Publisher’s Risks and Opportunities in a Cookie-less Future

Jonathon Shaevitz, Founder of Shoulder Tap Advisors

As we hurtle towards the deprecation of the third party cookie, publishers are confronting a new reality full of risks and opportunities.  

Background:

Cookies were developed 26 years ago as a tool to improve a web visitor’s experience.  Today, there are basically two types of cookies.

• First-party cookies are created by the site you are currently visiting. These cookies are generally considered useful and benign in that they help with website functionality and their goal is to improve a user’s experience. These cookies collect and store data, allow users to add multiple items to their shopping cart, and remember things like usernames and language preferences. They allow a site to remember a user and effectively customize that user’s experience.   These ‘first party’ cookies are ubiquitous and not going anywhere, if anything, they are becoming more powerful and pervasive.
• Third-party cookies are not created by the site a user is currently visiting, but by a “third-party” and are generally used for marketing purposes.   This third-party cookie is basically the same type of code as the first party, but this cookie is not for the visitor’s benefit or the direct benefit of the publisher, but for the benefit of tracking and eventually targeting that user.

Assuming no changes, the third-party cookie will effectively die in January of 2022, when Google’s Chrome stops supporting them.  Safari and Firefox have already stopped or severely limited their use and other browsers (Brave, Edge, IE, etc.) have also limited their use.  In truth, Chrome is the last hold out and while there may be some changes around the edge, Chrome has to stop its support of third-party cookies to stay competitive.  They are trying to introduce a new technology to allow marketers to continue to target, but that remains unclear and whatever is created will certainly accrue more benefits to Google than to the individual publisher.

Publisher Biggest Regrets:

According to MediaPost “In 2007, the first true ad exchanges and ad tech companies began cropping up. Trading desks began forming…. while the long-tail inventory of the Web was expanding and wasn’t being monetized well. It was during this time advertisers recognized they could reach the same audience via exchanges for less money than ad networks…”

With this, audience targeting really began.  Publishers were offered what seemed to be a great deal.  Data Management Platforms (DMPs) would place a pixel on the publisher’s site and provide back audience data to the publisher.  Sometimes this was free, sometimes for a fee.  Either way, publishers generally allowed their data to captured by the DMP and often pooled with other publishers’ data.

The idea was getting more granular data but more importantly, DMP’s said “let us share your user data with the exchanges and SSP’s and you will get better CPMs since the advertisers will know more about your users.”  While there was truth in this, whether by intention or just circumstances, the publishers ended up with the short end of this deal.  Their audience data was being shared with everyone, and the smart recipients of that data would then retarget their audience in less expensive environments.  DMPs and other data companies made a ton of money, and this Faustian bargain has been in place to this day.

The present and future:

At least two irrevocable forces are pressuring publishers as it relates to targeting data:

1. The deprecation of the third-party cookie, and
2. The new regulatory environments (think CCPA and it’s recent upgrade, CPRA)

These two forces are creating a mad scramble to develop a new strategy.  Companies (i.e. LiveRamp, ID5, LiveIntent, Merkle, etc.) are trying to contract with publishers to utilize their solution.  Simultaneously, companies like BrightPool are creating their own cookieless targeting pool.  Additionally, the contextual targeting companies, who have always performed, have been reinvigorated with the demise of the third-party cookie.

Publishers are facing interesting questions:

• Do they partner up with one or all of these new cookieless solutions?
• Are we moving to a true first-party world? If so, how do you target first-party to first-party?
• What is critical mass in creating their own data?  How much is needed to attract direct advertisers in a post cookie word?
• What type of targeting will be allowed under new regulatory frameworks?
• How do monetization strategies fit into these different options?

Some of these answers cannot yet be known, but all of them deserve serious time and attention.

Recommendations:

Don’t panic.  Rules are still evolving and Google’s strategy remains uncertain.  These changes create a unique opportunity for publishers to STOP giving their data away for others to exploit.   All these changes mean that publishers have a chance to re-evaluate their data strategies, one person’s problem is another’s opportunity. Start now to adjust to these changes.

Publishers should be extremely wary of new data deals that allow third parties to ingest their data and allow it to be used in an aggregated environment.   This looks like a repeat of 2007.  Instead, short term deals with clear limits of how the data is to be used and shared needs to be established.  In reality, you can always add your data to an ID company’s graph, but it is extremely hard to remove it.  And, while the clock is ticking, the third-party cookie still has some time left (13½ months based on Google’s last update).

So, what to do (besides avoiding new long term deals).

Here are some actions that every publisher should be doing immediately:

1. Full push to capturing first-party data.  There are free lead capture tools that a small publisher might use, but every publisher should be directly engaging their audience and get them to register.  A solid review and thorough implementation of data capturing tools will position you for the future.  No publisher should wait to more fully engage with consumers who are already engaging with them.   Start this now, it takes time to build up data strategies and the resulting data volume.
2. Consent Management Platforms (CMP) are a requirement.  Do not pass GO.  There are many strong CMP offerings (i.e., SourcePoint, OneTrust, Osano, Quantcast Choice, and a bevy of smaller-company offerings. ) The main thing is to select a CMP that you trust will continue to be around and evolve as the regulations change.  But don’t be overwhelmed by this decision, changing to a different CMP in the future is not like migrating other technologies.
3. Evaluate working with second-party data from tech leaders. Google and Facebook, for example, offer granular audience targeting through their own data collection platforms.  However, view this as one of your strategies, not your future.
4. Evaluate building second-party data with other publishers.  This may be one of the more interesting strategies.  Can publishers build first-party/second-party data graphs that they can leverage?  The rules are still being developed, but this offers a path towards controlling your data while achieving scale. However, be aware that the new CPRA regulations equate sharing data with selling data, so this has to be done very carefully.
5. Don’t underestimate the value of contextual targeting.  It is the first cookieless targeting and remains a strong strategy, particularly when combined with first-party data.
6. Evaluate non-cookie based third party audience tools (TapAd, FlashTalking, BrightPool, etc.)  More of these non-cookie-based third-party audiences will continue to emerge.  However, don’t get caught giving up your data rights or oversharing access. This will only depress your audience’s value.  However, this is an area of risk.  What type of solutions will be permitted on different regulatory frameworks is unclear.

So what to do?  Of course, there is no right answer and each company faces different risks and opportunities.  However, every website, whether brand, agency, publishers, or e-commerce, should immediately start investing in capturing first-party data.  Also, a Consent Management Platform should be viewed as a requirement for everyone (even though CPRA will not apply to smaller websites).