A view of the post-cookie measurement battleground

The concept isn’t new. Google and Facebook have long had the ability to track individuals across the web, courtesy of their customer login data. But data-privacy law changes in Europe and a recent major entrant into the space — WPP’s media investment arm Group M — have made the topic front and center of industry discussions once again.

“It’s huge. People don’t realize how poor the cookie is in a mobile world. It’s the beginning of the post-cookie ecosystem, where very few players have high-quality, persistent ID data. And those that do don’t want to play nicely together to help the industry connect these IDs across the ecosystem,” said VCCP Media chairman Paul Mead. “If in the future, the tech giants can create some kind of ‘digital Switzerland’ that the industry can access to connect these IDs, then that’s the best-case scenario for the industry.” Good luck with that.

Here’s a refresh on the current state of play:

The cookie crumbles
Identity management isn’t just about establishing an alternative to the cookie, but cracking down on wasteful impressions, bad practices and shoddy retargeting, all of which triggered consumer revolt in the shape of ad blocking last year. Some of that has to do with cookie duplication issues.

“We hear so much about cookie bombing, retargeting, invasive ads. All those things push consumers away,” said Brian Gleason, CEO of Group M’s identity measurement unit mPlatform. The aim for mPlatform is to create an “mID,” (dubbed ‘mookie’ by some in the industry) a bit of code that will be used as an individual’s ID as they switch between display and mobile ads, apps, video and any offline loyalty programs. The plan is to help brands break through any silos created either by their own customer data sets or the walled-garden environments of the major tech platforms. And in theory, it should lead to a far more streamlined ad experience, where consumers aren’t repeatedly stalked by the same messages.

“Advertisers are realizing that the way we have approached targeting and advertising, or, more broadly, media, is inherently wasteful,” said one senior ad tech exec who preferred to remain anonymous. “You’re buying against the cookie, which doesn’t necessarily represent the person. You and I may have 10 different cookies each just on one device, which is very wasteful if we have delivered all these impressions.”

Not all data is equal
Any company with customer registration data can claim they do identity measurement. Everyone from eBay, to online supermarkets, Amazon (naturally) brand loyalty programs, airlines, publishers and, of course, cross-device vendors. But there are limitations.

“Everyone is trying to build their own version [of an identity device graph]. There are no standards out there,” said Alistair Dent, chief media officer at iCrossing. “I’m cynical about anyone other than Facebook and Google being able to do it well.”

That’s partly because a cookie’s usefulness is short lived. They need to be constantly refreshed and updated to remain relevant, and not all companies have the tech infrastructure to manage that. “There are a huge variety of reasons why a cookie can die,” said Dent. “People can change phones or devices, or simply wipe them. Then there are shared family devices, which are difficult to match.”

Added to that, there are two kinds of data that matter: probablistic, which involves inferring user identity from non-logged-in information like IP addresses and browser settings, and deterministic, which tracks users across devices through personal logged-in accounts such as email or Facebook profiles. But not everyone can lay decent claim to both. The latter is the holy grail as it’s regarded as a more accurate view of what an individual is doing, and Google and Facebook are the closest to it.

And yet even they have their challenges. “Facebook audience management matches hashed personally identifiable information, like CRM data, to a Facebook ID, but it can’t link to a cookie-based demand-side platform, for example,” said one ad tech exec, who preferred to stay anonymous.

Group M’s challenge is that it doesn’t have direct customer login data like the kind Google and Facebook has. Instead, it will use a mix of data-matching capabilities it has across its companies, including Kantar Media and Wunderman, to create probablistic and deterministic data sets, according to Gleason.

EU privacy-law curve balls
Online privacy tolerance across Europe is varied and fragmented. Facebook and Google may be global companies, but when it comes to cross-device tracking, what flies in the U.S. may not work across Europe. Google has been under pressure for years in European countries like Germany and Spain over the tracking of individuals’ data. That’s slowed its progress in Europe to some extent. And there’s no sign of that changing: The European Commission’s latest revisions to the European Union ePrivacy laws (known colloquially as the Cookie Directive) along with the General Data Protection Regulations both include tougher measures on how people’s data is used for tracking advertising.