By Gowthaman Ragothaman, CEO of Aqilliz
For the past year, ongoing chatter surrounding the looming demise of third-party cookies has subsisted throughout boardroom discussions in the digital marketing world. In following the footsteps of Firefox and Safari, web browser giant Google Chrome’s decision to ban third-party cookies by 2022, has sent the industry in a state of panic. If infrastructural changes aren’t enough of a catalyst, growing calls for far more stringent data privacy and data protection practices in digital marketing have equally prompted a need to rethink approaches to identity management and audience targeting.
Yet, amid these challenges, the enduring need to continue to deliver personalised, meaningful experiences for consumers remains a must, with over 60 percent of consumers expecting personalisation as a standard of service. As marketers navigate the deprecation of third-party cookies while simultaneously balancing privacy and personalisation, are we any closer to enabling a more data-driven, privacy-compliant future?
Quality over quantity
Amid growing scrutiny from regulators and consumers alike, marketers have looked to focus instead on first-party data in a bid to enable a far more accurate, effective, as well as compliant model of audience targeting. We can see this already in the existing reliance on today’s walled gardens that naturally amass significant swaths of data as part of their service offerings. Yet, despite the access they offer, walled gardens are notoriously opaque, providing marketers with inadequate data to evaluate their campaigns. The old mantra of “quality over quantity”—not only in terms of the data itself but also measurable performance—has never been more applicable.
On the other hand, data quality also extends to data compliance. Stipulated in privacy frameworks, spanning the European Union’s General Data Protection Regulation (GDPR) to the upcoming California Privacy Rights Act (CPRA), the requirements surrounding the appropriate collection, management, and application of data have only grown far more severe.
A key area of focus that the industry needs to cast a closer eye on is GDPR’s article 30 which pertains to Records of Processing Activities (ROPA). Based on article 30, all processing activities—spanning categorisation, the purpose of processing, as well as the list of data recipients, must be properly documented and presented to authorities upon request. With stringent documentation requirements in mind, the need for greater provenance across both data controllers and processors is in demand.
Meanwhile, requirements surrounding consent have pointed to the need for solutions based on first-party data. In recognition of this, publishers have quickly caught on, with many having implemented first-party data strategies in the past year. The New York Times, for one, has built out 45 proprietary first-party audience segments for its clients to effectively target its 6 million-strong readership. While it’s certainly a promising sign that publishers are developing first-party data pools of their own, enabling unprecedented opportunities for compliant data monetisation—we need to weigh the risks and the benefits. Will these be the new walled gardens?
Trial and error
Beyond first-party data, of course, the past few years have not been without their share of progress, as marketers and advertisers have explored and experimented with alternatives to third-party cookies. Approaches such as device fingerprinting, which looked to consolidate unique attributes such as operating system, IP address, and browser add-ons to target a user, have quickly fallen out of favour. Described as a privacy intrusion in itself by privacy advocates, device fingerprinting has since been blocked by Mozilla Firefox as of January 2020.
To supplement such efforts, leading AdTech providers and consortiums have also introduced a plethora of shared identifier solutions (shared IDs) that allow users to be identified across the digital campaign supply chain. Most of these IDs offer deterministic identities that can be built on first-party, third-party, or offline data. That being said, even solutions such as these are racing against the clock, with some having been already blocked by browsers such as Mozilla Firefox.
Beyond that, there’s also the issue of interoperability. For this to truly be a long-term solution, brands and publishers need to collaborate on a platform that collects and unifies consumer data at scale and across various domains in a secure, compliant manner.
A collaborative approach
Rather than replicating the existing walled garden model, brands and publishers must look beyond data silos, coming together to fully benefit from a data-sharing model, built with privacy compliance and security in mind. For that to happen, there needs to be a decentralised platform based on distributed ledger technology (DLT) that can unify core marketing technologies, spanning customer data, audience delivery, and identity resolution platforms. When taken in aggregate as a uniform layer, we can expect to see a far more efficient, secure, and compliant approach to sharing and managing identities.
To encourage the secure exchange of data between publishers and brands, the use of DLT provides an immutable and transparent record of the end-to-end lifecycle of all campaign data and related processes. DLT also ensures that data can only be modified with the owner’s consent and the agreement of all authorised network stakeholders. With ROPA in mind, this fulfils a critical requirement of data compliance as data controllers highlight that the ability to produce data processing records is a focus of data compliance inspections.
In recognition of this fact, ROPA is at the heart of our recently-announced integration with BritePool, a leading identity management firm to pioneer a new breed of compliant, cookie-less first-party data solutions. Our use of DLT ensures that we can provide an end-to-end record of a given identifier across the value chain, attributing all associated activities in a secure, compliant manner. This transparency not only eliminates the last mile attribution of walled gardens but will also further incentivise players to join a data-sharing consortium that offers greater addressability as well as accountability among its players.
Simultaneously, to address privacy concerns, data passed through this platform could be further anonymised with cryptographic algorithms such as differential privacy which inserts statistical noise into data sets so those insights can be gleaned from a data set without compromising an individual’s privacy. When coupled with decentralised data aggregation models such as federated learning, users can be assured that their data never leaves local storage as data analysis occurs across a decentralised network of data sources. Effectively ticking the box when it comes to data provenance and transparency requirements, these security enhancements contribute to an intrinsically private-by-design infrastructure, allowing industry players to work together as they ethically leverage high-fidelity first-party data.
As experimentation continues across the marketing technology landscape, the idea that there is “strength in numbers” very aptly describes why a unified industry ecosystem is essential. Now enabled by emerging technologies, we can hope to see new, innovative models in identity resolution and audience targeting that can ensure that brands, platforms, and consumers can equitably interact with one another. In balancing the scales or privacy and personalisation, marketers cannot be content with repeating the past, looking ahead as they future-proof today’s infrastructures in anticipation of an increasingly privacy-conscious tomorrow.