Interviews, insight & analysis on digital media & marketing

Can consumer privacy and digital advertising co-exist? 

These articles have been written by the first cohort of the Practice Makes Unperfect programme – a course that helps women find and finesse their public voices. 

By Elena Turtureanu, Senior Compliance Counsel, Data Protection and Privacy at Adform

In the online universe, identity comes in many forms. Fom traditional names, phone numbers and email addresses, to login assigned IDs and similar

In digital advertising, the consumer’s online identity expressed in the form of an online identifier is a critical component. Online identifiers are defined by the General Data Protection Regulation (GDPR) as personal data and therefore must be adequately protected. This is what digital advertising and GDPR have in common; the consumer’s online identity is the vital element.

So, can digital advertising and consumer privacy coexist at a time when the consumer’s online footprint is more prominent than ever?

Let’s take a deep dive into the identity concept. There are two categories of ID:

first-party cookie ID or login-based ID (functions on one website)
third-party cookie ID (functions across all websites)

Regulator criticisms of third-party cookie IDs, and subsequent requests for adtech stakeholders to shed light on their complex data collection and processing practices, challenged the adtech industry to come up with creative solutions. This was followed by most browsers blocking third-party cookie IDs in 2019, with Chrome expected to switch off tracking technologies and the use of related IDs by 2022.

As a result, the glue that connects the adtech ecosystem that we know today – essentially third-party cookie IDs – will cease to exist. This core ingredient of digital advertising and programmatic ID structures will need to be revamped.

That will be THE MOMENT when the adtech space shifts to transact on first-party IDs ONLY. It sounds simple but there are still uncertainties around the adequacy and scalability of the ID solutions that adtech players will adopt. I will leave the technicalities of this situation to the product and development teams to debate and elaborate on further.

What is certain is that we, at Adform, can already support our publishers and advertisers with programmatic ad targeting via first-party IDs. As of today, we already transact and are able to deliver effective digital advertising at scale without third-party cookie IDs.

From a privacy and data protection perspective, the benefits are ENORMOUS for consumers, publishers and advertisers. Consumers take back control over their data, while publishers and advertisers restore trust with their audiences. This is an essential win for digital advertising in particular, due to its complex and – so far – opaque structures.

You may wonder how exactly this is going to happen? How is it different?

First-party IDs are assigned by the website to a consumer is visiting at a given point in time, and it is here that consumer consent must be collected. Privacy scholars and data protection authorities agree that only consent is an adequate legal basis for cookie placement. So far this is no different to third-party cookie IDs, right?

The biggest difference may appear invisible to the consumer, at least at an initial glance. However, as third-party tracking technologies are no longer permitted, the number of cookies and pixels that are dropped onto a webpage will be heavily reduced. No longer will there be hundreds of cookies, there will only be one – the first-party ID for the site the consumer is visiting.

Finally, the consumer is in charge.

Here are few of the benefits to the consumer:

Consumer data will no longer be shared downstream in the way we see today in the context of third-party cookie IDs. Instead, the data will remain with the customer-facing webpage.
Consumers will be able to exercise their rights under GDPR in a centralised manner. With third-party cookie IDs, the consumer must opt-out with each and every third-party tracking provider, and there are hundreds of them. This necessity will disappear.
Consumer consent is easy to maintain and document as it is assigned to a single ID.
The consumer will be given full and de facto transparency on what happens with their data.
The consumer receives a seamless user experience as a result of the disappearance of third-party cookies, which is something both publishers and advertisers are aiming for.

One aspect of first-party IDs that is not often discussed is persistency. Third-party cookie IDs have an average lifetime of 30 days, but the first-party ID is more persistent and has a much longer lifetime. This persistency has multiple benefits for publishers and advertisers, but from a privacy compliance perspective, the persistency aspect must be solved at the outset.

The solution to overcome the persistency and the data pertaining to the persistency of first-party IDs is for publishers and advertisers to adopt appropriate data minimisation and data retention policies and practices. If this is done adequately and in compliance with GDPR, the upside of transacting on first-party IDs only is COLOSSAL.

Ultimately, by using first-party IDs, publishers and advertisers can access a more known and loyal audience without jeopardising or compromising users’ data rights, proving that digital advertising can successfully coexist with consumer privacy.