‘There is no precedent to this’: How Criteo plans to adapt to Apple’s IDFA privacy update

Apple’s forthcoming privacy update that will require users to give consent for apps to share their data with third parties — held on its anonymized identifier for advertisers, known as the IDFA — affects any company that owns an app, advertises on apps, or measures the effectiveness of that advertising. Ad retargeting specialist Criteo is bracing itself for the negative impact.

Criteo told investors during its second-quarter earnings call earlier this week that it forecasts a “$3 million headwind” from Apple’s update and the impact of “stricter consent banners in Europe” in the third quarter. The Court of Justice of the European Union ruled last year that websites need to obtain explicit consent from users in order to collect their personal data. 

To call out the potential IDFA impact in the third quarter is significant because Apple’s iOS 14 update is only expected to roll out in mid-September — the last two weeks of that quarter — and it will take a while for all Apple users to adopt the new operating system. Analysts from JMP Securities wrote in a research note earlier this week that the Apple update has the potential to hit Criteo’s revenue by $20 million in the fourth quarter and more than $60 million in 2021.

“It’s very hard for us to extrapolate what [the IDFA changes] will do given that there is no precedent to this,” Criteo CEO Megan Clarken told Digiday.

If consumer opt-in rates are terribly low, or Apple ultimately decides to remove the IDFA altogether, advertisers will choose ad tech partners who have the best access to other forms of audience data, according to Clarken. 

“If there was a worst-case scenario and we are all playing a guessing game … then I think Criteo is in the best spot,” she said. “If you look at the data set we have and the ability even to do contextual stuff, then expand from that to things that are probabilistic and even taking that data and making it deterministic, we have a really powerful position.”

Criteo says it has first-party data integrations with more than 20,000 advertisers and 4,700 publishers. Its ID graph contains data for 2.5 billion users, “of which 98% have persistent identifiers beyond cookies,” Clarken said on the earnings call. That includes data such as hashed email addresses or loyalty card information, which is privacy-protected, Clarken told Digiday.

“If you’re the average [demand-side platform], you probably don’t have anywhere near the level of access to brands’ first-party data,” said Joanna O’Connell, principal analyst at Forrester. “That doesn’t make them immune [to the impact of Apple’s upcoming IDFA changes] — nobody is immune — that’s the reason why there is so much energy around ID infrastructures because we all know that something has got to be done.”

It’s unclear what Apple’s intentions are, but its broad definition of “tracking” in its AppTrackingTransparency (ATT) Framework appears to limit data leakage beyond IDFA, such as sharing email lists, alternative IDs etc.,” said Rocco Strauss, internet equity research analyst at Arete Research, via email.

ID solutions, such as Criteo’s, could be proposed as workarounds that enable user-level targeting, even if users opt out of tracking, he added, but Apple may take steps to block these, as it has with previous workarounds for its Intelligent Tracker Prevention feature in the Safari browser.

“While Apple has no control over publishers’ CRM systems or server-side activity_— and publishers will even more often ask for email addresses to log-in — Apple could (temporarily) block apps when it detects sharing of IDs/email addresses server-side,” Strauss said.

Earlier this year, Criteo began work on what it is calling a “revocable identification system” — a portal where consumers could access their privacy profile and update their preferences for how they can be targeted across web browsers and apps. The idea is that the system will be open source — not owned by Criteo or any other commercial entity — and that it is open to all ad tech vendors, publishers and advertisers. Criteo is aiming for the platform to be ready by the fourth quarter of 2020.

“It gives control back to the consumer, the owner of the ID, and takes it out of the control of the browser or the operating system,” said Clarken, who added that the system had “started to gain traction with the powers that be,” referring to publishers and advertisers but without naming specific companies.

For the second quarter, Criteo reported $180 million in revenue minus traffic acquisitions costs in the second quarter, an 18% dip on last year. Its performance was better than expected as while clients in sectors including travel and brick-and-mortar retail paused or reined in their spending, midmarket and direct-to-consumer companies maintained or increased their activity.

The company attributed a $41 million net negative impact to the coronavirus crisis in the period. Criteo is forecasting third-quarter revenue of between $171 million and $173 million, a 20% to 21% decline from last year’s quarter, which includes a $40 million negative coronavirus impact.


More in Media

Immediate deepens CMP strategy, slashes ad tech partnerships for sharper data governance

Consent management platforms at Immediate aren’t just about ticking boxes for data laws.

Teads’ M&A rumors are firming up with a deal to merge with Outbrain

The latest installment of ad tech M&A activity is leaving some industry folks surprised.