Interviews, insight & analysis on digital media & marketing

Behind The Curtain: The Adtech Truth – is there light at the end of the cookie tunnel?

Behind the Curtain is a monthly column from  Redbud, digging deep each month to discover what’s really going on buried deep in the adtech layers around publishers’ sites.

By Chloe Grutchfield, Co-Founder, RedBud

This week we presented our views on the opportunities for publishers in a third-party cookie-restricted world at AOP’s CRUNCH 2.4: Which way does the cookie crumble?, a very real and current topic on everyone’s lips at present.

Research from Google estimates that in the short term, publishers could lose 52% of programmatic ad revenue if they can’t use third-party cookie ad targeting. We’ve been talking about the death of the cookie for so long now and the end may be close, but what does this mean for us? Is there a light at the end of the tunnel?

Acceptance and realisation

16 months ago, my colleague Rhys and I were amongst the first casualties of GDPR: our employer decided GDPR was too risky to stay in Europe. It’s also 16 months ago that we started building our proprietary insights tool DIAGNOSE and got better acquainted with a vast amount of interesting third-party cookies.

Our favourite of them all, the mighty s3xified.com, has nothing to do with adult websites and everything to do with adtech.

You might recognise the name from one of our previous posts. It’s triggered by one of the biggest adtech platforms in the market and across a high number of UK publishers. It’s storing an ID which no doubt relates to, server side, a few websites that were visited by the user. And, it likes long term relationships, with its impressive 10-year expiry.

To top it all off, the company which relies on it used a privacy registration service for its domain so we can’t identify who owns this. Pretty frustrating.

Having tracked this domain for 16 months, it shows no signs of going. And, there are many more cookies which join the pack (yet most of them have far less sexy names). In fact, we’ve had a lot of fun reading the privacy policies of some of those vendors that don’t hide behind a registration service.

They represent privacy and data leakage risks, and in some cases generate more tags on websites while not adding much value to publishers.

So, it’s fair to say we’re certainly more aware of the likely damaging affects the third-party cookie world has on our businesses.

Undeniable positives

In light of s3xified, the restrictions on third-party cookies are going to be a nuisance but there are undeniable benefits. Companies like the one who owns the s3xified domain will not be able to flourish and drop cookies on users.

That means far less privacy and data leakage vulnerabilities. Some of those vendors that add little value will not survive and we’ll have a less crowded ecosystem which means fewer players taking a cut of publishers’ revenue.

What’s more, cookie syncing is going to disappear and that will make websites lighter and ultimately deliver ads faster. Much better, right?

However, despite the benefits, the restriction on third-party cookies is going to be a challenge in the short term. We’ve relied on them for targeting, measurement and attribution for so long now, and change is going to be slow. The good news is there are solutions today to bridge the gap and exciting solutions in the works in the medium to long term.

Audience Targeting

Let’s take a look back at how we’ve relied on third-party cookies to perform audience targeting.

You have a script or a pixel that gets triggered on a webpage. That script calls a server which responds with a cookie that gets created on the browser. A cookie can’t contain much information – it’s a dumb 5K Bytes text file. So, it tends to be used to store an ID (which is really just a ‘lookup’ that is associated to a series of attributes and behaviours stored on a server). In this case, personal data is being saved in both a server and a cookie.

The personal data conundrum

Instead of having personal data stored on the server that is communicating with a cookie, some technologies like Permutive are storing all data on the device’s local storage; storage that has a much higher capacity than a cookie’s feeble 5Mb.

Server side you may have some additional scripts that execute on a web page but all of the personal data is stored on the device itself. No third-party cookies needed here. As the user is interacting more with a particular web page, the audience models saved on the device (such as propensity to be a female) will update and improve in accuracy and granularity.

The IAB has a standard taxonomy which, if applied across all publishers, will allow buyers to buy audiences consistently across all of the non walled gardens premium publishers.

The challenge is that local storage is domain specific. That means that audiences are going to be specific to a website.

There’s a lot of exciting projects going on in this area though. For example, Google’s Federated Learning of Cohorts approach and frameworks allow Collaborative Machine Learning without centralised training data.

Let me explain: a device will be sent a particular model (eg. users that visit sports pages daily and gossip articles when they relate to the Kardashians will be much more likely to interact with auto video ads), improve its robustness via data from the device and focus updates (eg. those users interact more with luxury auto video ads) will be sent server side, in an encrypted manner and aggregated with all of the other device updates to improve the predictions of the models.

Publishers generate a lot of that data and are starting to collaborate more with each other through ad alliances and with brands. Their knowledge of their users, as machine learning algorithms improve, will grow.

Measurement & Attribution

Finally, there are solutions today that Facebook and other large platforms have been relying on for years that don’t require cookies — the logged in environment.

It’s a great concept, right? I login to my favourite website, become exposed to ads and I end up purchasing a product online or in store with a loyalty card. Job done.

And, there are vendors that specialize in matching disparate datasets in a privacy-safe environment. The only challenge here is going to be scale. For this to really work, publishers will need to collaborate and there will be a need for a standardised authentication process – but that collaboration is already happening.

Matching of data is also going to allow for the collaborate machine learning described above to become even more robust.

In conclusion

I have absolutely no doubt there’ll be more exciting developments that will enable publishers and brands to thrive in a cookie-restricted world. There’s light at the end of the tunnel, can you see it?

Bu there’s going to be a lot of change and we all need to stay informed on what the opportunities are. I encourage everyone to take a look at Chrome’s privacy sandbox which is a list of proposals to publishers and advertisers on how to still allow for advertising’s purposes to be met whilst maintaining privacy.

It may well shape the digital advertising of tomorrow…