The Future of Advertising in a Cookieless World Part 2: ID
9 min read
The market is trying to find its way free of dominant stakeholders, while users come in full force looking for a more private online experience.
Hardly any other topic dominates the programmatic ecosystem as strongly as the search for identity solutions for the future. With Google’s announcement that it would no longer support third-party cookies from 2023 onwards (Goel, 2021), it is particularly exciting which measures the AdTech companies are taking for the so-called “cookiecalypse”. Many market participants see addressable digital advertising in the future in connection with solutions such as logins and unified IDs. Publishers are also heavily affected by the difficult question of how best to position themselves for the future. Should they focus on a single ID, develop their own or integrate as many as possible? The user consent required by the GDPR, also called shortly consent, also plays a decisive role among stakeholders in this discussion.
What is Universal ID?
In contrast to the previous technical IDs, such as the cookie or the device ID, the Universal Advertising ID is based on a personal identifier — usually an email address or a mobile phone number. Its objective is to identify users in a similar way to third-party cookies, but with hashed identifiers (Jatain, 2021) in compliance with data privacy regulations. In addition to being cross-channel and cross-platform, this identifier is more advanced than cookies, which can only identify users on the web. It can significantly expand the reach of the ad campaigns.
Cookie and ID Comparison from Users’ Perspective
The soon-to-be-outdated third-party cookies are stored in the browser, users can delete them quickly. With the Universal IDs, the data is stored with a provider. The user must first find this provider to delete his data or to withdraw his consent. From the user’s point of view, this is a clear disadvantage.
The Universal Ad IDs usually offer a management system or a control center into which users can log in to manage their consent and, if necessary, to deselect it. However, since the ID providers are mostly B2B brands without direct customer relationships, a lack of trust could possibly lead to less adaptation.
How important trust is can be seen, for example, from the low opt-in rates in Apple’s App Tracking Transparency Framework. (Listed, 2021) It is crucial to present the system in a very transparent and controllable way to the users. This means for publishers and advertisers that less data is likely to be available in the future. However, the data then available will be of a much higher quality.
Practical Usage of ID
If publishers and advertisers want to use IDs, they need users to login. But for the user, the barrier to logging in is higher than agreeing to a cookie. With e-commerce providers this is not a problem because the behavior is learned. But with many other publishers, users might not get easily used as to why they should login. Especially for small publishers, this could present a problem, for example, the content of a small page might not be attractive enough for users to sign up to view it.
How will IDs Function in the Near Future
The processes in the background are different from third-party cookies, but the outcome is similar. If a user logs in to a website with a password or a single sign-on solution and consents to the advertising, his or her email address is hashed and sent to the universal ad ID provider involved, who returns an ID to the publisher. If the provider compares the various IDs of a user with one another, cross-publisher tracking and targeting are possible, and lookalikes can also be modeled as usual. This means that such IDs can be used in marketing in a similar way to previous third-party cookies.
Without stable IDs, even with the probabilistic approach, a certain number of fixed IDs are required as a basis for the algorithm to scale. The simplest form is that different partners use the same ID system and, for example, assign it to users when logging in, so that they can assign all their users to target groups based on this permanently assigned ID. If publishers use various IDs altogether from different providers, then a so-called Identity Table, a kind of cross table that uniquely assigns different IDs to each other, is necessary. Then identity graphs can be utilized to bring together different IDs with the help of probabilistic algorithms — ideally also cross-device and channels.
Many customers have logins on platforms collecting information such as the hashed email address, age and gender. Customers from the e-commerce sector also have purchase data, interests and shopping carts. If a specific target group is to be addressed with a campaign, for example men, 25 to 49 years old who are interested in a new motorbike, then the data point for new motorbike interest can be added in a data management platform (DMP). Alternatively, two or more partners can also use so-called data clean rooms, where they can compare and enrich their data with information from the respective partners.
Alternative Forms of ID Use
Technically, when logins will become the norm, encrypted user information can be stored in the publisher’s first-party cookie. SSPs then can decrypt this envelope and send the IDs for each DSP (Demand Side Platform) specifically encrypted in the bid request. Many ID providers try not to necessarily need a hard login, but also use other input windows, such as registering for a newsletter with an email address, to generate the ID. Whenever an advertiser activates a segment from an ID provider, for example in a DSP, the IDs can talk to each other via the identity graph. (Kryvtsun, 2021) The various IDs are planned to link to one another among different providers.
Many industry experts have the opinion that the email is particularly suitable as an identifier here, as it is the only “persistent” that remains after the third-party cookies. AdTech pioneers which will provide IDs are expected to offer similar targeting segments such as socio-demographic info, interests, purchase intent and app use. Advertising agencies will then be able to activate them via the DSPs.
Validity Duration of IDs
Universal IDs are usually based on a mail address, which is per se more persistent than a cookie managed in the browser. If he has given consent but logs out, the user can still be assigned to the Universal ID using a first-party cookie. The period of validity of a first-party cookie can vary depending on the browser and publisher. For example, Apple has reduced the runtime to one day using ITP 2.2. (Peterson, 2019) That means: If the user does not return to the publisher within 24 hours, the user cannot be identified afterward without logging in again. In other browsers, the runtime can be chosen more freely, but publishers often limit this themselves in order to ensure authenticated traffic. The most common is a term of seven to 14 days.
Not all publishers will receive a login from every website visitor. As a result, a large part of the Internet traffic will come from users who have not logged in anywhere. In order to address this traffic, other solutions are required, for example contextual targeting. (IAB Europe, 2021) Normally used for brand safety, contextual targeting will become a popular method for the post cookie era targeting.
The blockchain can also be used for tracking without third-party cookies. However, the technical implementation is complex. Roughly simplified, it works like this: advertisers and publishers work together and agree on a common encryption algorithm. The advertiser requests the identifier for targeting his target group from a publisher via a so-called federated query server within a private blockchain. There it is now compared which of the encrypted values occur with both — i.e. with the publisher and the advertiser. The advertiser can then activate the matched encrypted values. The list of IDs is then sent to the DSP and the ad server, and the advertising is booked and delivered accordingly. This is all done automatically and in milliseconds. Despite the sophistication, contextual targeting, regional targeting and log-in alliances are still necessary in this equation to maintain targeting across the entire advertising ecosystem. Targeting also shows that the blockchain is not a panacea for all problems of the high-tech and automated advertising landscape.
Project Rearc and The Unified ID 2.0
The Unified ID 2.0 is being developed by The Trade Desk as an open-source project based on the guidelines of the Project Rearc from the IAB Tech Lab. (IAB, 2021) The AdTech giant The Trade Desk announced in the summer that it was working on a successor to its Unified ID. Although the company is primarily a provider of purchasing technology for media, with the Unified ID, it is also the initiator of a solution to synchronize cookies with one another and thus facilitate their assignment to users. In contrast to the original variant, version 2.0 of the Unified ID is no longer based on cookies to identify users, but on encrypted email addresses. For example, users should register when they first contact the publishers and at the same time be able to give their consent for personalized advertising. So far, however, the solution has lacked the range and, above all, the user interface, i.e. the interface to the user.
Social Pioneers and IDs
Also, a Universal Ad ID will hardly be adopted by Facebook, Google, Snapchat, Twitter & Co. So there will be several solutions. It also remains to be seen whether there will be ‘the one’ universal ad ID that will ultimately prevail, or whether several advertising IDs will exist side by side. ****The question of how Google will proceed against IDs, remains. In the Play Store and in Chrome, Google is in control. Like Apple, Google can set up rules here as to whether apps may use identifiers for advertising purposes without explicit consent. Browsers currently can not control the server-to-server data passed from websites to SSPs or DSPs, so there doesn’t seem to be a way for Google to ID -Solutions really “switch off”.
Google Programmatic and IDs
That is also a swipe against DV360. DV360 in particular is at a disadvantage compared to competitors who support all major first-party cookies and unified IDs. The new abundance of first-party publisher IDs in the Safari browser, for example, enables frequency capping and algorithmic optimization to be reactivated. It makes it easy to target first-party publisher audiences associated with them. These possibilities will be missing in DV360 due to the new Google policy.
Google speaks explicitly about the support of “first-party relationships on our ad platforms”. (Temkin, 2021) The assumption is therefore that Google could introduce the support of first-party publisher IDs, as long as these do not act across pages, but are limited to individual publishers. The future will tell which IDs will prevail and how strongly the sandbox can compete against them. Many premium publishers are likely to prevent Sandbox from profiling their users — and it will be exciting to see if Google will fight back on its own channels.
Join to get free updates every week
It was only this year that the majority of market participants began to understand that logins and their own IDs are very valuable. Due to the many adjustments and imponderables in the area of data protection — including GDPR, ePrivacy and, Transparency and Consent Framework (TCF), there are numerous ID solutions on the market, yet no clarity. The market, however, is trying to find its way free of dominant stakeholders, while users come in full force looking for a more private online experience.