In January last year, Google made waves by announcing plans to end the use of third-party cookies in Chrome by 2022. It’s hard to overstate the importance of this move. Third-party cookies have been the lifeblood of the programmatic ad tech ecosystem, enabling identities to be tracked across the web for the purpose of targeted advertising and content. Without these cookies, web-based advertising as we know it will come to an end.
As IAB Europe puts it in its updated Guide to the Post Third-Party Cookie Era (full disclosure, I contributed to the Guide): “The blocking of third-party cookies in Chrome will bring the single biggest change to the digital advertising ecosystem since the introduction of real-time bidding in 2009”.
In this blog series, I’m going to examine what the end of cookies means for three players that will be critical in building a successful post-cookie future for the industry: publishers, advertisers and telcos. This first blog deals with publishers.
What’s now crystal clear is that publishers will have to go through large scale change in the months and years ahead to remain viable. Publishers currently rely on third party cookies to build rich audience profiles that they can then sell to advertisers. Without cookies, their main revenue model is bust and they can no longer provide advertising-funded content.
This is bad news for publishers and for society at large. The loss of advertising revenue means that publishers will be unable to fund high quality content that is low cost or free to consume. Paywalls will not be an option for most: research suggests that 63% of publishers already face challenges moving their audiences to a paid subscription model.
There will be some reprieve in the form of “walled garden” approaches, such as Google’s own Privacy Sandbox through which publishers can access anonymised signals from Chrome users’ browsing habits. But such approaches rely on users to be logged in and will not offer the scale of “open web” data that publishers require. Publishers will need a way to track the vast majority of web users who will visit their sites without having first verified their identities by signing in. These so-called “ghost” users need to be understood if publishers are to get anywhere near the scale they need for programmatic revenues.
Others have proposed authenticated Universally Unique IDs (UUIDs) as an alternative. The main challenge with UUIDs is that people must agree to be authenticated – something that only around 20% of web users will be happy to do. And then there’s the problem of consent. If a person opts out of one publisher, the universal nature of the ID means that all publishers will automatically lose access to the data.
All is not lost, however. As I recently argued at New Digital Age’s roundtable discussion on this topic, there will be a viable replacement to cookies, but the replacement will be multi-factor: it will require a combination of IDs to enable privacy-first ID tracking – and by that I mean a form of identity tracking that’s fully compliant with the letter and spirit of regulations such as GDPR, the ePrivacy Directive and CCPA).
Novatiq’s view is that for programmatic to be viable for publishers over the long term, there needs to be two types of ID:
When a publisher wants to leverage their first party audience segments for advertising propositions, they simply provide their pseudonymised verified ID to a third-party “broker” such as Novatiq, along with their audience segments, and use the network dynamic transaction ID to activate. The latter is provided via a pseudonymised token so that no personally identifiable information (PII) needs to leave the telco network.
The broker enables consented telco data to be used to confirm that two IDs sitting on a publisher’s Data Management Platform are actually the same user. The approach removes duplications and improves match rates while enabling publishers to activate their first-party data.
In addition, the consented first party data from the telco can also be used to deliver audiences and increase publisher sell-through. There are several reasons for drawing the audience segment data from telco networks. First is data quality: telcos are uniquely able to match identities across devices using their network and can link this data to rich CRM profiles of subscribers. There is arguably no better source of verified data. Second, telco networks are among the most secure in the world, and as no PII leaves that network publishers can be sure they’re compliant with privacy regulations.
In this model, consent is driven at the publisher level (and at the telco level for audience data). And because each verified ID is unique, if consent isn’t forthcoming for that specific publisher, all the others still have a fair crack at gaining that consent on their sites. Everything is secure and pseudonymised with representative tokens being used to match audiences with visitors to publishers’ sites.
Unlike with UUIDs, people don’t need to authenticate the ID themselves and there is no way of linking the IDs back to people or their identifiable data. Web users can therefore continue to enjoy the benefits of high-quality, free content without concerns around being tracked.
The approach outlined here puts a telco-verified ID and a dynamic transaction ID for audience activation at the heart of the new ad tech ecosystem. It’s an ecosystem where publishers are enabled to begin to monetise “ghost” users and can therefore maintain the scale necessary to fund quality journalism, content and other online experiences. Significant change will be required to make this new system work, but significant change is exactly what’s required in the post-cookie world. The alternative doesn’t bear considering.
Next time, I’ll take a look at the opportunities on offer for advertisers in a world without cookies.