Last week, Google finally announced what they have hinted at for a while — that their solution to the removal of third-party cookies from Chrome was Federated Learning of Cohorts (FLoC). At the same time, they also announced Gnatcatcher as an “anti-fingerprinting” proposal also likely to make its way to a browser upgrade to plug another privacy hole that is used by the advertising industry to identify individuals.
Google is not alone in taking a baseball bat to cookies and other forms of identity. Apple was first to block third-party cookies in Safari and soon to device IDs. Apple’s move was followed by Firefox and, now, Google. And Google is last to act in part because this tech giant, unlike Apple and Mozilla (the maker of Firefox), is in the advertising business. It is torn between protecting its ad business and catering to the privacy concerns of individual consumers.
Identity is a complex subject and could easily fill a book (one that may have to be rewritten every few months). So, I am going to focus on the impact of FLoC on the ad industry at large rather than going into the nuances of identity.
Identity is used by the ad industry in about 3 different ways:
- To target ads to individuals: Advertising can become very expensive if you send your women's skin cream ads to men too. It would essentially double your costs and only half your ads would have any kind of impact. Products cost a lot more to market and sell when consumers get irrelevant ads -- bad for both brands and consumers.
- To personalize your content to an individual: For example, knowing for an older consumer it could be useful to recommend skin cream for more sensitive skin. This is good for the consumer.
- To measure the effectiveness of advertising: Brands want to know if and when a consumer responds and engages with an ad and whether the money spent on the ads is effective. This is important for brands.
The industry seems ablaze with controversy over the granularity of privacy, i.e., cohorts vs individuals, ownership (e.g., why do Google and Facebook get to prevent other tech companies from accessing individual data when they seem to freely do so themselves?), and the mechanisms (e.g., cookies, IDs, PII etc.). In the midst of all of that heat and light, the one thing most of the industry can and should agree upon is the need for user consent before using their data. This whole saga of cookies and identity all began with the issue of consent.
The third-party cookie was never meant to be used for identity, and yet, it has been the mechanism most used to track individual identity by the entire advertising and marketing industry. The reason is simple: there has never been an alternate system developed.
The question really is: is identity needed? Do brands and the ad-tech industry need and do consumers want, their identity to be used for advertising? The answer, which may surprise many privacy advocates and maybe even consumers, is YES.
Let's talk about consumers first. After all, they should be the ones (and will be the ones ultimately) to decide. Consumers have stated a clear preference for personalization. They love the fact that when they log into their favorite site, such as Netflix, they are shown movies they are likely to watch, love the fact that Uber knows where they are for pick up, love the fact that Instacart knows where they live. Many surveys of consumers bear this fact out. Here are Forbes’ 50 Stats Showing The Power Of Personalization.
Brands, in addition to the desire to know how effective their ads are performing, need identity at an individual consumer level to personalize their content. As a consumer, I don’t want Marriott to simply classify me with a “cohort” of travelers, if doing it means I see everything from the budget hotel that I try to avoid to luxury hotels I cannot afford. That’s not a good user experience. I don’t want Gillette to classify me as belonging to a cohort of adults and, therefore, show me women’s razors along with men’s. I would prefer that they show me not just any razor but the one I tend to buy.
Would I give permission to these brands to personalize their ads to me? Of course! Should it therefore be legal for these brands to use my personal identity for that purpose? Yes! It turns out that not only do consumers feel this way, so do the privacy regulators. GDPR, CCPA and other such regulations don’t say brands or ad-tech platforms should not use identity, they say they should do so only with the consent of the consumer.
The reason the third-party cookie has to go away (as does IDFA) is that it has been abused and misused by many players in the ad industry — profiting from data collection without the consumer’s consent, which brings us back to FLoCs.
Are FLoCs the saving grace for the industry? The short answer is: No! FloCs are not based on individual user identity and so simply cannot accomplish what brands and consumers want. In fact, in its present form, it is not even clear that FLoCs require user consent, which goes against the grain of consumer privacy and seems to smell a lot like the same issue consumers were up in arms against with third-party cookies in the first place.
Gnatcatcher is a way of blocking fingerprinting, a way the ad industry tries to beat the system as third-party cookies go away, by using browser signatures such as installing plug-ins to try and identify the individual. Google rightfully blocks fingerprinting as it is not based on user-consent.
Fortunately, there is an answer: identity technology based on first-party identification. Here, instead of ad-tech platforms collecting data without user consent, brands can obtain consent from consumers for using their data to deliver to them targeted ads and personalized content. Once the user provides consent (which of course can be revoked at any time), the brand then passes that identity (anonymously) and any associated data to the ad-tech platform for personalizing ads and content.
The same first-party identity can also be used for attribution and measurement of an ad’s effectiveness, and fine tuning them to achieve higher precision and relevance, which again benefits the consumer.
There are several solutions in the market today that offer consented first-party identity. The one developed via a consortium and by trade bodies in the industry, and therefore most likely to achieve universal acceptance, is the appropriately named Unified ID developed by The Trade Desk. In order to make access to the technology a level playing field, The Trade Desk has contributed the tech to an industry initiative called PRAM with the support of the ANA and its brands as well as the IAB as part of their Rearc initiative. In addition, other martech platforms have also embraced a first-party identifier based identity solution. Liveramp’s IdentityLink uses consented consumer PII to define an identifier that can be used across media and brand data for targeting and personalization.
My company, Jivox, has also introduced IQiD, a first-party identity solution that uses the GDPR and IAB Transparency and Consent Framework (TCF) strings to detect whether consent has been given by a consumer. If the consumer has consented, a unique and anonymous identifier is generated for that user. This identifier is then tied to their data and then used to personalize content for the brand.
These three identity solutions are interoperable and ensure that brands can continue to use consented consumer data to provide personalized experiences. Consumers can rest assured that their privacy is protected and the ad industry has a means to legally use identity in the way it was always intended to be used.
Google’s FloC does not really address the core issue around identity. While it is applaudable that they are making efforts to mitigate the issues caused by the removal of third-party cookies (not all three but just the ability to target consumers), it is not really a complete replacement for the identity needs of brands and consumers alike.
Privacy regulations like GDPR and CCPA as well as the efforts by the browsers and by Apple to remove cookies and mobile IDs may in the end prove to be the best thing that happened to the digital marketing industry. It pushes the industry as a whole to clean up its act and do what brand and consumers ultimately want — an ability to enjoy personalized experiences without the misuse of personal information.
Many ad-tech and martech companies will get impacted adversely by these changes — as of this writing Facebook is threatening to sue Apple citing the removal of Apple device IDs as an anti-competitive move. Similar accusations are being hurled at Google.
It is not entirely true that Apple and Google are only motivated by their desire to protect consumer privacy. If that were true, I wonder why neither Apple nor Google have made any attempt to participate in the industry efforts to come up with a privacy compliant alternative to third-party cookies and device IDs? Instead, they increasingly are starting to resemble their foe, Facebook, who the industry has accused of being a “walled garden.” Could it be that Apple and Google ultimately also see the benefit to becoming walled gardens? If Facebook’s share price is any indication — I would think so.
Brands should not take things at face value; instead, they should invest the time and effort to understand and evaluate these solutions and the motivations behind them. Ultimately, they should choose whatever is in the best interest of their consumers while also achieving their marketing goals. Anything less would leave their consumers with no choice but to switch to another brand that caters to their desire for personalized experiences while protecting their privacy.