WTF are shared identity solutions?
All the buzz around the need to find alternative ways to target and track ads without using third-party cookies has drummed up a lot of attention around so-called shared “identity” or “ID solutions.”
A bunch of different providers and consortiums are pushing forward with these new, standardized ways of identifying and storing user data without using third-party cookies. MailOnline and TI Media are among those testing how they work. But most publishers are actively searching for and experimenting with, ways to digitally identify their audiences in a data-privacy compliant way that won’t get crippled by any further anti-tracking changes made by the browsers.
But exactly how do they work? Here’s a primer.
First, why all the hoo-ha around the need to create shared user IDs?
The concept of shared user IDs has been around for several years, but it’s getting more air time currently because of two rather pressing market trends: Apple Safari and Mozilla’s Firefox browsers culling third-party cookies, and the tightening of data-privacy laws, namely the General Data Protection Regulation and, in time, the California Consumer Privacy Act.
So these IDs are a cookie-less alternative for ad targeting and tracking?
Not quite. They are a third-party cookie-less option. But they rely very much on first-party cookies — audience data obtained directly from the publisher (rather than via a third party). It is the third-party cookie — not the first-party cookie — that is in on the hook. Not only have Apple and Mozzila blocked them, but the way third-party cookies also spread personal user information across the web in the name of buying and selling ads on the open exchange is massively problematic, and a huge GDPR compliance headache and likely violation. “The walls are closing in,” said Mathieu Roche, co-founder and CEO of shared ID provider ID5. “Both on the technical side with the browsers and on the legal side with [U.K. data protection regulator] the Information Commissioner’s Office.”
How do you create a digital identifier?
Typically, to create it from scratch a publisher can integrate via an ID provider’s API, which can be achieved via open-source Prebid. Once a person visits that publisher’s site and gives their consent (or rejects it) for that publisher and its digital ad partners to use their data for various purposes like ad targeting, those data preferences will be collected in the publisher’s consent management platform. Once the information is read by the CMP is is stored in a first-party cookie and passed to the ID provider’s API. There is still no ID yet, but the ID provider will know whether there is permission to create an ID for that user for the purpose of ad targeting. Not all ID solutions generate an ID only when they have user consent. Ones like ID5 do. An ID, which is a string of random numbers and letters (some call it a token), will then be generated for that user, which is shared back with the publisher for them to store in a first-party cookie on their site. All other digital partners are then given access to the same shared ID so supply-side and demand-side platforms can both read it.
Why is it important that it’s a shared ID?
The sheer volume of third-party cookies on an average publisher’s site is staggering. For mainstream, mass volume publishers that rely heavily on programmatic advertising, it’s an even bigger problem. Those millions of cookies all have to be matched in order to isolate an individual in order to target an ad to them. Currently, every website has its own way of identifying users, meaning every individual that goes online has hundreds of different third-party cookie-based IDs that then all have to be matched by SSPs and DSPs in order to target ads. That’s very expensive from a technical infrastructure point of view, and it causes other headaches like slowing page-load times, as well as the (now critical under GDPR) long-standing data leakage issue. “It means in future instead of having to have hundreds of thousands of cookies on their website, publishers can transact on one shared ID (per user),” said Jakob Bak, co-founder and CTO of Adform and member of shared ID consortium DigiTrust. “Where the user can be given a much stronger opt-out and ability to exercise their rights.”
And these don’t use third-party cookies at all?
Currently, most shared-ID solutions are compatible with third-party cookies (so the ID can be stored in a third-party cookie) because most of the ad tech ecosystem still operates on them, and they’re enabled in Google’s browser Chrome. But these shared IDs have been designed to work without them, so once the third-party cookie has finally died, these shared IDs will live on, using first-party cookies. “An ID is a key in a database,” said Roche. “It is the first bit of code that you can attach all you know about the user to, but it has to be unique. The purpose is for the same ID to be shared between publishers and brands — it has to be the same key. It is a common language for ad tech.”
There is more than one shared-ID solution?
Like any hot-button issues, there are hoards of opportunists touting they have an ID solution. But there are only a handful of shared-ID consortiums and businesses worth paying attention to and you can count them on one hand: DigiTrust, ID5, Ad Consortium. They’re working on shared versions, meaning the creation of one (anonymous) unified ID per individual that publishers and their programmatic ad partners can use to serve and target ads.
So, what are the drawbacks?
Mainly, the fact that pretty much the entire digital ad trading ecosystem works with the third-party cookie. The onus is on the publisher to get involved with the shared IDs also and prompt them to be created from their CMP data. Publishers that have log-in strategies can supplement these shared IDs with log-in data like email addresses in theory, but the scale doesn’t yet match that of third-party cookies.
How Yahoo is experimenting with platforms and partnerships to grow its audience
Yahoo wants to get fanatics for sports, finance and lifestyle all actively spending within its owned and operated portfolio of media brands.
In some California privacy cases, analytics trackers are in the crosshairs — and violators could be charged by the cookie
Letters companies have received from the state's attorney general ask them for details about cookie tracking for ads and analytics.
The Financial Times plans to open 2 more U.S. bureaus to target ‘global Americans’
The Financial Times, with investment from owner Nikkei, is opening new bureaus in the U.S. to cover American companies that are players on a global scale, for U.S. readers.
SponsoredHow the ad industry can use its borrowed time to future-proof first-party data solutions
Trent Lloyd, co-founder and head of brand solutions, Eyeota Google’s updated timeline for its Privacy Sandbox rollout, including its two-year delay of third-party cookie deprecation on Chrome, didn’t come as a surprise to many industry observers, given the limited utility of Google’s FLoC and the slow momentum of the Privacy Sandbox in the World Wide […]
Member ExclusiveMedia Buying Briefing: WTF are barter agencies?
Barter agencies have always operated on the fringes of the media agency scene. What's changed for them since the pandemic?
Member ExclusiveDigiday Research: In the race to comply with digital privacy laws, few sites are making it easy for visitors to opt out of data collection
Just a tiny fraction of websites are giving visitors a choice in how the data collected on them is used.