Digiday Media Research: A comprehensive guide to third-party cookie alternatives

This research is based on unique data collected from our proprietary audience of publisher, agency, brand and tech insiders. It’s available to Digiday+ members. More from the series →

Estimated reading time: 38 minutes

This report was conducted and prepared by Digiday Media’s corporate research division.

Over the past decade, the third-party cookie has grown into one of the foundational elements of the digital advertising ecosystem. In two years, it will effectively be removed when Google ends its support of third-party cookies. 

How publishers respond to this change will be one of the defining stories of the media industry’s next two years. But the paths forward are numerous, and few are well-paved. That’s why Digiday created this guide, which provides an overview of the possible responses publishers might take to the end of third-party cookies. 

The big picture

In August 2019, publishers and advertisers panicked when Google claimed that after disabling third-party cookies “for the top 500 global publishers, average revenue in the treatment group decreased by 52%, with a 1 median per-publisher decline of 64%,” results determined through a randomized controlled experiment on publishers using Google Ad Manager’s programmatic services. More than 2 million publishers use AdSense to generate revenue from online advertising, indicating publishers’ dependence on a private though omnipresent company, a reality even more nerve wracking in light of Google’s now delayed deprecation of third-party cookies. 

But looked at in a different light, publishers, who for the last decade or so have been relegated to the role of merely supplying audiences for big ad tech, suddenly have leverage. The publisher has become a primary source for any registered or consent-based data that can be used to target ads in compliance with new regulations. And all of that data is just the foundation on which publishers must build to keep up with advertiser demand.

Up to $10 billion of US publisher revenue could be at stake. Most non-premium publishers depend on ad targeting through third-party cookies for over 80% of their ad revenue, according to a McKinsey study. These industry changes have resulted in a focus on experimenting with first-party data strategies within the advertising ecosystem. This resource presents a catalog of first-party data alternatives and tools, some of which are available today to both publishers and advertisers, and some that are still being developed. 

The regulatory backdrop

Google is not the only tech company to end support for third-party cookies, and it didn’t make that decision in a vacuum. Starting in 2018 with the enforcement of GDPR, a patchwork of anti-tracking and data privacy regulations have taken shape in Europe, the UK and individual states in the US. Regulators have become increasingly precise about acceptable use of user data for ad tracking, real-time-bidding methods and user consent. For instance, the UK Data Protection Authority ICO released guidance focused primarily on programmatic advertising practices in mid-2019. “Cookie compliance will be an increasing regulatory priority for the ICO in the future,” wrote Ali Shah, head of technology policy for the ICO.

Non-compliance faces large fines with a higher maximum amount of “£17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, which can apply to failure to comply with any data protection principles, users’ individual rights or data transfers to other countries. A standard maximum fine of £8.7 million or 2% of annual worldwide turnover can be handed down for not complying with provisions like administrative requirements of the legislation. 

With both PECR (UK and EU online communication regulation) and CCPA (California privacy regulation, a policy that is influencing the approaches of other US states), there are some clear constraints put on the pool of viable third-party cookie alternatives. The main issue is cookies’ ability to identify personal information about a user, usually without their consent. While the former (PECR) requires both disclosure and consent, the latter is only asking that websites disclose if and what types of cookies they are using. According to CCPA, cookies can be dropped when a user visits a website as long as they are informed; but those customers have to be given the option to opt out of the sale of their data

Both regulations clearly lay out the distinctions between types of personally identifiable information that is deemed problematic. In the case of cookies, it is “persistent” cookies that store personal user information post-session that present the larger threat. And IDs created using techniques like fingerprinting, email pixels and plugins that can store personal identifying information also require consent by PECR, methods that most users are even less aware of than cookies. 

Other types of cookies, like those necessary to help a site remember what’s in your shopping cart, “load balancing” cookies or an information service requested by a user (like in the case of online banking), fall under a “strictly necessary exemption” that allows sites to continue to use them largely unimpeded. As long as you are using cookies or similar technologies in ways that don’t connect to personally identifiable information, you are in the clear, which is one of the reasons why the use of cohorts, segmentation and non-personally identifying IDs (a bit of an oxymoron, but we’ll get to this later) are on the rise.

However, web analytics cookies, which are key to measuring performance, do fall under this regulation; according to the ICO website, “Analytics cookies do not fall within the ‘strictly necessary’ exemption. This means you need to tell people about analytics cookies and gain consent for their use.” Used to assess consumer behavior on a website, common analytics can help answer questions like time spent on your content, where users clicked and how many times they visited the site and its different pages. And if publishers are using a third-party analytics tool, that falls outside of a direct customer-publisher relationship that would itself require explicit user consent. 

So with all of that red tape, what’s a modern publisher to do?

Enhancing your first-party data strategy


On the tail of the third-party cookie’s deprecation, first-party cookies with appropriate levels of regulation-required consent baked in have become all the rage for publishers, advertisers, and many smaller ad tech and analytics firms (though Digiday has reported on some less than transparent practices in gaining this consent). In fact, almost all alternatives being explored by publishers are related to gathering and monetizing their first-party data efficiently. This includes investment in subscriptions and other registration strategies to gather declared data. And the results are there: According to publishers, in test ad campaigns produced using first-party data, there has been upwards of 50% to 100% better performance on certain key advertising metrics compared to similar campaigns that use third-party cookie data.

Publishers who are focused on enriching their first-party data are also diversifying their revenue streams, one of the advantages being an increase in their pool of user data as they focus on registration-driving tactics like email newsletters and digital events. They’re also building more addressable audiences on the open web so agencies can see what they are buying, and partnering with advertisers and vendors to make their data directly available and accessible.

First-party user data is available to all website publishers and can include many data points that can be highly valuable to advertisers, like profile info, browsing habits, geography, language and other user preferences. But not all first-party data is user centric. With the rise of advertiser interest in contextual targeting in lieu of behavioral targeting, ad targeting that uses site metadata has quickly appreciated in value. It’s more privacy-friendly than even the most squeaky-clean user targeting since it allows publishers to target ads to certain content sections and formats as opposed to individual users. More sophisticated techniques can involve machine learning and AI tools that scan site content to better identify content within a certain topic or theme or even perform sentiment analysis to determine its context. 

Contextual data can enhance user first-party data and can be used to build more specific audience segments. One example might be running luggage ads against a travel section – you might not get the perfect target user with every impression, but the alignment between ad and user intention can be very strong.

!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);

How it’s happening

  1. Setting up registration walls

One key way publishers are reacting to regulation is to get consent and first-party data from their readers directly through registration walls. Registration walls are not new, but they’re certainly on the rise. They use pop-ups or overlays to ask users to register with their email addresses to access site content, either capped at a few articles or through an unlimited ad-supported model. This data, along with the types of pages a user visits, enhances first-party data segmentation and allows publishers to personalize the user ad experience

Publishers like The Guardian, LA Times and The Atlantic are gathering as much first-party data as possible before 2023, with registrations seen as the “primary source of gathering first-party data,” according to Sam Rosen, svp of growth at The Atlantic. This gives the publisher a chance to inform the reader of their privacy policy and also helps boost their subscription efforts as publishers glean interest and content preference. According to Michael Silberman, svp of strategy at Piano, conversion rates for a publisher using a registration wall can be 10 times higher for its known users versus anonymous users. 

Publishers are using registration data in experiments with dynamic paywalls, but even if a user does not subscribe and only registers, publishers still get some profile data, have the ability to log the user’s site browsing, and can target ads to them in a more personalized manner than someone who did not register – as long as they ask for (and receive) their permission.

2. Increasing the pool of user data

In order to make their first-party data more appealing to advertisers, publishers are experimenting with multiple ways to grow their addressable audience. Many publishers are pushing email newsletter registrations to gather first-party data consent directly from their users and to capture their emails to build alternative IDs. 

They are also using newsletters to generate more website traffic, as this increases the audiences advertisers can contextually target. Topical newsletters have a 20% higher open rate and twice the number of click-through rates compared with other newsletters and, obviously, they allow for better contextual targeting. In general, newsletters have overtaken Twitter in terms of a source of traffic, according to Remy Becher, vice president, product at The Economist.

Another lucrative way publishers have found to drive user traffic that spiked during covid is through digital events. Digital events often require users to register and login to event websites, further increasing the pool of authenticated users and providing a clear indicator of one of their advertiser-aligned interests: the topic of the digital event. 

“That is now the starting point of conversations with publishers,” said Tessa Barron, vp marketing for events platform ON24. “In a digital-first world, how can we give audiences the opportunity to tell us their interests so we can optimize their journeys going forward, either for ad engagement or ultimately to gain subscribers? […] Suddenly, publishers realize the digital treasure trove of information that comes with that, data you can capture and build a strategy around so you’re not reliant on third-parties.” 

According to Barron, 50% of data gathered that is not volunteered is inaccurate, but with digital events, attendees voluntarily fill out a form often containing their email address, name, location and more. This kind of information is priceless in a post-cookie world.

3. Segmentation and contextual targeting

Advertisers are reacquainting themselves with contextual targeting, as cohort-based interest segments become a reliable method of targeting ads to users while remaining compliant. A poll conducted by Digiday Research of 157 buy-side professionals earlier in 2021 points to a pivot towards and investment in contextual advertising strategies. A little more than half of the respondents are spending more on it, and various programmatic platforms are popping up to provide services which connect to relevant audience segments. 

!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);

In a separate Digiday and Connatix survey of 100 publishers, brands and agencies on the state of contextual advertising, 53% of advertisers plan to increase their 2021 contextual budget up to 50% and 12% plan to increase spending by over 50% of current levels. Overall, 43% of advertisers are very optimistic about the future of contextual advertising, but say that capacity and accuracy of targeting or building scalable campaigns remains a challenge. 

In response to this demand and privacy regulations, publishers are experimenting with their contextual capabilities. Apart from the traditional method of tagging content pages according to the topics or beats that are covered – like fashion, cooking and travel – publishers are also investing in AI and machine learning tools that can auto-tag context categories by analyzing page text. Publishers can also classify content type according to industry standards (IAB-type categories) such as video, display, text, and images as key categories. 

Beyond page context, publishers are also experimenting with innovative ways to gather interest-based user data to power segmentation strategies. Buzzfeed and Livingly use quizzes to ascertain user preferences, while Allrecipes draws on user comments to collect signals that help them better segment users. Brand uplift studies and polling site visitors to gather consumer insights and more precise interest-based first-party data are other tactics to learn more about the users already on your site. 

“Publishers knew this was a need for years, but they didn’t always have what they needed to act on it,” said Shachar Orren, the chief marketing officer of Ex.co, a vendor that sells several tools that integrate questions and polls into publishers’ sites. While Ex.co’s tools can be used for several purposes, in the past six months, the number of times publisher clients have mentioned data collection among their needs has shot up by 60%, according to Orren.

Clever segmentation, whether it’s user-based or contextual, can incentivize advertisers to spend more to reach niche and precise audience lists. Publishers like Vox, Meredith and Insider have been investing in platforms that support contextual advertising and utilize first-party data to target ads to users. According to Insider, a client who used their Saga data platform to run part of an ad campaign saw an 11% improvement in performance metrics from first-party segments as compared to use of third-party cookies.

Case Study: The New York Times (by Lucinda Southern. Read the full article here.)

In May 2020, The New York Times announced it was phasing out the use of third-party data for audience targeting in its direct buys by 2021, a year ahead of Google originally planned to slam the gate on third-party cookie use within Chrome. Over the last year, The Times has built 45 new proprietary first-party audience segments for clients to target ads. Those segments are broken up into 6 categories: age, income, business, demographics and interest. At the beginning of July 2020, it started running campaigns using these segments. A team of a dozen people is working on the project, with more help provided by other departments. 

[Sasha Heroy, senior director, ad products and platforms, joined Digiday Publishing Summit Europe Live to discuss the steps and progress in the publisher’s first-party data strategy:]

“When we started this investigation a year ago into the feasibility of developing a first-party audience business, our first hurdle was proving we could invite readers to share information that would be useful to our advertisers, showing in a transparent way how we would use that data. In the first proof-of-concept, many more readers than anticipated were willing to share information as a truth-set for how we use these audience models. Having 6 million subscribers and many registered users is valuable for a first-party audience business, but an enormous amount of data is used to inform models that are gained from repeat visits and reading habits from registered and anonymous users in the model.

“It’s early to say what impact it will have on the second half of the year, but we have received a great deal of excitement from advertisers. The message we hear is, ‘of course we prefer first-party data, so much third-party data is known to be unreliable.’ We’re in the process of letting advertisers know our approach and whether we’ve selected the right set of audience segments and how they can evolve.”

Time to review


  • Publishers are utilizing their main asset, which is data directly from their users, moving away from the role of just being a data provider to big ad tech.
  • Publishers are focusing on their audience and learning more about their preferences and behavior when segmenting and creating lists.
  • Compliance: Publishers are able to gain consent directly from users through registrations and site-wide disclosures.


  • Compliance: In order for advertisers to efficiently target first-party user segments, publishers will still need to assign privacy friendly user IDs; certain methods of targeting in this fashion might fall out of compliance frameworks if not understood fully internally. It is also challenging to get users to consent or provide a lot of this information in the first place, especially when the method is reliant on user input in cases like profiles.
  • Ad tech efficiencies: The process of creating segments and building platforms to share publisher first-party data segments might still not deliver at the same level as Google or Facebook ad tech efficiencies. This data is usually highly localized to a specific publisher and doesn’t provide the scale many advertisers have come to demand, and furthermore, advertisers might not be willing to pay a higher CPM than what the ad tech giants offer. 
  • For premium publishers, making the most of their valuable first-party data makes a lot of sense. But for long-tail publishers, like a recipe site where someone checks up once a month for pancake recipes, using publisher first-party data for audience targeting or frequency capping becomes even less efficient.

But regardless of the cons, laying the groundwork for a first-party data strategy is table stakes for publishers post-cookie. “I don’t know a single publisher or marketer that doesn’t have the ‘cookieless future’ as a top priority right now,” said John Lee, corporate chief strategy officer at Merkle and president of the agency’s identity resolution platform Merkury. “The upcoming changes have gone from theoretical to very real and marketers are now starting to determine their plans to test various cookieless identity technologies [in 2021].” 

Developing privacy-friendly identifiers


First-party data does the work of allowing publishers to target users on their own platform. But how can advertisers get more direct access to these audiences while maintaining user privacy? 

With pushback by regulators on third-party cookies and other tracking technology, the search for alternative ID methods is booming. From alliances between publishers and advertisers to inventions by ad tech companies to hashed emails and privacy-protecting ID solutions, an entire ID tech and standardization industry has emerged. By the end of 2022, US advertisers will spend an estimated $2.6 billion on ID tech solutions, according to eMarketer

IDs allow advertisers to target a user of interest as they visit a webpage or app. Third-party cookies currently provide this access through open ad marketplaces, but they risk “leaking” privately identifiable information to bad actors. Unless blocked, these cookies can be placed on any webpage open to programmatic advertising in the form of a script or tag and are used to create a user ID for ad targeting. Any player outside of the publishers’ walls can then target users through first-party data or a combination of first-, second- and third-party data. As we’ve already seen, this third-party option is scheduled to disappear, and with good reason. 

Privacy-friendly identifiers would allow publishers to make use of their volunteered first-party user data – such as email addresses, names, clicks and more – in larger, more open markets without compromising user privacy. These publisher first-party IDs can be matched with advertiser-created first-party IDs to find an ad placement match within DSPs or other shared tools. Most IDs are built from both deterministic identity data (easy to personally identify: name, email address) and probabilistic identity data (estimating and matching data from multiple sources to determine user preference and create identifiers). 

To keep its users’ information safe, the publisher shares a tokenized ID or something like a hash that refers to the attributes of a user or a group of users such as a location, interests, an age range or desired website activity rather than sharing that user’s information directly. A tokenized ID keeps user information within the publisher domain or system, often by assigning it a random alphanumeric string or hash before sharing it with other systems. For instance, if a unique identification number is ABC4567890, it might be transformed into a randomized token string like 58B0C9476A.

To allow advertisers to then target its users, a publisher shares the tokenized user ID in advertising ecosystems or DSPs, which are then matched with advertiser preferences or other criteria. This process of “matching” IDs or ID synchronization across the advertising ecosystem while keeping the personal identity of users secure has resulted in many new companies and offerings that deal specifically in ID graph solutions. These ID graphs help map the user ID to ad placement and determine attribution. 

Not only do tokenized or hashed IDs limit the propagation of original user data, but they also make it harder to correlate first-party data with external datasets. “In these ecosystems, the first-party cookies are inherently per-site and don’t have any cross-site abilities,” said Garrett McGrath, Magnite’s vp of product management. “Here, it’s the SSP that still has a cross-internet view of things.” This keeps the keys to the data trove in publishers’ hands. 

But it is hard to convince publishers to sign on to identity tech. “Until I hear that publishers are making more money off the identified, authenticated audiences, it doesn’t seem like I have to do anything on that front at all until we’re closer to the date [of Google’s deadline],” said Rob Beeler, who manages ads for publishers as CEO of consultancy Beeler.tech.

!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);

How it’s happening

If IDs weren’t confusing already, there are a few different ways publishers can create or adopt ID technology to allow the outside world to target their users. Here are a few. 

  1. Building alternative IDs for SSPs

What is it?

Publisher IDs or publisher-provided IDs (PID/PPID) are already part of the programmatic ecosystem. Google has used them with Google Ad Manager and Amazon is also looking at their use to enhance their programmatic identifiers. 

Publishers can add particular code to their sites to create and share first-party IDs, often using open-source services or by working with tech vendors. Publishers can utilize user login information, information from market sources such as income category, and site behavior – for example, how many times a user visits a sports-related story – to build PIDs. Each user requires a unique identifier for the purpose of frequency capping and attribution across devices. The PID is a persistent identifier that can be tracked cross-platform, and segments can be assigned to it, such as “sports-enthusiast”. 

These internally built IDs are then pushed to programmatic marketplaces or SSPs.

Who is it for? 

In the SSP or other ad tech platforms, these IDs are used to match a user profile or segment to an advertiser’s targeting specifications. The importance of publisher provided IDs has increased as publishers enjoy a direct relationship with their readers and are responsible for obtaining their consent to use first-party data. The IDs publishers share allow them to keep user data internal but only share tokenized representations of users or segments for ad targeting. SSPs are trying to become as publisher-ID-friendly as possible so advertisers can access segmented registered user data across many publisher audiences. 

“All of these ingredients are the scaffolding needed for publishers to be able to create and address meaningful audiences at scale from a publisher-led point of view,” said Garrett McGrath, Magnite’s vp of product management.

How does it work?

Here’s just one example: PubMatic launched an identity hub in 2020. It’s a tool built on top of Prebid that lets publishers manage multiple identity solutions with no third-party cookies. PubMatic handles 134 billion ad impressions daily through its programmatic auctions, generating one trillion advertising bids per day. Over 20% of Q4 2020 ad buying on the PubMatic platform came from supply-path optimization (SPO) agreements, compared to around 10% for Q1 2020. In an interview with Digiday, PubMatic CEO Rajeev Goel said: “The cookie is not going to be replaced with a single alternative identifier. […] This means there’s more opportunity for many other SSPs and demand-side platforms that are adapting and adopting other identifiers.”

“Smart publishers aren’t going to want to share their data everywhere because they have obligations to audiences,” he continued. “There’s a chance that those publishers could winnow down the range of ad tech providers and even advertisers that they work with in order to protect that consumer relationship. Giving choice to both publishers and buyers is important.” 

As the advertising industry experiments with multiple compliant ID solutions, if one emerges as a winner, publishers want to invest in it early. These could include sharing publisher IDs or segmented audiences or the data associated with them for the tool to segment according to categories like fashion or business on the publisher’s behalf. The goal is to make it straightforward for advertisers to buy impressions against those IDs if they are supported by a publisher. Over 175 publishers including Cox Automotive in the US and Time Out in the UK have used PubMatic’s tool, a number that’s expected to grow.

2. Outsourcing compliance to ID tech

What is it?

Publishers have been using PIDs in open marketplaces for years, and they are fairly simple to create, but with the importance of remaining compliant, some are outsourcing ID creation and mapping efforts to keep their first-party data more secure and their policies within the bounds of new privacy and tracking regulation.

Who is it for? 

Buying these services from external ID tech providers instead of trying to build in-house is a good option for larger publishers with more resources. Sharing publisher IDs in SSPs or through open source services like Prebid is a good option for smaller publishers as they do not have large enough audiences to scale their data in a way that makes it attractive to advertisers, nor do they have the resources to invest in expensive tech services.

How does it work?

EU publishers have been outsourcing compliant ID sharing to consent management platforms (CMPs) that can help track data a user has consented to as it is shared across the digital ad supply chain. Consent strings are passed along the programmatic ecosystem while allowing publishers to remain the provider of registered user data, allowing them to maintain control

Publishers like Salon are investing in ID technologies like LiveRamp and ID5’s solutions, which explicitly set a publisher notice of consent in their data collection. By linking to ID tech through an API or embedded code, once a user logs in or registers with a publisher site who gets consent to use their data, this information is stored in the publisher’s consent management system. 

That user’s information is then turned into a string or token by the ID tech provider. This tokenized ID is sent back to the publisher and can be stored on their website as a first-party cookie, without having personally identifiable information attached to it. This ID is then shared with all of the publisher’s partners or in SSPs, providing a consent-based workaround to third-party cookies that can be used for analysis and advertising without compromising consumer privacy. 

These are popular options used by many other publishers with resources. “We are integrated with the likes of LiveRamp and ID5 and have been for many months because it’s our job to make sure that we have the platform that can transact the way advertisers want to buy from us,” said Nick Flood, global commercial operations director at Future PLC. “I don’t think ID vendors are finished — far from it.” 

But some premium publishers aren’t convinced: “We’re skeptical of sharing this sort of data with the broader ecosystem because there’s a risk that it ends in a situation where you have ad tech vendors building these huge databases on our audiences that we have no control over, so we’re back to square one of publishers just being providers of users and not journalism,” said Thomas Lue Lytzen, director of sales and ad tech at one of Denmark’s biggest news publishers Ekstra Bladet. 

3. Using industry-wide universal IDs

What is it?

A more standardized and free option for alternative ID creation are opt-in universal IDs. There are multiple ongoing, open source initiatives to build alternate privacy-friendly IDs. One of the popular alternatives that have been endorsed by large media groups like Omnicom Media Group (OMG)  is the advertiser alliance IAB’s Unified ID 2.0. Developed by Trade Desk and IAB Tech Lab. Unified ID. 2.0 (UID) is an open source “privacy friendly” shared ID that offers more transparency by involving more companies and industry groups in its creation. 

Who is it for? 

This ID is supposed to provide a standard method for publishers and advertisers to get consent-based data when a user registers to access publisher content using their email ID. But it does not ask for explicit consent yet and might fall short of regulatory specifications in its current form. Unified ID 2.0 is endorsed and used by Prebid, and other ad tech firms (like Criteo with User-Centric Ad ID and Epsilon with their CORE ID) are partnering their ID efforts with UID 2.0 to make it a standard for the industry. 

How does it work?

Publishers can place a script or SDK on their website so that when a user logs in with their email address, they are given an opt-in notice about how their email address and provided information will be used in the advertising value chain. The email address is then shared with a UID host, which automatically assigns a privacy-friendly alphanumeric ID or hash to a unique user. 

Any company signing up as a closed operator is “going to house [UID 2.0] inside their own infrastructure, to generate their own version of it without going outside their walls,” said Bill Michels, general manager of product at The Trade Desk. “The tool will talk back to the main system, so as we make updates it will automatically be refreshed.” This identifier is also gathering more support in the agency world and is giving rise to a new type of “closed operator” role for UID 2.0 within the ecosystem. 

Similar to UID 2.0 is an open-source decentralized ID: SWID or Secure Web ID created by the Secure Web Addressability Network or SWAN. When a user visits a page that uses SWAN, they are given the option to opt into personalized advertising and share their email address. This provides consent across the board to publishers and advertisers within SWAN’s ecosystem. The SWID is then assigned to that user to provide a transparent and consensual targeting method. Users can see and change their preferences at any time, and both sender and receiver of ad transactions are signed to increase transparency within the ad supply chain. 

SWAN is an example of an open source innovation recently launched that can be used by small to large publishers. A number of companies like PubMatic, Sirdata and EMX are also part of the SWAN community. 

Case Study: South China Morning Post (by Lucinda Southern. Read the full article here.)

South China Morning Post has built its own first-party data platform, which it’s calling Lighthouse. The goal is to increase the addressability of its global audience, girding it for when third-party cookies are null and void for targeting and ultimately improving the effectiveness of ad campaigns. Ad clients can access Lighthouse via a dashboard and build their own bespoke audience segments based on their preferences, campaign targets, distribution channel and content trends. But, Alibaba-Group-owned and Hong Kong-based SCMP has also collated 25 pre-built audience segments such as luxury lifestyle, business travel and health fans that marketers can pick off the shelf based on historical usage of 50 million monthly average users, 37% from the U.S., according to internal figures. Comscore finds it has 22.2 million global unique monthly users.

SCMP said Lighthouse gathers more than 1.2 million data points a day, which it collects through declared data from polls, surveys and quizzes, plus observed data from elements like onsite behavior, ad logs, CMS, content analytics, sentiment, readability and contextual data. The publisher has a registration wall but wouldn’t say how many people have signed up. Increasing this pool plays a growing role, having logged-in users lets it create persistent identifiers, making attribution much more efficient. Beyond simple data like geography and demographics, the publisher can infer the value readers see in its content: A user looking in the parent section could be expecting triplets or already have a toddler, they could be feeling nervous or excited.

SCMP — which is mostly ad funded — has worked with customer data platform 1PlusX. With 1PlusX, SCMP syncs various deterministic and probabilistic IDs under one first-party user ID with all the known attributes about them and assigns an arbitrary name. It then applies the vendor’s audience expansion machine learning to create targetable audiences. “We see more [companies] making the move from a DMP to a CDP,” said Alexis Faulkner, head of FAST UK, Mindshare’s integrated performance business unit. “It means you stop relying on segment data and move to individual user profiles that can build audience understanding. It’s a move any company that has information from different sources on their customer may want to consider [in order to] unify their approach across the different data assets they have.

SCMP has a robust cross-department data, tech and commercial product team which built the platform. In a month-long test of its core 25 pre-built segments in Lighthouse, to determine performance of adding data versus the cohort run of site average, the company saw improved click-through rates by 40%. It applied a business segment to an education campaign looking for MBA candidates saw an increase in CTR from 0.12% to 0.3%.

Time to review


  • User privacy is being prioritized.
  • Publisher data and IDs are becoming vital to creation of alternative IDs and deterministic data has higher accuracy than probabilistic data
  • Innovation and standardization industry-wide which take less time for cookie-syncing


  • User privacy / compliance not certain as use of email hashes and ip addresses main source for building IDs
  • Many alternative IDs have been built to work within the current programmatic system and with third-party cookies, so the latter’s deprecation might cause more change than currently understood. They are also vulnerable to Chrome updates and ITP (Intelligent Tracking Prevention)
  • Possible increase in latency and heavy user sign up process with the introduction of new code and stages of consent

As seen above, many alternative IDs are using email addresses or email hashes to gather data on users. This might not end up being a long-term solution as privacy regulations tighten. And apart from privacy-based questions, publishers are also hesitant about ID tech out of concerns that it could increase latency, slowing down their pages, particularly when it requires a code embed on their sites (as was seen with some header bidding technology). 

Alternative ID matching and mapping solutions, whether they use shared logins or tokenized IDs, presents competition for Google. But with control of 65% of global browser share through Chrome, Google might not have to worry about it too much – unless big tech players like Amazon jump in. As they diversify, many advertisers continue to stick with what they know. Six in ten ad buyers (64%) had used Google for identity resolution at some point over 2020. 

Building partnerships


In times of crisis, relationships matter. As ad tech giants deal with looming regulation, and compliance becomes increasingly complicated new partnerships are emerging or being reignited. 

“There’s a positive correlation between the increased demand for longer, bigger partnerships and the degradation of the cookie,” said Josh Stinchcomb, the global chief revenue officer of Dow Jones Media Group, which includes The Wall Street Journal, Barron’s and Marketwatch. “Advertisers have been able to cobble together performance metrics across multiple sites; that’s going to get harder… We can measure multiple exposures to their messages using just our first-party data. […] They have to accept our first party as valid, but that’s what they accept from the walled gardens today.” 

Direct-sold advertising and branded content are the largest focus areas for publishers, according to Digiday+ research, signalling that advertisers and publishers are getting cozier than ever in the face of uncertainty: 

!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);

But those aren’t the only tag teams providing solutions. Publishers are increasingly putting competition aside and turning to each other for support in scale as the third-party cookie continues to crumble. 

  1. Publisher alliances

Publisher alliances are flourishing in Europe and the US, particularly seen in an acceleration of “login alliances”. These allow publishers that are party to the alliance to use the same registration and login for their users, making it easier to share consent-based user data across multiple organizations. This increases the user data pooled between publishers in the alliance and effectively scales their ad targeting. Publisher alliances are particularly attractive for advertisers as the pool of segmented unique users increases and they can target ads to millions through one system or tool. Here are two examples of well-known publisher alliances:

  • The Ozone Project is a publisher alliance formed in 2018 between well-known publishers like The Guardian, The Telegraph, Independent and News UK, among others. It offers advertisers the ability to target over 100 million monthly users across these publishers. The alliance runs joint ad campaigns and has built their own ad stack to maintain control over their data and the resulting ad dollars. They have also invested in creating standard contextual targeting segments and taxonomy across all members. Read more about the alliance’s tactics here.
  • TrustX is a US-based publisher advertising alliance that sells its members’ ad inventory in a private marketplace. It was created as a non-profit in 2016 by members of Digital Content Next, a trade association for premium publishers including News Corp, Hearst and The Washington Post. TrustX has attracted advertisers by boasting of their 250 million+ unique audience reach across the US and through pilot tests with advertising alliances like the Association of National Advertisers. Read more about the alliance’s tactics here.

2. Advertiser alliances

One of the biggest challenges for advertisers in this environment is comparing performance or “matching” of cookie-based segments to segments built using disparate publishers’ data. Enter advertiser alliances, which are more geared towards providing standardization across the ecosystem. Advertiser alliances are providing the ability to get all their members on the same page through standards for shared logins, IDs and consumer data. Here are a few examples of well-known advertiser alliances:

  • The Interactive Advertising Bureau (IAB) is active in providing standardization and guidelines geared towards compliance. The IAB Tech Lab is functioning as Technology Standards Working Group within PRAM (see below) and has launched Unified ID 2.0 in partnership with The Trade Desk. Recently they published Best Practices for User-Enabled Identity Tokens in partnership with PRAM, giving advertisers and marketers guidelines on how to collect and use user data. Read more about this alliance’s tactics here.
  • The Partnership for Responsible Addressable Media (PRAM) represents 400 companies and trade associations from around the world and has been created precisely in order to respond to privacy based challenges and alternate ID needs. The alliance is linked to IAB Tech Lab and both are working closely with regulators and publishers themselves to develop actionable policies and shared IDs. Read more about the alliance’s tactics here.

Case Study: NewsPassID (by Max Willens. Read the full article here.)

The Local Media Consortium, a strategic partnership organization whose membership includes local newspaper publishers such as Gannett and the Seattle Times and broadcasters such as Tegna, has developed a product to find strength in numbers. NewsPassID is a sign-on technology and the precursor, LMC hopes, to an ad network that can leverage the collective audience scale of thousands of local news sites.

NewsPass ID is a single sign-on technology created for local news publishers who are trying, like everybody else in media, to gather more first-party data from their users. For publishers that deploy NewsPassID, the data gathered can be used not just for digital advertising but also to drive a subscription strategy: A registered user is easier to bring down a subscription funnel. NewsPassID launched in a pilot stage in Q1 2021, with four publishers testing integrations in a few SSPs. Right now, the LMC has to ensure that its different sites can support single identities, and that there’s no data leakage in open auction environments. If all goes according to plan, NewsPassID will begin testing integrations with buy-side technologies some time in the third quarter of 2021.

In theory, the success of the sign-on technology will drive success for the network: More scale in the number of known users identified using NewsPassID means more impressions that can be bundled up and offered to advertisers. More scale should attract more advertisers, and the resulting boost in demand should mean more revenue for publishers, which should, in turn, attract still more publishers, and so on. 

Time to review


  • Publishers have more bargaining power when banded together and can share resources and strategies
  • Ad tech giants came between the publisher-advertiser direct relationship so new partnerships provide renewed opportunities to reclaim lost revenue.
  • Shared logins and IDs provide an opportunity for compliance related changes and innovation which prioritizes first-party user data.


  • Large ad tech companies rely on a lack of standardization within the publisher-advertiser ecosystem so they stand to lose if alliances become strong. But alliances like the non-profit TrustX don’t always have the same engineering resources to compete with ad tech giants.
  • Alliances struggle with issues of standardization when it comes to measurement and taxonomy. Getting registration data on most of their users is also not easy. 
  • For smaller publishers and advertisers, alliances might not always work as fewer audiences lead to lesser bargaining power
Investing in new toolkits


First-party data, privacy-friendly IDs and even partnerships all require new tools and technologies to function and connect. To share first-party data with advertisers and to build contextual targeting capabilities, publishers are investing in both in-house and external tools and platforms, many of which fall outside of the categories we’ve already covered. 

According to a report by McKinsey, the data platform market in the United States was worth $5 billion in 2020 and it is expected to grow in light of the recent rush to diversify ad targeting capabilities. According to a Digiday Research survey in December 2020, more than half of publishers — 53% — said that they’d increased the number of ad products offered since the start of 2020.

!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);

In terms of in-house tech, publishers are focused on making their segmented first-party user data accessible directly to select advertisers using dashboards and data studios. Large publishers like The Washington Post, The Economist, Vox, South China Morning Post , Penske Media and The New York Times have even been investing in building proprietary tools to replace large DSPs, aiming to give advertisers the ability to directly target ads using consensually procured first-party user data or IDs for their millions of users. 

Investment in in-house product teams has grown for years now, and with the rise of new first-party data enhancement strategies, proprietary tools to more conveniently buy premium publisher ad inventory will become more common. But most publishers will be licensing tech services from external vendors. Here’s a look at some of the other tools that can help shore up the post-cookie gap along with who’s using them:

!function(e,i,n,s){var t=”InfogramEmbeds”,d=e.getElementsByTagName(“script”)[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement(“script”);o.async=1,o.id=n,o.src=”https://e.infogram.com/js/dist/embed-loader-min.js”,d.parentNode.insertBefore(o,d)}}(document,0,”infogram-async”);

  • The Washington Post has built a proprietary first-party ad targeting tool Zeus Performance in 2019, which is a header bidding wrapper and ad rendering engine. The platform utilizes contextual data and machine learning technology for ad targeting. The Post has also launched Zeus Prime, a self-service ad platform open to ad buyers to reach audiences of all the publisher sites using Zeus Performance. Publishers can connect Zeus Performance to any SSPs. The platform currently offers more than 4 billion impressions per month across all its participants’ owned-and-operated sites. Read more about the platform here.
  • VICE news is investing in external tools like Experian Match and Grapeshot to beef up their first-party user data, which consists of 57.5 million global unique visitors per month, according to Comscore. Their strategy is geared towards improving its registration process and doubling down on contextual ads. Read more about their strategy here.
  • The UK’s Channel 4 and Immediate Media are mollifying regulators by partnering with advertisers on using “neutral” third-party tools or data clean rooms for first-party data sharing like Infosum. These “neutral” platforms allow advertisers and publishers to share their data and make ad targeting recommendations without sharing users’ personally identifiable information. Read more about neutral platforms here
  • Yahoo (previously Verizon Media) sees the furor around deprecation of third-party cookies by Google as an opportunity to push its own DSP and ID, called ConnectID. ConnectID currently reaches 148 million logged-in users spread across some 400 million devices. Yahoo is beefing up its DSP platform with a round of partnerships with tech and data providers to build IDs, add contextual components and expand to addressable TV inventory. Read more about the DSP here.
  • Comscore, traditionally a media measurement company, is partnering with a number of other companies to provide a contextual targeting service to its clients. Their contextual audience segments are built using a global panel of 3 million internet users, with two thirds of these users located outside the U.S. An advertiser with first-party data on users it wants to target can upload it into the tool and target ads to Comscore’s available segments. Read more about Comscore’s contextual targeting platform here.

Case Study: Penske Media Corp. (by Max Willens. Read the full article here.)

Penske Media Corp. is trying to find more ways to sell across its brands and it’s hoping a data studio called the PMC Atlas Data Studio, built using a homegrown targeting platform, will help whet advertisers’ appetites. In March, Penske, which owns a mix of consumer- and business-facing publications including Variety, Rolling Stone and WWD, launched Atlas, which allows brands to target readers across Penske’s portfolio, which reaches 134 million unique users every month, according to Comscore. Atlas offers some 500 different audience segments, many of them either modeled directly on established segments typically reached using third-party segments or pulled directly from advertiser and agency RFPs. 

Penske built Atlas using an ad routing platform originally designed to control the ads that ran across BlogHer, a network of female bloggers operated by Penske brand SHE Media. The technology was rolled out across the rest of Penske’s portfolio in August 2020, so each brand’s sales group could use it in their own sales efforts. Like many of its peers, Penske’s decision to invest in a data studio is partly a response to the third-party cookie changes coming to the media industry. And for now, the price of audience segments available in Atlas are identical to the ones available using third-party cookies. 

Atlas also uses a mixture of on-site user behavior, including article and video views, poll responses and shopping data. It also taps first-party data gathered from its newsletter and magazine subscribers, event registrants (the company produced close to 200 virtual events in 2020), plus a number of data partnerships, to build those segments. About 10% of its portfolio audience is authenticated, meaning users can be tied to a permanent identifier like an email address, chief advertising and partnerships officer Mark Howard said, adding the company is actively exploring ways to increase that percentage. 

Time to review


  • Publishers are moving away from dependency on big tech DSPs and exploring alternative plus direct ways to share their inventory with advertisers
  • Publishers will have more control over their first-party data and which advertisers can access it, so for instance, content spreading misinformation or extremism cannot be shown on their websites. This helps rebuild trust with consumers. 
  • There is more transparency in ad placement mechanisms as data is not being shared in open DSPs but through licensed services or “neutral” more transparency-friendly tools


  • Building proprietary tools or licensing external data platforms is not always an option for smaller publishers as it might require significant financial investment
  • Each new toolkit requires financial and training investment
  • Compliance is not guaranteed in the mapping and matching industry as alternate IDs use email hashing, IP addresses to share publisher data with advertisers. The future of these is still uncertain as the policy environment evolves. 
The road ahead

Paul Cuckoo, PHD Media’s worldwide head of analytics, put it succinctly when he spoke to Digiday: “The two areas [in which] we’d anticipate the most change is the increase in the value of first-party data for both advertisers and publishers as well as an increase in scarcity of third-party audience data sourced through data brokers and partners who do not have a direct relationship with users.” 

But as easy as it is to draw up a few steps and call it a roadmap, monetizing first-party data is not everyone’s game. Large publishers like The New York Times have the resources to invest in new methods of selling directly to advertisers. Advertisers are also more interested in their audiences in the millions. Most of the partnerships and alliances described above are also between large publishers and advertisers. 

Smaller publishers are likely to continue to rely on large DSPs like Yahoo and Comscore and ad tech giants like Google and Facebook for a majority of their revenue — they neither have the ability to scale, nor the resources to invest in alternative ID technologies. And these smaller publishers from recipe sites to tech blogs make up a majority of web content. In fact, a full half of small publishers plan to not rely on advertising revenue at all come the deprecation of third-party cookies, according to Digiday Research

“The big tech platforms and the mega publishers have the resources to swim in these waters,” said Ken Harding, senior managing director and global publishing leader of FTI Consulting. “Everyone else is floating along, and they’ll take what they can get…maybe you plug in where you can, you get your $1.15 CPM, but you’re not going to invest.” 

Even when it comes to first-party data, ad tech giants have unprecedented amounts of it stored in data centers around the world, and users seem more than keen to consent to their terms and services for quick access. It is more than likely that millions of publishers will continue to use Google’s Ad technologies, without even attempting to look for alternatives. And it’s in Google’s interest to make it a smooth transition to the post-third-party-cookie world. In the end, Google and the like will make the rules and train most publishers in how to remain competitive by being compliant – and using their technologies.  


More in Media

The Trade Desk shuts advertisers’ access to Yahoo’s video content

The DSP cut open marketplace access to Yahoo’s video in an ongoing dispute over how inventory is represented.

Three strategies publishers are adopting to drive affiliate commerce revenue for Amazon Prime Day 2024

Publishers like Condé Nast, Gallery Media Group and She Knows are taking what they learned from last year’s Amazon Prime Day to shape their strategies this year in an effort to boost affiliate commerce revenue during the July shopping event.

Why the Tribeca Film Festival embraced AI movies with OpenAI and Runway

The 2024 festival brought new dialogue about generative AI, from AI-generated films to feature-length documentaries about AI’s risks and rewards.