Late last week, Google announced postponing the removal of third-party (3P) cookies from Chrome. While some marketers were surprised, most were relieved.
While Google sounded very confident they were going ahead with their plans as recently as January, many things have happened since then that have caused Google to backtrack and postpone their plans.
First, the announcement of FloCs as the solution to targeting was itself bold but lacking much detail of how it would work. The claim was that in Google’s own simulations, FloCs were 95% as effective as 3P cookie-based targeting. A lot of folks in the industry were skeptical: there was no way for anyone to validate FLoC since the toolkit itself would not be available until March. With the current announcement, Google has also effectively delayed the ability to test and deploy solutions using the Privacy Sandbox.
Google also caught a lot of flack for a somewhat self-serving approach, which allows their owned properties to, of course, use individual consumer IDs but the Privacy Sandbox does not allow for any form of 1:1 individual consumer ID. In fact, Google even went so far as to say that they do not support any such ID except for First Party (1P) identifiers. Google’s competitors cried foul and with the US government talking about breaking up big tech and starting antitrust investigations, Google faced a pretty significant hurdle.
The UK government’s antitrust authority (CMA) as well as European privacy organizations both refused to accept Google’s approach, demanding that they be given assurances and requiring their consent before 3P party cookies were removed. This is ironic considering Google’s stance was that 3P cookie removal was the answer to privacy concerns. The issue, as pointed out by the European authorities, is that in its current proposed form FLoCs do not require user consent. In their view, FLoCs are not necessarily privacy compliant.
Last but not least, there have been several delays with Google’s work in Privacy Sandbox. FLEDGE, which was an important aspect of the Privacy Sandbox, faced another delay to the end of the year. This delay has also made it impossible for brands and ad tech companies to even know if it would work.
Google’s announcement comes as a big relief to the industry and perhaps gives Google themselves some time to think through the approach, which clearly was headed for disaster if they had kept to their timelines and approach.
As we all ponder what’s next, we have to remember that a few things have not changed. In fact, regulations like CCPA and GDPR still make it illegal to collect and use data without a consumer’s consent. This means the industry as a whole will need to find privacy compliant technologies that help brands achieve their marketing goals while keeping consumers comfortable that their data is safe, secure and being used for the purposes they consented to. Here are a few tips for brands to stay ahead of the future needs of privacy and identity:
#1 Don’t Stop
First, brands should not stop the work they have been doing in examining identity as a whole and privacy -- this is not only important work but a legal requirement. They should take a closer look at the adtech and martech vendors they are either currently working with, or considering using, to ensure that these vendors either have a robust privacy compliant offering or expect to deliver one soon.
Equally important is the selection of the right technologies and their ability to work together to share and use consented data, deliver insights into consumer journeys and provide accurate measurement of media performance. All of these are critical to the future success of their digital marketing efforts.
Agencies and sometimes even marketers are prone to think of adtech as a “tax” on their media spend. They even have a term for it, “non-working media,” and tend to seek the most inexpensive solutions, ideally bundled with media. This is flawed and dangerous thinking. Think about this: what is the cost of a fine from the EU or US authorities for violating consumer privacy laws? Even worse, the cost of damage to your brand and loss of trust from your consumers could be immeasurable and permanent if you are unable to safeguard their privacy.
Also, beware of technologies “thrown in” with a media buy. Media companies are not software companies and tend to invest a lot less in privacy compliance than software companies do. Software companies see identity and privacy as core to their platforms. Media companies view these features as an unnecessary cost and often don’t have the tech skills to develop the best software for identity and privacy.
Marketing technology that is able to manage identity and data in a secure and privacy compliant manner costs money to develop. While evaluating vendors this should be a key part of the evaluation process, as platforms that seem inexpensive compared to others may simply be the ones that cut corners on investing in identity and privacy.
#3 Do Your Due Diligence
As a Marketer, you are a marketing expert, not a privacy or identity expert. Identity and privacy are issues spanning across all of the systems used by your company. Seeking involvement from the technologists in your IT department may be worth your while, ensuring you have the right marketing technology in place that is future proof -- especially when it comes to identity and privacy.
Many brands have relied on their agencies to pick their ad tech platforms for them. This may not be a good strategy going forward given the risks involved with not getting identity and privacy right. Most agencies have creative folks and media buying and strategy expertise but are sometimes light on tech skills especially as it relates to identity, data and privacy. Furthermore, integration with existing systems owned by the brand is critical to preserving privacy so having your IT teams as part of the process will ensure you are picking the right platforms.
SOC2 compliance certification is something every martech and adtech vendor should be required to have as it involves an independent audit of the vendor’s ability to safeguard customer data.
#4 Identity Graphs And Interoperable Platforms Are Key
Google’s announcement did not solve the identity and privacy issues faced by the industry. It merely postponed it. This allows tech companies to develop more robust and complete privacy compliant identity systems. Based on what we have seen even so far, it is clear that there simply will not be a single identity system that rules all. No single vendor is capable of solving all of it despite some claims being made.
Platforms that offer just a proprietary ID system may not be able to work with your other platforms, which may use other ID systems. Look for platforms that have the ability for their identity system to interoperate with other platforms (usually referred to as an identity graph), enabling a seamless customer experience, privacy controls and strong measurement and attribution capabilities.
What Is Future Proof?
The one thing Google and the regulators do agree on is what a privacy compliant ID should look like: It is identity that is established and data that is collected with consent where a consumer explicitly gives permission to brands to use their data.
Clearly, 3P cookie based mechanisms will not work in the future. Despite this delay by Google in removing them from Chrome, Firefox, Safari and Microsoft EDGE already block them and so any platform using 3P cookies for identity is simply not future proof.
As for those “cookieless” probabilistic identity technologies being the solution, this is a fallacy. There will be no such thing in the future. There are primarily two mechanisms currently used by probabilistic identifiers:
- Browser version numbers, plugins etc. also known as fingerprinting. Most browsers disallow this approach and are committed to removing any remaining mechanisms to do so
- Matching different IDs across ID systems using data. For example, consider Person A has 10 attributes in one ID system and Person B has 10 attributes in another ID system. If the values of 8 of those attributes are the same, then Person A is likely to be the same person as Person B. This sounds great in theory but simply will not work in the future unless both of those IDs are first-party IDs obtained with consent.
Probabilistic solutions are not a fix to the identity or privacy issues caused by removal of 3P cookies. They are simply a way of filling in gaps in data across IDs by matching IDs but again without stable IDs probabilistic matching itself will not be possible.
Contextual data is not really identity based. It is not quite as effective, especially for remarketing purposes, as using consumer consented identity and data. But, it can be valuable for prospecting.
Lastly, Cohorts--which is really just another fancy name for aggregated audiences--is just that. It is a way of aggregating individuals into categories for targeting. This is not very useful for personalization, but it does, to some extent, solve the targeting problem caused by cookies going away.
Consented First-Party Identity, therefore, is the last one standing and is not only privacy compliant as it is a contract between a consumer and the first party (either a brand or publisher). It is also something that browsers will continue to support. Facebook, Google, Apple, Amazon and others all use 1P IDs (like email and 1P cookies) to identify and deliver ads to consumers. This mechanism is not only privacy compliant, it is likely to be the only form allowed and viable in the future.
Identity Ecosystem Using First-Party Data
Liveramp, Neustar, Adobe, The Trade Desk and others have either delivered or are in the process of delivering 1P identity systems. Jivox IQiD is an example of a 1P identity graph that not only establishes 1P identity in the brands own domain but is also an identity graph that interconnects all of the above and other IDs together for precise 1:1 personalization.
*Trademarks used above belong to their respective owners.