate measurement can be attained.  
• More testing within a cookieless environment is needed to obtain the numbers necessary to develop better metrics. 

While it’s a difficult challenge, it’s not insurmountable: a cookieless environment already exists in Safari as a testing ground for industry players. And there’s a corresponding opportunity to see how effective these solutions are within a third-party environment in Chrome while third-party cookies still exist. 

The Uncertain Future of Cross-Domain ID Solutions 

While cross-domain solutions are more privacy-friendly than third-party cookies, they face uncertainties that make them unsuitable as a long-term solution. For example, in addition to the need for widespread adoption, their cross-domain nature subjects them to a higher regulatory focus, similar to the scrutiny placed on third-party cookies. And this means their status will remain perpetually in flux.

In the long term, the right solutions will prioritize privacy. And the viable alternatives to cross-domain ID solutions described above are already doing just that. First-party data, in particular, allows the industry to create more predictability in the future. 

Eliminating cross-domain ID solutions doesn’t mean the industry will be left floundering. On the contrary, the enormous gap created by the deprecation of third-party cookies has created an environment ripe for innovation, collaboration, and experimentation. And for the industry as a whole, this spells opportunity.

The post Why Cross-Domain ID Solutions Won’t Replace Third-Party Cookies appeared first on TripleLift.

Traditional contextual advertising works by matching a webpage’s content with an ad’s content. Instead of using data about the user, the automated system displays relevant ads based on the page’s content. For example, an article on the NBA finals would likely match up to a sports drink advertisement. So there’s still a place for contextual advertisements. Still, as the cookieless future draws near, advertisers need to look for channels with the same or better performance achieved historically using cross-domain identifiers.

The answer is an evolution of old-school contextual advertising. Instead of relying solely on content relevance, this new approach will include an analysis of each publisher’s audience into segments by demographic (if available) and by interest. Additionally, ad buyers can further apply user behavior and engagement metrics to target their ideal audience. These new capabilities will generate much better ad performance than traditional contextual advertising and will therefore be a vital advertising approach in the cookieless future. This article will cover the changes in contextual buying, what advertisers need to start experimenting with, and incorporating this into their media plans.

The New Layers of Contextual Advertising and Why Advertisers Need Them

With third-party cookie deprecation, many SSPs (Supply-Side Platforms) are leaning heavily into Universal IDs to become the replacement for cross-domain identifiers. Unfortunately, this is a dwindling amount of internet traffic. When third-party cookies are fully deprecated, 90% of traffic will be expected to lack a cross-domain identifier. This means ad buyers must look at new approaches to meet their advertising goals. Ad sellers are looking to improve the results of contextual advertising to fill this gap.

Traditional contextual advertising assumes that any person reading content relevant to the advertised product or service will be interested in the product or service. Logically, everyone knows that won’t be true for every viewer, so lots of spending on ad dollars go to wasted impressions. That said, contextual advertising is future-proof from data privacy concerns since it doesn’t require data identifiers. So how can it be improved?

The first step that publishers are making is to create audience segmentation. Within a publisher’s site, they can create segments based on audience interest determined by the content they’ve consumed. These segments will likely follow the IAB Tech Labs Audience Taxonomy but will be up to the publisher to define levels of engagement. For instance, if a person views a sports page on the site, they could group them into a Sports Interest segment. 

Going deeper, publishers will look to define levels of interest within each segment. So if a person consumes three sports articles within 14 days, they might be grouped into a sub-segment of the Sports Interest group called Sports Fanatics. This new layer of audience segmentation will allow advertisers to be more targeted in their ad spend.

The Challenge: Every Audience Segment Definition is Unique to Ad Sellers

While deeper levels of audience segmentation are a significant improvement, it’s also creating a new challenge for advertisers. For example, the IAB Audience Taxonomy has over 1500 segmentations with up to 6 levels (or tiers) for each segment. The problem comes from how each publisher defines these segments’ rules. 

Considering the Sports Fanatic example, one publisher may define a Sports Fanatic as consuming three sports articles within 14 days, while another publisher defines their Sports Enthusiast segment as having read 1 article in 30 days. Another still may define it as two articles within seven days. 

This causes a big problem for advertisers—both in efficiently making ad purchases and attempting to compare results. 

A Middle Ground is Needed to Deliver Consistent Results

To address this challenge, a layer of consistency needs to be added. Using an SSP that matches up one audience segmentation taxonomy across publishers so ads across sites can be equally measured and compared can achieve consistency. This would also open up the ability for custom segmentations. For example, suppose an advertiser considers a Sports Fanatic to be anyone that consumes four sports pages a month. In that case, that segment could be created and applied as a taxonomy across publishers for consistent ad buying at scale. This will also save ad buyers significant time not having to look at all the segment definitions of each publisher and purchase site by site.

Beyond efficiency in ad buying, there’s also an opportunity to improve the quality of audience segments. This involves quantifying the impact of contextual buying through behavioral and engagement signals. For instance, understanding the time on the page, scroll depth, clicks, and other behavioral metrics can be added to the interest segments to improve quality. For example, with those metrics, advertisers could target Sports Fanatics who consume four sports pages a month AND stay on the page for more than 45 seconds AND scroll to more than 50% of the page. This would ensure a higher quality of engagement.

What Advertisers Need to Consider to Prepare for Cookieless Advertising

Advertisers must agree that continuing with third-party cookies and Universal IDs will be a game of diminishing returns. The audience will continue to shrink as data privacy laws will continue to eliminate identifiers. Therefore, looking into alternative ways to capture the attention of 90% of the digital audience that won’t have identifiers is critical for ad buyers to begin working on.

The evolution in contextual advertising capabilities is a great place to start with this exploration. Advertisers should consider the audience segments they want to reach and known qualifiers to measure their interest levels. When ready, begin experimenting with mid-funnel ads with CTAs to gain confidence in results before running brand impression ads. The other thing advertisers need to think about is attribution. It doesn’t exist in this approach, but is it required? SSPs are already testing the efficacy of this new advertising approach against third-party identifiers, so proof of accuracy and ad performance will be available. Finally, advertisers must shift from attribution to ad performance matched with business outcomes.

Vendors’ ongoing testing shows that the evolution of contextual advertising to smart segmentation will result in the same or better ad performance. An extra benefit to ad buyers is that publishers will put more high-value audience definitions into programs because the data can’t be leaked. All first-party data will be stripped from the deal using a Deal ID. With the addition of behavioral metrics, this approach has the potential to be extremely high quality and a great mechanism to add to media plans.

The post Contextual Advertising Evolved — Advertisers Take Note appeared first on TripleLift.

How will online ad auctions function and preserve privacy after the third-party cookie is phased out? No one knows yet, but many in the industry are thinking hard about the possibilities. 

One approach is to add an optional extension to Chrome’s FLEDGE (First Locally-Executed Decision over Groups Experiment), a proposal that is part of Google’s Privacy Sandbox basket of initiatives.

Publishers have indicated that they are interested in the idea of being able to create audiences and decide how those audiences are used within the FLEDGE ecosystem rather than outside of it. This proposal remixes how much processing lives on a user’s device and how much is off-device in a trusted server. 

A trusted intermediary called a Trusted Audience Server positioned between a device, and ad tech buyers could benefit publishers, users, and even Chrome itself. 

New Opportunities for FLEDGE

The tweaks pertain to two facets of FLEDGE. For starters, consider that FLEDGE’s privacy model centers the creative as the grain of privacy control. The model assumes that information about the creative is the most crucial privacy consideration, rather than information about the user or the user’s attributes. 

The grain of privacy metering shouldn’t be the creative but rather the segment information about a user. For example:

• Did the user see a creative? 
• Why did a user see the creative?
• Who thinks the user is, say, a dad of two?
• Who learns that the user saw the creative?

There’s a way to do this where the element controlled in an auction is the segment unit. 

Secondly, FLEDGE prohibits the creator of an audience segment from allowing other entities to make use of its segment. For instance, with FLEDGE, a home goods retailer publisher couldn’t let a smaller retailer advertise to the publisher’s visitors who have looked at rugs recently. This aspect should be modified as well.

The Roles a Trusted Server Can Play

A trusted server is a computer partner that holds information about a user’s domain or site-scoped identity but can be trusted to maintain that data in a way that restricts outside parties from reconstituting it and gaining a picture of a user.

These trusted servers could be owned by publishers through data management platforms (DMPs) or supply-side platforms (SSPs) and maintain all the privacy guarantees of an ad being self-contained and malware-free.

In addition, segments could live on the trusted server rather than in the browser. Publishers would control these segments. For example, with a trusted server, that home goods publisher could allow the smaller retailer to purchase a segment of rug shoppers.

How an Extension of a Trusted Audience Server Would Work 

Although the current version of FLEDGE has notions of trusted signals on the seller side and bidding signals for the buy side, it ultimately relies very little on an external trusted server.

Here’s how a Trusted Audience Server could work in FLEDGE:

1. First, publishers would create segments in the trusted server with a publisher-scoped ID and segment IDs of their choice.

2. They would later get segments from the server, which decides which segments it is allowed to reveal in an auction.
   
   It can consider whether an ID is used on other sites and is therefore not allowed, for example. It can offer k-Anonymity for minimum group size. It can also ensure differential privacy so potential attackers can’t discern whether or not an individual is a group member.

3. Publishers could choose to run an auction off-device on the trusted server instead of on the browser.
   
   So, rather than asking Chrome to run an auction and put the winning ad in the slot, as FLEDGE would currently, an ad tech company could follow an optional route: “For this given ad slot, here’s the ad bundle that has won an auction. Please insert it.” This could happen if the FLEDGE API is extended with something like navigator.renderWinningad instead of runAdAuction.

A Beneficial Tweak That Preserves Core Guarantees

The proposal permits—but doesn’t require—auction mechanics outside of the browser. However, most benefits, including for Chrome, derive from running the auction off-device. 

What advantages would Chrome gain by not being the auctioneer?

• It wouldn’t have to manage millions of segments.
• It wouldn’t need to worry that segments stored on the user’s browser could slow it down. 
• It wouldn’t need to provide auction mechanics debugging support or build debugging tools that could be abused.
• It could focus on privacy, improving speed, and the user’s web experience.

Meanwhile, even if the browser doesn’t run the auction, it still receives a self-contained ad WebBundle and remains wholly responsible for rendering and attributing the ad. In addition, the ad continues to render in a FencedFrame that prohibits communication between the ad and the publisher and prevents publisher and advertiser collusion. 

A Trusted Server Can Do the Heavy Lifting While Safeguarding Privacy

There are substantial advantages in running auctions on a trusted server and storing segments on the server rather than in the browser. 

To sum up, a Trusted Audience Server would have these responsibilities: 

• Logging publisher-scoped segments
• Permitting and metering access to those segments from publishers that created them or publishers’ agents
• Ensuring no cross-site identifiers or identities are being used or produced
• Running a privacy-preserving auction
• Providing basic reporting on auction results

A version of FLEDGE with a trusted server could be the alternative publishers seek for the post-cookie world.

The post Extending FLEDGE’s Wings to Embrace a Trusted Server for Audiences appeared first on TripleLift.

How Third-Party Cookie Deprecation Impacts Measuring Effectiveness in Digital Advertising

At its core, advertising is about delivering a message to consumers who aren’t interacting with your brand in your brand’s context. For example, advertisers put billboard ads to reach consumers who aren’t subscribed to email newsletters. They buy ads on websites they don’t own to reach the millions of consumers who haven’t visited their websites yet. This activity is inherently cross-context. Because advertising requires cross-context activity, measuring effectiveness requires both contexts to contribute data to understand whether an ad was effective.

Linking an individual across contexts has been typically achieved through third-party cookies. As a user goes from one context (domain) to another, the cookie on their device travels with them. For example, this makes it easy to observe if the user who’s seen an ad on a website is also the user who purchased a product or service. Thus, confirming that the advertising dollars were well spent on that website.

But as browsers and platforms deprecate third-party cookies, the opportunity for cookies to travel with the user is no more, severing the browser infrastructure to measure ad effectiveness. At the same time, European publishers are heavily incentivized to reduce the number of third-party measurement providers permitted on their pages, further severing the ability to measure outcomes.

What Does Cookieless Measurement (Actually) Mean?

When we talk about cookieless measurement, we mean a measurement without browser-provided cross-context linking, whether via cookie or some other state maintenance mechanism.

In the next few years, digital ads measurement will distill down into three non-mutually-exclusive buckets:

Cohort-Based Measurement

Cohort-Based Measurement is based on a minimum number of users in a bucket. This is measured using the bucket’s name rather than the individuals in a bucket. Cohort-based Measurement measures how many members of a targeted audience likely resulted in the desired action. Cohorts can be built into the browser (FLEDGE calls them Interest Groups or via the Interoperable Private Attribution proposal) or implemented via Deals.

Forward-looking SSPs will provide success metrics at the deal level for advertisers and brands. Because these cohorts can be created and measured without personal data, expect these to be a crucial part of advertising portfolios.

Individual-Based-Identifier Measurement (e.g., email)

This is a measurement based on a common token known by both the publisher where an ad is viewed and by the advertiser where conversion occurs.

This type of measurement requires both parties to know the same identifier for a user. This includes a user-provided email address to either share with or rely on a trusted third party to compare overlap between emails that viewed an ad and emails that converted. Assuming both parties can solicit this information from the user, this strategy will also need to rely on explicit user consent by the data controllers and therefore is likely to be limited in its scale.

Walled gardens will use this for their own measurement.

Survey-Based Measurement 

Survey-based measurement includes surveys, observation panels, and other methods of soliciting user input. Some advertising goals are brand awareness, prompting recall, or measuring brand affinity.

The Future Of Cookieless Measurement is Now. Get Ready.

Today, we see the beginnings of these changes across our industry, with investments in cohort-based measurement, increased marketing around panel-based solutions, and acquisitions that align with the first-party, privacy-first future of digital advertising.

The post Measurement Without Third-Party Cookies appeared first on TripleLift.

TripleLift is active in the various W3C (World Wide Web Consortium) working groups. The Improving Web Advertising Working Group, the Privacy Community Group, and the Private Advertising Technologies Working Group (PATCG).

Some are well-known proposals, like FLEDGE and PARAKEET. Still, one that hasn’t received as much attention is the Cookies Having Independent Partitioned State or CHIPS proposal in the Privacy Sandbox.

What is CHIPS?

CHIPS is part of Google Chrome’s efforts to deprecate support for third-party cookies. It’s a middle ground that permits third-party cookies to operate, but not across sites.

Today, third-party cookies permit the owner to see the same cookie ID across different sites the user visits. This lets the third party see that it’s the same user across multiple sites. CHIPS proposes the browser instead isolate the third-party cookies through the first-party scope. From the third-party perspective, their third-party cookies still permit them to identify users within a site. But they can no longer link the users across sites. 

Why Permit Some Third-Party Functionality? 

The CHIPS proposal outlines three core use cases CHIPS should enable: 

1. SaaS providers offer as a widget to a publisher that requires identifying different users within the scope of the first party but not across sites. 
2. Headless Content Management System providers, such as platforms, make it easy to manage blog content as a service. At the same time, let the first party control the actual blog content presentation on their first-party page. 
3. Sandbox domains serve untrusted user content, such as googleusercontent.com, a domain where Google users can upload content. Therefore, Google wishes to ensure the user-uploaded content can never be accessed by the cookies in the google.com domain. 

Limitations and Implementation of CHIPS 

To set cookies partitioned to the first party, third parties should add the new “Partitioned” attribute to the cookie. This signals to the browser the third party expects and intends to scope the cookie to the current first-party domain. Chrome proposes all partitioned cookies must be secure, including the Secure attribute and __HOST prefix. 

Looking Forward 

The CHIPS proposal is, on balance, an elegant solution. By continuing to rely on the technical rails of third-party cookies but limiting their scope to single sites, CHIPS threads the needle to help third parties move towards the first-party-scoped contexts for cookies that we expect to see when the Privacy Sandbox is fully implemented for all cross-site channels.

The post W3C Proposals Explained: Privacy With a Side of CHIPS appeared first on TripleLift.

ID Solutions, Not Without Limitations

Identity Solutions are gaining new life in marketers’ eyes as third-party cookies, and other ad identifiers are phased out. They come with taglines like “Future-proofed identification for digital advertising” and “Proactively protect your investments against ID loss.”

However, it’s important for companies to evaluate these solutions with an eye toward the changes driven across the internet ecosystem. The information below should help companies create a framework for evaluating various ID Solutions.

Browser and Platform Changes to Prevent Cross-Domain Identification

Web browsers and platforms are focusing on preventing cross-domain and cross-app consumer identification. Effectively, a company shouldn’t be able to know that a consumer visited websiteA.com (or AppA). Then, subsequently, have visited websiteB.com (or AppB).

Thus, web browsers and platforms are making technical and policy changes to add difficulty to achieving cross-domain identification. These changes include (to name a few):

• Deprecating third-party cookies
• Masking IP addresses (e.g., “Gnatcatcher,” iCloud Private Relay, Mozilla VPN) and User Agent information (e.g., “User Agent Client Hints”) so individual devices may not be probabilistically identified or “fingerprinted”
• Updating mobile device identifiers, so they require opt-in consent on an app-by-app basis (Apple iOS14.5+)
• Enabling consumers to generate temporary email addresses for one-time use (Apple Hide My Email)

These changes don’t prevent website or app owners from convincing consumers to provide their information in exchange for something of value (ex: goods, services, content, etc.). But, they will make it more difficult for those consumers to be recognized on other websites or apps on the internet. As such, the utility of Identity Solutions that rely on some of the impacted capabilities will be limited.

Consumer Permission, Awareness, and Choice

ID Solutions are often, but not always, based on consumer-provided information. This includes email addresses, phone numbers, or other uniquely identifying data. Consumers should know they’re contributing their data to an ID solution. And that they’re giving certain permissions for how companies might use their information. As well as that they have choices and control over their information in the future. However, not all Identity Solutions treat these consumer interactions the same way.

First, different legal frameworks apply depending on the consumers’ location, citizenship, and company location. While the advertising industry is global, laws that apply to consumer data are largely regional and have unique requirements.

For example, Identity Solutions that capture identity information about European Union (EU) citizens should comply with the ePrivacy Directive and GDPR. To comply with the ePrivacy Directive, they need to provide certain consent controls for consumers to provide, change, and revoke consent. To comply with the GDPR, they need to provide appropriate notice and transparency as to why they process data. This includes having a legal basis for obtaining consent and providing consumers with the right to object if needed. As part of the Data Subject Access Requests (DSARs), they need to include the ability to view, edit, and delete their captured data. They must also comply with other requirements that may not be obvious but are a requirement of companies capturing, using, and sharing user data.

Second, there isn’t a global framework for consumer interactions that Identity Solutions must follow. Most of them have created separate and proprietary systems to enable consumers to make choices related to their information. Some ID Solutions make consumer controls readily available to consumers. In contrast, others make consumer controls difficult to discover and navigate. And they provide consumers with very limited options to make changes.

A few ID Solutions market directly to consumers to help them manage their identity online. This includes logins and privacy preferences. To effectively meet consumer needs, these solutions must focus on solving consumer pain points. They should make it easy to update their permissions, consent, and control access to their data. Other ID Solutions aren’t as consumer-focused. They may make it more difficult for consumers to update their permissions, consent, or control access to their data.

Finally, some internet users believe that all consumer identification will require clear and unambiguous consumer consent. Or, at least, full opt-out rights in the future due to increasing regulation. If true, it may force ID Solutions to push the reset button on any identities already in the system. It’s difficult to predict whether future regulations require clear and active consumer consent. Still, it’ll likely present companies with a challenge that bases their advertising or business entirely on a cross-domain identifier’s presence.

Companies considering using identity Solutions should consider how they treat consumer touchpoints. Does the ID Solution enable easy integration with existing privacy or permissions frameworks already in use? Does it make it easy for consumers to exercise choice or make changes? Will there be an impact on brand image and how consumers trust that brand by the provided controls? If using more than one, how will the company respond to opt-out of one ID Solution but not the other? How will it be impacted if consumers’ clear and unambiguous consent is required in the future?

Consumers Rarely Sign Up Online

As illustrated by the Addressability Spectrum, few websites can capture consumer-provided information to create valuable identifiers at a scale for advertisers. Most websites will be unable to convince significant amounts of their consumers to create an account. Let alone buy a subscription, or sign up for a newsletter to capture an email address.

Many websites and apps have made valiant efforts to increase consumer-provided information, but most haven’t significantly moved the needle. Most websites can earn identifiers based on consumer information less than 2% of the time. This statistic applies to some of the largest websites and apps in the world. To be clear, this isn’t pointing a finger at poor performance by website and app owners. Rather, it highlights convincing a consumer to sign up for a product or service is difficult. The fact that some of the largest global websites, with high repeat viewership, fall into this bucket indicates that difficulty.

Expanding on that difficulty, a transaction occurs when a consumer provides information. Consumers expect something of significant value in return when they provide their information. Suppose a consumer must provide information to access something they value on the internet. In that case, chances are high that there’s a competitive product, service, or content that won’t have as much friction for the consumer to access similar value. Further, capturing consumer information is even more challenging if the consumer is browsing the internet for entertainment and not completing a specific task.

If many websites or apps require consumer login or subscriptions, consumers are more likely to find alternative ways to spend their time. Or find alternative paths to obtain the value they’re seeking. As such, consumer signup rates may increase by a few percentage points. But, it’s unlikely that consumer behavior will undergo a wholesale change overnight.

Website and app owners must balance their desire to capture consumer information with maintaining viewership. Companies considering Identity Solutions should understand the sources of consumer identity and the number of unique identities available.

Website and App Participation in ID Solutions is Low

For consumers to voluntarily trade their information to access those products, services, or content, this will require significant effort to create valuable products, services, or content. After websites and apps go through the effort to earn consumer trust and consumer information, they likely aren’t going to give that information to other entities willingly. Especially if there’s a risk they lose control of that data, and their competitors can profit as a result.

This impact is playing out with Identity Solutions. There are over 100 million websites on the internet. But the leading ID Solution implemented using Prebid.JS has just over 25,000 installs measured by an independent third party.

25,000 installs are significant and difficult to achieve. The implication is that there are few websites, relative to the whole web, that will have the capability to achieve any ID match at all.

The more work websites and apps do to earn consumer information, the more likely they will protect that information. If that’s true, the origin of shared consumer identities is less likely to come from premium websites and apps that offer goods, services, or content capable of earning consumer trust and consumer information on a large scale.

Companies considering Identity Solutions should understand the install footprint of the solution. When installing an ID Solution into websites and apps, they should be confident that they will achieve their business objectives.

ID Match Rates Will Be Low

A significant impact of low consumer sign-up rates and website participation is match rates with advertiser data are also low. Specifically, advertisers will often attempt to serve ads to prior customers by using information about those prior customers to find them on other websites or apps. Third-party cookies and Ad IDs made this process fairly straightforward. However, this won’t be as easy with Identity Solutions.

Once browsers and platforms fully implement their planned technical changes, IDs may only be matched based on an exact data match between the data captured by different websites or apps. In other words, if an email address is the same on different websites or apps, then there can be an ID match. Companies can evaluate this impact in two ways.

In the first method, imagine regulatory or technical changes by browsers and platforms will prevent IDs captured on one website/app from automatically being used to identify the same consumers on another unrelated website/app. The total potential match rate for any given website will equal the total visitor percentage the website or app can identify. Using this method, less than 2% of identities will likely be matched on any website or app. Especially as most websites haven’t captured identities for more than 2% of their audience. Some websites/apps will achieve higher match rates, but they will be few and far between.

In the second method, assume IDs captured on one website/app may be automatically used to identify the same consumers on another unrelated website/app. Specifically, the ID match rate on any given website will be equivalent to the overlap between the individual website visitors with the set of all known ID Solution identifiers compared to the overlap of IDs known by the advertiser. Suppose the average website contributes less than 2% of all identifiers, and the largest websites contribute most of the identifiers. In that case, the smaller websites will gain far more than the largest ones. Under this scenario, the largest websites should understand they’re limiting their revenue by enabling ad targeting of their consumers on other websites.

Companies considering Identity Solutions should be aware that ID match rates on a website-by-website or app-by-app basis are likely to be low. Additionally, regulatory and/or browser and platform decisions will influence ID match rates.

Cross-ID Syncing Without Clear Policy Frameworks Or Consumer Protections (Or Universal Consumer Opt-in Without Universal Opt-out)

Currently, multiple Identity Solutions in the market are linked due to contractual agreements. This has significant consumer impacts most consumers aren’t aware of. When a consumer agrees to participate in one ID Solution, the identifier is replicated in several other ID Solutions. If the consumer later chooses to opt-out of the original Identity Solution or delete the identifier, the linked ID Solutions are under no obligation. In this situation, the consumer is likely unaware of the linked Identity Solutions or that an equivalent identifier exists in other systems.

Not all Identity Solutions offer the same control access to consumers, and there isn’t a global standard for ID Solutions to provide common consumer control functions. Thus, consumers are unlikely to make their desired changes effectively. The consumer identity, based on consumer-provided information, is irrevocable by the consumer.

This scenario can create company risk. Suppose a company integrates with more than one of the linked Identity Solutions. In that case, the company will likely receive an opt-out signal for the ID Solution the consumer opted out of. But the other Identity Solutions will show the ID as still valid. If the consumer’s identity is used in this scenario, the company may risk using consumer information that shouldn’t be used.

To avoid undue risk, companies considering Identity Solutions should carefully examine the relationships and agreements with other ID Solutions. As well as ensure consumer choices are evenly represented across all linked relationships. Until a trusted and verifiable global Identity Solution framework is in place to enable consumers to control their data in all settings, companies must ensure they complete proper diligence.

Probabilistic IDs Are Under Threat

Several Identity Solutions use “probabilistic” methods to link data collected on one website or app to data collected on another website or app. These methods often use connection or device data. Such as IP Address and User Agent to link different data points, as the connection and device data aren’t likely to change. The combination of the IP Address + User Agent is often enough to re-identify a specific device on websites or apps.

All major web browsers have already (or are planning to) mask IP address information to prevent probabilistic identification. Further, Google Chrome is changing the amount of User Agent information available in certain circumstances. The combined effect of these changes will make it incredibly challenging to create probabilistic identifiers.

Companies considering Identity Solutions should evaluate the amount of probabilistic matching used to develop identifiers. Browsers and platforms are likely to continue working to prevent probabilistic matching. So choosing an ID Solution primarily based on this data may provide short-term value but risk long-term value.

Alternatives to Cross-Domain ID Solutions

We dig into emerging solutions, like Data Clean Rooms, that offer an alternative to Identity Solutions. They enable websites, apps, and advertisers to leverage their first-party data without sharing it or risk having it unexpectedly provide an advantage to competitors.

The post The Limitations of ID Solutions appeared first on TripleLift.

While this may seem like an enormous task, many solutions are still in mid-development as the industry coalesces to test out and understand what will be viable from a technical and regulatory perspective. With the mystery and confusion out there, buyers need actionable guidelines that help clear a path forward. 

We developed the Prepper Playbook for Advertisers to provide such guidelines to advertisers and agencies. Below are some highlights from our Prepper Playbook. It starts with buyer challenges regarding media execution and campaign management and ends with some forward-looking guidance.

Excerpts from the Prepper Playbook for Advertisers:

What Challenges Are Buyers Facing Right Now?

With the end of third-party cookies, media planning will become fragmented and browser-focused. This means a massive shift from how buyers might typically plan campaigns.

Not to mention…

• Campaign reach may be impacted given that there’s a likely chance of overlap in targeting strategies due to competing solutions.
• Retargeting will look more like lookalike targeting without third-party cookies or broad ID adoption. And it won’t be at the device level.
• Retargeting may not be as successful as shifting the budget to prospecting campaigns or other upper/mid-funnel tactics.

What Should Buyers Do to Prepare for Changes in Measurement?

We know measurement will be impacted in a post-third-party cookies world. Likely with cross-domain measurement becoming limited to what browsers provide. Measurement will likely be limited in scope compared to what third-party cookies allow, resulting in more siloed measurement. Think: site-by-site, id-by-id, contextual segment-by-contextual segment, etc. During this time, buyers must investigate their current metrics and measurement strategy. This will help them understand the likely limitations the future holds.

Questions buyers should ask themselves:

• What are my current KPIs?
• What does my frequency capping look like? 
• Do I use a DMP that doesn’t rely on third-party cookies? 
• Do I have a way to leverage my first-party data?
• Should I start looking at cohort data (i.e., Privacy Sandbox)?

What Else Can Buyers Do to Prepare for 2024?

Test & Learn

Buyers can use Safari and Firefox, which have already deprecated third-party cookies, as testing grounds to find solutions. You can also use this time to evaluate creatives, formats, and performance metrics that meet your brand’s needs.

• Do some creative assets work better for campaigns that run on non-third-party cookie browsers? 
• For those browsers, are some ad formats more helpful than others? 
• Which performance metrics are still available with those browsers? 
• Of those available performance metrics, which have the most impact on future campaign decision-making?

Develop a Portfolio Approach to Privacy and Identity

While identity solutions are essential for marketers looking to onboard their first-party data, buyers may still need to diversify their approach to solving for privacy and identity to de-risk their future. This might run the gamut from leveraging first-party data to solving for Privacy Sandbox. It’ll also dig into what would modernize contextual buys to be successful. Supply and other AdTech partners who develop multimodal approaches will be able to support a greater range of buyers’ use cases. And buyers who also develop a portfolio approach to solving for privacy and identity will find themselves avoiding a major pitfall: too many eggs in one basket. Like what you read? Dig deeper with more actionable battle cards in the Prepper Playbook for Advertisers.

The post The Prepper Playbook for Advertising in a World without Third-Party Cookies appeared first on TripleLift.

Chrome’s announcement to deprecate third-party cookies and provide alternative rails for some functionality that currently relies on third-party cookies via Privacy Sandbox hit the advertising industry like lightning. The Privacy Sandbox is a set of proposals to make the internet more privacy-friendly for users.

At the same time, providing a route for ad-supported content creation for publishers and a valuable advertising channel for brands. To know what’s possible, the Chrome team publishes and iterates on proposals under the auspices of the W3C community groups. Most of the coordination is happening via W3C regular meetings and Github. Additionally, other companies have carefully crafted proposals to protect user privacy while preserving the value of personalized advertising.

Understanding the differences between the proposals requires awareness of where the conflict lies. Each proposal puts a stake in the ground. All of the details flow from that. However, knowing which proposal elements were deliberate and which elements simply flow from deliberate decisions takes some investigation.

Here we analyze each proposal’s core design decision and separate its essential statement from its thesis’s technical consequences. The core Privacy Sandbox question is, “Who can the browser trust, and with what information?”

On one side is the status quo. Most parties can send and receive information from the browser if the publisher permits or delegates the interaction. Conversely, the user’s browser sits between the user and every website they visit. The browser extracts information from the site but prohibits the site from understanding its audience.

Each Privacy Sandbox proposal answers this question at its core, with substantial consequences for publishers, advertisers, and the future of the ad-supported web.

Google’s Bird of a Feather

The bird name puns began on August 19, 2019, when Google published the original FLOC proposal. FLOC, or Federated Learning of Cohorts, provides some of the value of cross-site behavioral advertising. Although, without enabling cross-site identity for anyone other than the browser. FLOC places users into cohorts based on common web browsing behaviors and patterns. There are no predefined buckets of “similar” browsing patterns; they emerge organically, and browsers are grouped based on common observations. Chrome doesn’t know what a particular cohort ID represents, but users in the same cohort exhibit similar browsing behaviors. This would enable advertisers to identify which cohorts appear valuable for their campaigns. And, therefore, target advertising to those cohort IDs on other sites, but without needing a user identifier.

Advertising audience data can be split into two sources: publisher-side and advertiser-side. The publisher has some information about the impression that may be relevant to advertisers. Advertisers have some information about the kinds of users they want to reach. This audience’s intersection creates a good ad opportunity. FLOC provides publisher-side information about an ad impression’s value to advertisers that may not have previously interacted with this particular browser. Therefore, it’s intended for prospecting use cases. Chrome ran an origin trial for FLOC in early 2021 and is redesigning based on participants’ and interested parties’ feedback.

FLOC’s answer to the question of whom to trust and with what information is to trust the browser with cross-site browsing information and to distrust all other parties. This includes the publisher, but with the promise that the results will be available to the publisher and its advertisers.

Just One TURTLEDOVE

The bird name puns continued when Chrome published the original TURTLEDOVE proposal on January 16, 2020. TURTLEDOVE stands for Two Uncorrelated Requests, Then Locally-Executed Decision On Victory. In Turtledove, the browser holds the auction on-device by soliciting bids in two separate requests. The first is a contextual request that includes items like the website URL. The second request includes information about what ads the user may be interested in seeing.

Whereas FLOC is helpful to advertisers for general interest-targeting or prospecting, FLEDGE attempts to fill the use-case gap of retargeting or advertiser-driven audience selection.

TURTLEDOVE’s Origin Trial is known as FLEDGE (“First Locally-Executed Decision over Groups Experiment”). So, when you hear about FLEDGE changes, those changes are the direct evolution of TURTLEDOVE via the FLEDGE experiment.“The FLEDGE proposal” is TURTLEDOVE plus modifications made in the trial stages.

So, where does TURTLEDOVE draw the line between trust and openness? TURTLEDOVE’s core thesis trusts only the browser. This is evidenced by the design decision to have all InterestGroups live on the browser, regardless of membership size. To protect individuals’ privacy and mitigate de-identification attacks based on placing users in very small segments, TURTLEDOVE took the extreme design decision of keeping all InterestGroups on the browser, whether they presented a privacy risk or not.

SPARROW — Criteo Spreads its Wings

Next, Criteo’s SPARROW, published on GitHub on April 22nd, 2020, offered a different path to achieving the same privacy desiderata as TURTLEDOVE. But with an alternative mechanism. SPARROW stands for Secure Private Advertising Remotely Run On Webserver. SPARROW’s primary iteration on the slightly-earlier TURTLEDOVE is the introduction of a publisher-side “Gatekeeper” function fulfilled by a server. This Gatekeeper is a server trusted by the publisher and browser to protect the user’s privacy. It enables a solution that relies on server-side processing instead of keeping everything in-browser, regardless of privacy impact.

In SPARROW, the browser sends a bid request to the Gatekeeper server that contains contextual and behavioral information colocated in that request. But the Gatekeeper ensures that the colocated behavioral and contextual data doesn’t leak further. Contrary to TURTLEDOVE, which triggers two bid requests, one with and one without contextual data, SPARROW posits separating contextual from behavioral data in a bid request doesn’t need to occur on the browser. By enabling an off-device server to perform the separation, SPARROW offers some advantages without compromising the user’s privacy guarantees.

First, reporting, pacing, and some attribution can occur in real-time or near-real-time instead of delayed or not in a world where the browser has no trusted off-device server to trust.

Second, SPARROW claims introducing this Gatekeeper function into the ad tech ecosystem can occur much more quickly. This is because it can be implemented in parallel with the current infrastructure, causing smoother and less disruptive fast adoption. 

What core argument is SPARROW making about whom to trust? SPARROW makes two arguments. First, SPARROW argues the trust boundary can be enlarged to include the browser. Parties that act on the users’ and publishers’ behalf can be fortified with technical guarantees that don’t require blind trust. SPARROW’s second core argument is for a substantial amount of online advertising, individual profiles are unnecessary. They say advertisers want to buy audiences and measure the effectiveness of the audiences. They don’t need large-scale individual-level cross-site analysis to be effective.

PARAKEET — Microsoft Edge’s Final (Bird) Word

Finally, Chrome isn’t the only browser adopting new privacy-protecting measures. The Microsoft Edge team published the PARAKEET proposal in February 2021. PARAKEET stands for “Private and Anonymized Requests for Ads that Keep Efficacy and Enhance Transparency.” Building on TURTLEDOVE’s goals and SPARROW’s insights, PARAKEET zeroes in on limiting the amount of granular high-fidelity information leaving the browser. However, it attempts to optimize user privacy and ad efficacy simultaneously. PARAKEET rejects the assumption that user privacy and ad effectiveness can’t coexist and redefines the challenge of solving for both.

The PARAKEET proposal, like SPARROW, introduces the idea of a trusted server doing some off-device computation to gain the benefits of an aggregated view of what information has been shared with parties previously. It’s something the browser can’t feasibly do alone today. Think of PARAKEET as a filter that constantly checks how much information about a particular browser has been shared with each recipient. And in real-time, it obfuscates or removes key pieces to ensure that the recipient can’t meaningfully single out that browser. This obfuscation and information removal can be done in a way that’s mathematically guaranteed to make it nearly impossible for a bad actor to re-identify a browser.

What’s Next

Each proposal has clarified the options in front of us and which tradeoffs are unavoidable. By Q3 2023, we expect the Privacy Sandbox APIs to be launched and generally available in Chrome. As developers adopt these APIs, we now intend to begin phasing out third-party cookies in Chrome in the second half of 2024. You can always find up-to-date timelines and milestones on the Privacy Sandbox website. The immediate path forward continues iterating on these proposals. It develops technical specifications that work for all major publishers and advertisers to continue monetizing content. This also includes advertising products to potential customers and protecting consumer privacy.

The post Privacy Sandbox, Parakeet & the Birds: What’s all the Squawking About? appeared first on TripleLift.

Identity (ID) Solutions Have a New Job

Identity Solutions aim to maximize addressability for advertising use cases, including developing “cross-device graphs” or “household graphs.” These “graphs” help marketers understand online consumer behavior as they move from device (laptop) to device (smartphone). Or to understand better which devices people living in a single household may be using.

The new cookieless world will reduce device identifiers like IDFA on Apple iOS, causing challenges for cross-domain addressability. As the definition of addressability for advertising is changing, ID Solutions are now marketed as the solution.

Identity Solutions Are Everywhere, But What Are They

The digital advertising ecosystem offers over 100 Identity Solutions, including Liveramp RampID, ID5, Prebid SharedID (formerly PubCommonID), and many more. However, many advertisers aren’t clear on what they are, how they work, or how they can drive advertising outcomes.

This guide should help remove some mystery (hopefully not add more). 

The goal is to help develop a shared understanding of how they work. Each organization in the advertising ecosystem should carefully evaluate available Identity Solutions. Then, select the vendors that best fit their desired use cases.

How Identity Solutions May Help with the Changing Definition of Addressability

Third-party cookies and device identifiers, like IDFA on Apple iOS, enable companies in the advertising ecosystem to collect highly accessible and consistent internet behavior data. Companies can collect unique data sets about online consumer behavior as they browse from site to site or app to app.

Companies can then compare and match those data sets to facilitate advertising use cases. This is possible because third-party cookies and device identifiers are effective technical standards that enable each company in the value chain to collect unique data sets and speak the same language when comparing those data sets. As a result, companies can work together to deliver ads to consumers when a data match is found in these data sets.

However, third-party cookies will be deprecated in all major web browsers to protect consumer privacy when Google removes them from Google Chrome in 2023. Device identifiers are also becoming less prevalent due to platform changes that require consumer opt-in for companies to gain access to device identifiers. Ultimately, companies will have far less capability to capture online consumer data as consumers move from site to site and app to app. It’ll also be difficult for companies to compare their data sets to facilitate advertising transactions.

This is where Identity Solutions come in. Specifically, ID Solutions are designed to create a stable and reliable consumer identifier that advertisers may use to measure online consumer behavior and serve targeted advertising.

Cross-Domain ID Solutions Explained

Cross-domain ID Solutions attempt to create an identifier for consumers. It measures consumer behavior as they move from website to website and app to app. Cross-domain ID Solutions require consumer-provided information like email addresses to do so. ID Solutions will also need permission to use consumer information following various data security and privacy legislation worldwide. These include the ePrivacy Directive (EU), GDPR (EU), CCPA (the USA – California), and many more.

How Cross-Domain ID Solutions Work

The concept behind them is simple: consumers usually use a single email address on different websites and apps. As the consumer uses that email address to log in to websites and apps, make purchases, or sign up for email newsletters, the ID solution will recognize the email address is the same. The logical conclusion is that the same person uses the email address on multiple websites and apps.

Where Does The Data Come From

Cross-domain Identity Solutions rely on consumer information, like an email address. However, the consumer information doesn’t have to be an email address but should be unique to the consumer, such as a phone number. For the ID Solution to obtain this data, it must integrate with a website, app, or data provider.

The Identity Solution is then integrated with the website or app to create a consumer identifier when the consumer enters an email address and has provided the permissions necessary per various privacy legislation requirements.

How Identity Solutions Enable Ad Targeting and Measurement

Generally, marketers want to reach as many qualified consumers as possible. So successful cross-domain ID Solutions will be integrated into as many websites and apps as possible. Conversely, cross-domain ID Solutions not installed on many websites and apps will be less successful in helping marketers reach their target consumers.

Websites or apps integrated with the cross-domain identifier will need to add the identifier to the ad request generated when a web page or app loads. Then, the ad request (including the identifier) will be sent to ad-buying platforms, where marketers may choose to show ads to consumers based on the presence of the identifier. This process can be technically complex and usually happens in milliseconds.

When the consumer sees an ad targeted to them based on the identifier, the Identity Solution will have data that enables the marketer to understand the ad’s performance, including any ad clicks, screen time of the shown ad, etc. In addition, suppose the marketer is also integrated with the ID solution. In that case, the Identity Solution may also provide data showing a consumer purchased a product after being shown an ad for it.

Effectively, cross-domain ID Solutions can enable the same use cases provided by third-party cookies and device identifiers.

First-Party ID Solutions Explained

First-party ID Solutions are similar to cross-domain ID Solutions, but there are a few key differences. First, they only identify a consumer on a single website or app rather than identifying a consumer across multiple websites or apps. Second, they can use but don’t require consumer-provided information.

How First-Party ID Solutions Work

When a consumer visits a website or app, an identifier may still be created for that consumer on that individual website or app after the web browser and platform changes are fully implemented. For example, if a consumer provides an email address or other unique information, the identifier may be based on that information.

A first-party cookie ID, app user ID, or other first-party measurement solution may also act as a first-party identifier. In this case, the identifier is the ID of the first-party cookie or app user ID. It would enable the website or app to measure consumer behavior on that one website or app without needing the consumer to provide any information.

How They Work for Targeting and Measurement

First-party ID Solutions enable marketers to target consumer ads based on their online behavior on individual websites and apps. Once third-party cookies are deprecated and the availability of device identifiers is reduced, first-party identifiers will be the most prevalent identifier available for advertising use cases.

Marketers should prepare to take advantage of first-party identifiers for targeting and measuring ad performance. In addition, publishers should ensure they can create and facilitate using first-party identifiers for advertising.

How Identity Solutions Address Consumer Privacy

The deprecation of third-party cookies and the reduced availability of device identifiers result from increased consumer data and privacy protection. Therefore, any Identity Solution should also protect consumer data and privacy.

Identity Solutions generally operate with the idea that consumers can decide whether to opt-in or out of the solution. However, to make an informed choice, a consumer must know how the Identity Solution works. They must be aware that they have a choice, how to make it, and be able to modify it whenever. In other words, consumers should know they’re signing up for an Identity Solution.

The consumer should know they have specific controls over how their assigned identifier may be used or treated by the Identity Solution and companies who integrate it. Finally, they should know they have the right to request access to, edit, or delete their associated ID Solution data. This ensures the solution follows multiple privacy regulations, including GDPR, CCPA, etc.

Consumer Awareness and Choice

ID Solutions must address consumer privacy in three essential experiences to facilitate consumer awareness and choice. These are initial signup, changing permissions or settings, and data subject access requests (DSARs) defined by various privacy legislation globally.

ID Solution Sign Up

“ID Solution Sign Up” occurs when a consumer provides personal information, like an email address, used to generate an identifier. Companies should consider how they’re enabling the consumer to be aware that they’re signing up for an ID Solution. This includes detailing their choices on how the ID Solution is used and exercising their rights under applicable privacy legislation.

Some Identity Solutions place this information in a privacy policy behind a standard “I agree to the privacy policy” statement. Others make the information more available on the page at the time of signup. In the European Union (EU), the ePrivacy Directive generally requires consumers to consent to capture device information. The GDPR further requires companies to establish legal validity for using that information to complete business processes, including advertising. Several data protection authorities suggest consent is the only valid legal basis for most intrusive activities related to cross-site advertising. Consumers need appropriate awareness and opportunities to provide permission as legislation requires.

Generally, consumers relate increasing transparency and awareness with greater levels of trust. Harvard Business Review found that 90% of consumers believe how their data is treated reflects how they’re treated as customers. As such, each company should decide the best approach for helping consumers be aware of their choices. They should enable consumers to make choices to build trust. Further, each company should decide how best to comply with applicable legislation that may impact their ability to capture and use data or work with an Identity Solution.

Changing Permissions or Settings

Consumers who opted into an Identity Solution should be able to change permissions or settings they previously applied. In addition, each ID Solution often has a unique feature set for what permissions are available. This also includes how consumers interact with them and how easy they are to find and use.

Similar to awareness, permissions and settings that are easier to use will engender greater trust. However, permissions and settings that are harder to find or use will feel “shady” to a consumer, hurting trust. As part of the Identity Solutions evaluation, companies should ensure that chosen vendors enable consumer choices aligned with their desired or created brand image.

Data Subject Access Requests (DSARs)

Various privacy legislation has been passed, giving consumers the right to understand better and control how their data is used. Data Subject Access Requests (DSARs) are written into many of these laws. They usually give consumers the right to access, request edits, or delete the data a company has about them.

Identity Solutions should ensure they can facilitate DSAR requests from consumers and act on them appropriately. In addition, companies choosing ID Solution vendors should ensure the Identity Solution provides consumer-facing mechanisms for DSARs for any legislation that applies to their business.

Other Identity Solutions

There are two other types of Identity Solutions currently in the market. Both are cross-domain ID Solutions but risk not working when browsers fully implement their privacy-protecting proposals. Therefore, companies should complete appropriate due diligence to select solutions that will work after browser changes are fully implemented.

Pseudonymous Cross-Domain ID Solutions

There are a few proposals for Cross-Domain ID Solutions that would create a pseudonymous identifier for a consumer that would be synced either to a central server or through a network of servers by web or click redirects. Effectively, when a consumer visits a website participating in the pseudonymous ID Solution, the consumer would quickly be redirected to a different website that would set an identifier, like a first-party cookie, before quickly sending the consumer back to the original website. On the other hand, suppose many websites were to participate, and consumers were all redirected to the same website or a network of websites where the pseudonymous ID is set. In that case, online consumer behavior could still be measured across websites.

Pseudonymous cross-domain ID Solutions would effectively re-create the capabilities of third-party cookies. Web browsers like Google Chrome have stated they’re working to prevent this cross-domain consumer tracking.

Probabilistic Cross-Domain ID Solutions

Some Cross-Domain ID Solutions use combinations of data points about internet connections and/or device information to generate an identifier for different devices. This capability is sometimes called “fingerprinting” because it combines data points highly likely to identify individual devices. Like a fingerprint does for a human.

The primary data points used to create these probabilistic identifiers are IP address and User-Agent. The IP address is a string of numbers that identifies a specific device’s connection to the internet. The User-Agent provides information about the operating system, device type, web browser, app, etc., used to access the internet.

All major web browsers are beginning to implement changes to prevent this information collection. The stated goal of these changes is to “prevent fingerprinting” to avoid tracking consumer behavior across websites. Companies should complete proper due diligence to ensure that Identity Solution vendors are using technologies that will be viable after browser changes are fully implemented.

Limitations of ID Solutions

Explore the limits of ID Solutions and why they aren’t a one-stop shop, or even a perfect solution, for solving the changing addressability landscape.

The post Identity Solutions: What They Are and How to Use Them appeared first on TripleLift.

Digital advertising is changing rapidly. This is in response to increasing demands for consumer privacy from governments, privacy advocates, companies, and consumers worldwide. These changes impact the digital advertising ecosystem and force companies to reconsider how they understand advertising and the internet.

For over a decade, digital advertising has focused on reaching individual consumers with tailored ads. Based on insights or inferences about their online behavior. However, this is being challenged due to the global shift towards greater privacy and data security.

When Apple updated iOS devices to iOS14.5, the ad industry saw how addressability would change when third-party cookies are deprecated. According to mobile app analytics company Flurry, the global opt-in rate for IDFA on iOS is 25%. However, the US opt-in rate is only 18%. So, advertisers will track only 18% of all US-based iOS users on their iPhones or iPads, and only on individual apps that earn permission.

This shift forces the industry to redefine how digital advertising is understood and delivered.

What’s Addressability?

“Addressability” is a term often used in digital advertising. It describes how much of an audience is identifiable for ad targeting and online measurement.

Third-party cookies and device identifiers, like IDFA, enable high addressability across websites and mobile apps. As a result, companies in the digital advertising value chain can recognize individual consumer devices as people use them for browsing the internet or using mobile apps.

Specifically, almost all programmatic ad targeting today is based on the ability to track consumer devices across websites and apps. When third-party cookies deprecate in all significant browsers, information about online consumer behavior will be available on a website-by-website basis. Still, it won’t be readily available across websites.

This change represents a tremendous shift in how advertisers need to think about targeting ads to consumers and measuring the success of their ad campaigns.

Introducing a New Response to Privacy Changes

The industry needs a more nuanced definition of addressability in response to every major browser moving to deprecate third-party cookies and mobile app platforms, like Apple iOS, making mobile advertising identifiers opt-in only.

The Addressability Spectrum (shown below) provides a visual framework for handling addressability once the web browsers and app platforms impending changes take effect.

Collectively, the categories displayed in this diagram represent the future state of addressability. Each ad impression will fall into one of these addressability categories. Working from left to right in the diagram, the definitions below explain what addressability will mean.

1. Unknown:

This segment of consumers is already working to hide their online behavior. They may be using multiple VPNs, the Tor browser, or taking other actions to prevent their online behavior from being tracked. This segment is tiny, and advertisers don’t generally target these consumers, but they’re included here for completeness.

2. Cohorts:

Cohorts are effectively groups of consumers with similar behaviors. They’re often referred to as “audience segments.” Privacy Sandbox proposals like FLoC and FLEDGE propose that cohorts be used to target consumers instead of targeting individuals.

3. First-Party Identified:

This is a segment of individual consumers identified on a website-by-website or app-by-app basis. Using first-party cookies or local browser storage can achieve this with pseudonymous identifiers. It may also be achieved when a consumer chooses to create an account on a website and provides an email address or other unique information.

4. Cross-Domain Identified

This is a segment of individual consumers identified across different websites or apps. Once third-party cookies are deprecated in all major browsers, this may only be achieved with identity solutions like Liveramp RampID or ID5. Consumers who opt-in to IDFA on iOS apps fall into this category.

Examining the Internet Through the Lens of the Addressability Spectrum

These impacts will apply to all channels, including web and mobile apps. Thinking about how the Addressability Spectrum will apply to websites provides a lens into the challenges advertisers will face once third-party cookies are deprecated, and mobile device identifiers are opt-in only. A similar analysis can be done for mobile apps as well.

Below, four stereotypical websites illustrate how the new definition of addressability along a spectrum creates challenges for advertisers compared to current advertising methods.

Note: Outlier websites don’t fit this model but are few and far between. Most websites will fall neatly into these descriptions.

• long-tail-site.com is representative of the vast majority of websites on the internet. These websites typically have low monthly traffic but monetize with programmatic advertising. Generally, these websites will be able to identify less than 2% of their consumers with cross-domain identifiers.

• Popular-publisher.com is representative of high-quality, high-traffic websites or high-quality niche websites that have consistent viewership. However, these websites can identify less than 2% of their consumers with cross-domain identifiers. In addition, many of these websites have tried to increase the number of cross-domain identifiable visitors. Still, they’ve been unable to compel their visitors to create accounts or sign up for emails at high rates.

• Login-publisher.com is representative of high-quality, high-traffic websites with consistent viewership. These websites can identify 10-15% of their visitors because they’ve found ways to incentivize visitors to create accounts or sign up for subscriptions. Further, these websites are some of the largest and most popular online websites.

• Popular-brand.com is representative of internet brands driving purchases or consumer signups for goods and services. The most popular brand websites may be able to identify as much as 20% of their visitors because they have products that people love and return for more.

Redefining Addressability in Digital Advertising 

When viewed through the lens of the Addressability Spectrum, it becomes clear that addressability will change significantly when third-party cookies are deprecated in all major browsers, and mobile device identifiers become opt-in only on iOS and Android.

While some websites and apps will be standout performers that can earn cross-domain identifiers from more than 10% of their visitors, the vast majority of websites and apps won’t.

As more privacy regulations are passed, technical blocks to workarounds like first-party click redirects and device fingerprinting are put in place, consumer transparency, control, and consent are increasingly required for the capture and use of consumer information to power digital advertising, and those cross-domain identifiers will be less and less valuable because consumers are expected to restrict the capture and use of their data to the websites and businesses they trust.

The digital advertising ecosystem must think about addressability differently to address this future state. The opportunity for advertisers lies in solving for cohorts of consumers as proposed in Google’s FLoC or FLEDGE and leveraging supply partners to use first-party audience information.

TripleLift’s Building for the Future

TripleLift is focused on a portfolio strategy to solve for the future of addressability. Our products will use the best available data from across the addressability spectrum on every ad impression to ensure that a campaign will reach the intended audience.

How campaigns are planned and success is measured will need to change to reflect the available data and capabilities. Still, TripleLift has the experts and experience to help guide your advertising to successful outcomes.

The post Addressability – How to (Re)define it in a Privacy-first World appeared first on TripleLift.