In a recent webinar, The Real Talk on Cookies and Identity, Quantcast was joined by industry expert, Shiv Gupta, Founder of U of Digital, to discuss the changing world of digital advertising in a complex ever-evolving open internet. Shiv shares his insights in this blog post as our guest author.
Identity is the most burning topic in our industry today, but it’s not a new issue. While it gained traction when GDPR went into effect, identity has been an issue for our industry for 14 years.
A Brief History of Identity Issues
It all started with the iPhone in 2007. Before the iPhone, users’ time and attention in the digital ecosystem was consolidated on one device: a laptop or desktop computer. It was easy for the industry to understand one person on one device. After 2007, a user’s attention was divided across a smartphone and a desktop–and eventually a tablet as well. As a result of this fragmented focus, identity became a challenge for our industry.
But how did we get to this current moment, when identity is the topic we’re thinking about all the time? I consider the Cambridge Analytica scandal as the major pivot point. In 2016, the United States had a very controversial election, when we found out that users’ data was used in nefarious and unacceptable ways that impacted our election and our lives. That scandal accelerated our public discourse around data privacy.
That moment has led to three important changes in our ecosystem:
- People are changing the way they use the internet. Because they care about their data privacy, they’re browsing in incognito mode, they’re deleting their cookies, and they’re using Safari or Firefox, where they know that cookies don’t exist.
- There is a lot more regulation: General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) of 2018, and a recently passed Consumer Data Protection Act (CDPA) in Virginia.
- The browser ecosystem has changed with operating systems on mobile devices, like Safari and Chrome, designed around privacy.
Upcoming Changes in the Ecosystem
Obviously, the biggest change on the horizon is that third-party cookies will be dead soon. In 2018, Apple enacted ITP, which took them down the path of removing cookies from Safari. And Google announced in 2020 that they will be deprecating third-party cookies from Chrome in 2022. So we will have a cookieless internet within the next two years.
Another change that will have an impact is that IDFA, the identifier on Apple devices that enables advertising use cases across apps, will be opt-in. When users open an app on their iPhone, it will ask for permission to track their device ID. The entire industry agrees that, given this choice, most people will say no, which cripples the app space in a big way. We also assume that Google’s advertising ID (GAID) will be the next shoe to drop.
After Google made their 2020 announcement, the industry responded quickly: IAB developed Project Rearc; The Trade Desk spearheaded Unified ID 2.0, which is an open-source industry identifier; Google announced their own workstream to develop an alternative for third-party cookies, the Privacy Sandbox; and LiveRamp, Quantcast, Criteo, Neustar, and others have also been working on solutions.
House of Identity
To demystify how these identity solutions in the future will work and illustrate where they are positioned relative to each other, I created this visual representation I call the “House of Identity”:
The foundation of this house is the IAB’s Project Rearc, which is working to come up with industry standards and specifications around identity for the future. This will standardize how we can collect identifiers from users in a privacy compliant manner, pass data back and forth between companies in a privacy-safe way, and come up with the right kind of legalese, language, and standards for companies to work with each other in the space. The IAB Tech Lab at Project Rearc is laying the foundation for the entire industry to build identity solutions on top.
On top of that foundation is an initiative like Unified ID 2.0. It’s an open source project, spearheaded by The Trade Desk, with the idea that everyone can come together and create a ubiquitous, common identifier that the entire industry can use to transact on. Because it is open source, it is freely and openly available to everybody in the ecosystem. UID 2.0 gets down to the user level, taking an email address as the identifier, then encrypting that email address and using it across multiple publishers, for targeting and measuring purposes. One downside of this type of framework is that people generally do not give their email addresses on the majority of websites, so there’s a massive scale issue.
Next, on the side, you have Google, who announced that they were going to build their own independent wing of the House of Identity, instead of building on top of this foundation. A year ago, they launched an initiative called the Privacy Sandbox, an open source collaborative workstream, where anybody in the industry could contribute proposals for alternatives to third-party cookies. One proposal (that Google is moving forward with) is called FLoC (Federated Learning of Cohorts), which will target and measure on a cohort level in Chrome. It is a rival solution to initiatives like Unified ID 2.0, not designed to work alongside it. But it is open to anybody to use within Chrome for identification tracking and targeting purposes.
On top of this divided House of Identity, other companies like LiveRamp, Quantcast, Criteo, and Neustar are building industry ID solutions, using their own data and tech, that will take a hybrid approach, utilizing user level ID (and partnering with frameworks like Unified ID 2.0 for this) plus cohort level tracking via Chrome.
Google’s Recent Announcement
And then Google made its surprise announcement, which complicated everything. It consisted of four key takeaways:
I believe, however, we need to take these claims with a grain of salt. Google has a massive conflict of interest: they are controlling the browser on one side of the space–which is a consumer-facing product–where they have to care about consumer privacy, but they’re controlling advertising as well. Those two things are in direct conflict with each other. And it has massive implications for the advertising business they are trying to run and the competitors in that market.
Now, instead of having a copacetic ecosystem, Google has set up a face-off in this industry. But I believe there is hope that we can still have a place for all solutions, not solely Google’s FLoC-based model. Google is not taking down everyone else’s solutions, so the rest of the industry has room to breathe, at least as of now. Admittedly, there is a ton of uncertainty; we don’t know where we’re going to end up. The important thing is to keep your head on a swivel: keep paying attention to what’s happening in the space, as things change rapidly–week to week and month to month–and be prepared to respond.
Predictions for the Future
Before Google’s initial announcement last year, we had a very fragmented industry. That is already changing. We have realized as an industry that to protect the open internet and compete against the walled gardens, we must come together and unite as an open ecosystem. Here are my ‘glass-half-full’ predictions:
We must continue to build the House of Identity together. There will be growing pains along the way; there will be new mechanisms that require some reengineering of technologies and tools, but I think we’ll end up better in the end.
If you’d like to learn more about how the world of digital advertising is changing, check out the full webinar I recently participated in with Quantcast, which also includes a presentation from Quantcast CTO, Peter Day.