Understand the limits of ID Solutions to select the best solutions for your business.
Why it matters — ID Solutions are the hot topic in digital advertising in preparation for third-party cookies deprecation. Learn about their limitations so you can consider a portfolio-based approach that addresses the gaps they leave.
ID Solutions, Not Without Limitations
Identity Solutions are gaining new life in marketers’ eyes as third-party cookies, and other ad identifiers are phased out. They come with taglines like “Future-proofed identification for digital advertising” and “Proactively protect your investments against ID loss.”
However, it’s important for companies to evaluate these solutions with an eye toward the changes driven across the internet ecosystem. The information below should help companies create a framework for evaluating various ID Solutions.
Browser and Platform Changes to Prevent Cross-Domain Identification
Web browsers and platforms are focusing on preventing cross-domain and cross-app consumer identification. Effectively, a company shouldn’t be able to know that a consumer visited websiteA.com (or AppA). Then, subsequently, have visited websiteB.com (or AppB).
Thus, web browsers and platforms are making technical and policy changes to add difficulty to achieving cross-domain identification. These changes include (to name a few):
- Deprecating third-party cookies
- Masking IP addresses (e.g., “Gnatcatcher,” iCloud Private Relay, Mozilla VPN) and User Agent information (e.g., “User Agent Client Hints”) so individual devices may not be probabilistically identified or “fingerprinted”
- Updating mobile device identifiers, so they require opt-in consent on an app-by-app basis (Apple iOS14.5+)
- Enabling consumers to generate temporary email addresses for one-time use (Apple Hide My Email)
These changes don’t prevent website or app owners from convincing consumers to provide their information in exchange for something of value (ex: goods, services, content, etc.). But, they will make it more difficult for those consumers to be recognized on other websites or apps on the internet. As such, the utility of Identity Solutions that rely on some of the impacted capabilities will be limited.
Consumer Permission, Awareness, and Choice
ID Solutions are often, but not always, based on consumer-provided information. This includes email addresses, phone numbers, or other uniquely identifying data. Consumers should know they’re contributing their data to an ID solution. And that they’re giving certain permissions for how companies might use their information. As well as that they have choices and control over their information in the future. However, not all Identity Solutions treat these consumer interactions the same way.
First, different legal frameworks apply depending on the consumers’ location, citizenship, and company location. While the advertising industry is global, laws that apply to consumer data are largely regional and have unique requirements.
For example, Identity Solutions that capture identity information about European Union (EU) citizens should comply with the ePrivacy Directive and GDPR. To comply with the ePrivacy Directive, they need to provide certain consent controls for consumers to provide, change, and revoke consent. To comply with the GDPR, they need to provide appropriate notice and transparency as to why they process data. This includes having a legal basis for obtaining consent and providing consumers with the right to object if needed. As part of the Data Subject Access Requests (DSARs), they need to include the ability to view, edit, and delete their captured data. They must also comply with other requirements that may not be obvious but are a requirement of companies capturing, using, and sharing user data.
Second, there isn’t a global framework for consumer interactions that Identity Solutions must follow. Most of them have created separate and proprietary systems to enable consumers to make choices related to their information. Some ID Solutions make consumer controls readily available to consumers. In contrast, others make consumer controls difficult to discover and navigate. And they provide consumers with very limited options to make changes.
A few ID Solutions market directly to consumers to help them manage their identity online. This includes logins and privacy preferences. To effectively meet consumer needs, these solutions must focus on solving consumer pain points. They should make it easy to update their permissions, consent, and control access to their data. Other ID Solutions aren’t as consumer-focused. They may make it more difficult for consumers to update their permissions, consent, or control access to their data.
Finally, some internet users believe that all consumer identification will require clear and unambiguous consumer consent. Or, at least, full opt-out rights in the future due to increasing regulation. If true, it may force ID Solutions to push the reset button on any identities already in the system. It’s difficult to predict whether future regulations require clear and active consumer consent. Still, it’ll likely present companies with a challenge that bases their advertising or business entirely on a cross-domain identifier’s presence.
Companies considering using identity Solutions should consider how they treat consumer touchpoints. Does the ID Solution enable easy integration with existing privacy or permissions frameworks already in use? Does it make it easy for consumers to exercise choice or make changes? Will there be an impact on brand image and how consumers trust that brand by the provided controls? If using more than one, how will the company respond to opt-out of one ID Solution but not the other? How will it be impacted if consumers’ clear and unambiguous consent is required in the future?
Consumers Rarely Sign Up Online
As illustrated by the Addressability Spectrum, few websites can capture consumer-provided information to create valuable identifiers at a scale for advertisers. Most websites will be unable to convince significant amounts of their consumers to create an account. Let alone buy a subscription, or sign up for a newsletter to capture an email address.
Many websites and apps have made valiant efforts to increase consumer-provided information, but most haven’t significantly moved the needle. Most websites can earn identifiers based on consumer information less than 2% of the time. This statistic applies to some of the largest websites and apps in the world. To be clear, this isn’t pointing a finger at poor performance by website and app owners. Rather, it highlights convincing a consumer to sign up for a product or service is difficult. The fact that some of the largest global websites, with high repeat viewership, fall into this bucket indicates that difficulty.
Expanding on that difficulty, a transaction occurs when a consumer provides information. Consumers expect something of significant value in return when they provide their information. Suppose a consumer must provide information to access something they value on the internet. In that case, chances are high that there’s a competitive product, service, or content that won’t have as much friction for the consumer to access similar value. Further, capturing consumer information is even more challenging if the consumer is browsing the internet for entertainment and not completing a specific task.
If many websites or apps require consumer login or subscriptions, consumers are more likely to find alternative ways to spend their time. Or find alternative paths to obtain the value they’re seeking. As such, consumer signup rates may increase by a few percentage points. But, it’s unlikely that consumer behavior will undergo a wholesale change overnight.
Website and app owners must balance their desire to capture consumer information with maintaining viewership. Companies considering Identity Solutions should understand the sources of consumer identity and the number of unique identities available.
Website and App Participation in ID Solutions is Low
For consumers to voluntarily trade their information to access those products, services, or content, this will require significant effort to create valuable products, services, or content. After websites and apps go through the effort to earn consumer trust and consumer information, they likely aren’t going to give that information to other entities willingly. Especially if there’s a risk they lose control of that data, and their competitors can profit as a result.
This impact is playing out with Identity Solutions. There are over 100 million websites on the internet. But the leading ID Solution implemented using Prebid.JS has just over 25,000 installs measured by an independent third party.
25,000 installs are significant and difficult to achieve. The implication is that there are few websites, relative to the whole web, that will have the capability to achieve any ID match at all.
The more work websites and apps do to earn consumer information, the more likely they will protect that information. If that’s true, the origin of shared consumer identities is less likely to come from premium websites and apps that offer goods, services, or content capable of earning consumer trust and consumer information on a large scale.
Companies considering Identity Solutions should understand the install footprint of the solution. When installing an ID Solution into websites and apps, they should be confident that they will achieve their business objectives.
ID Match Rates Will Be Low
A significant impact of low consumer sign-up rates and website participation is match rates with advertiser data are also low. Specifically, advertisers will often attempt to serve ads to prior customers by using information about those prior customers to find them on other websites or apps. Third-party cookies and Ad IDs made this process fairly straightforward. However, this won’t be as easy with Identity Solutions.
Once browsers and platforms fully implement their planned technical changes, IDs may only be matched based on an exact data match between the data captured by different websites or apps. In other words, if an email address is the same on different websites or apps, then there can be an ID match. Companies can evaluate this impact in two ways.
In the first method, imagine regulatory or technical changes by browsers and platforms will prevent IDs captured on one website/app from automatically being used to identify the same consumers on another unrelated website/app. The total potential match rate for any given website will equal the total visitor percentage the website or app can identify. Using this method, less than 2% of identities will likely be matched on any website or app. Especially as most websites haven’t captured identities for more than 2% of their audience. Some websites/apps will achieve higher match rates, but they will be few and far between.
In the second method, assume IDs captured on one website/app may be automatically used to identify the same consumers on another unrelated website/app. Specifically, the ID match rate on any given website will be equivalent to the overlap between the individual website visitors with the set of all known ID Solution identifiers compared to the overlap of IDs known by the advertiser. Suppose the average website contributes less than 2% of all identifiers, and the largest websites contribute most of the identifiers. In that case, the smaller websites will gain far more than the largest ones. Under this scenario, the largest websites should understand they’re limiting their revenue by enabling ad targeting of their consumers on other websites.
Companies considering Identity Solutions should be aware that ID match rates on a website-by-website or app-by-app basis are likely to be low. Additionally, regulatory and/or browser and platform decisions will influence ID match rates.
Cross-ID Syncing Without Clear Policy Frameworks Or Consumer Protections (Or Universal Consumer Opt-in Without Universal Opt-out)
Currently, multiple Identity Solutions in the market are linked due to contractual agreements. This has significant consumer impacts most consumers aren’t aware of. When a consumer agrees to participate in one ID Solution, the identifier is replicated in several other ID Solutions. If the consumer later chooses to opt-out of the original Identity Solution or delete the identifier, the linked ID Solutions are under no obligation. In this situation, the consumer is likely unaware of the linked Identity Solutions or that an equivalent identifier exists in other systems.
Not all Identity Solutions offer the same control access to consumers, and there isn’t a global standard for ID Solutions to provide common consumer control functions. Thus, consumers are unlikely to make their desired changes effectively. The consumer identity, based on consumer-provided information, is irrevocable by the consumer.
This scenario can create company risk. Suppose a company integrates with more than one of the linked Identity Solutions. In that case, the company will likely receive an opt-out signal for the ID Solution the consumer opted out of. But the other Identity Solutions will show the ID as still valid. If the consumer’s identity is used in this scenario, the company may risk using consumer information that shouldn’t be used.
To avoid undue risk, companies considering Identity Solutions should carefully examine the relationships and agreements with other ID Solutions. As well as ensure consumer choices are evenly represented across all linked relationships. Until a trusted and verifiable global Identity Solution framework is in place to enable consumers to control their data in all settings, companies must ensure they complete proper diligence.
Probabilistic IDs Are Under Threat
Several Identity Solutions use “probabilistic” methods to link data collected on one website or app to data collected on another website or app. These methods often use connection or device data. Such as IP Address and User Agent to link different data points, as the connection and device data aren’t likely to change. The combination of the IP Address + User Agent is often enough to re-identify a specific device on websites or apps.
All major web browsers have already (or are planning to) mask IP address information to prevent probabilistic identification. Further, Google Chrome is changing the amount of User Agent information available in certain circumstances. The combined effect of these changes will make it incredibly challenging to create probabilistic identifiers.
Companies considering Identity Solutions should evaluate the amount of probabilistic matching used to develop identifiers. Browsers and platforms are likely to continue working to prevent probabilistic matching. So choosing an ID Solution primarily based on this data may provide short-term value but risk long-term value.
Alternatives to Cross-Domain ID Solutions
We dig into emerging solutions, like Data Clean Rooms, that offer an alternative to Identity Solutions. They enable websites, apps, and advertisers to leverage their first-party data without sharing it or risk having it unexpectedly provide an advantage to competitors.
