Digital marketing measurement and targeting are dependent on the ability to identify users through direct and indirect identifiers. Indirect identifiers consist of third-party cookie IDs, IP addresses, and device fingerprints and are leveraged by marketers to identify users across websites to serve personalized ads or gauge the success of marketing campaigns.

Users who engage further with sites provide additional direct identifiers like email addresses, phone numbers, etc. Think of the time you signed up for a brand’s newsletter for 10% off or one of the many loyalty programs you’ve signed up for. These are tactics used to improve identification across different interactions with a site or across websites. Throughout a customer’s lifecycle brands use a combination of direct and indirect identifiers to measure things like Customer Lifetime Value (LTV), Customer Acquisition Cost (CAC), Retention Rate, etc.

Marketers, websites, social media platforms, and many others have become dependent on these IDs, but this is changing quickly. Retargeting ads that followed you from site to site trying to sell you that candle you already gave your mother for Christmas were annoying, but AI-fueled targeting is tipping the scales to creepy. We find ourselves in an uncanny valley of advertising and people are taking notice. Governments are implementing legislation like CCPA or GDPR and browsers continue to adapt policies to block third-party cookies and other IDs commonly used for advertising.

Timeline of Advertising ID Deprecation

• May 2018 GDPR: European legislation driving adoption of cookie consent management platforms
• March 2019 Apple ITP2.1: Apple intelligent tracking prevention 2.1 limited the length of client-side cookie storage to 7 days
• June 2019 Firefox ETP: Firefox blocks third-party cookies by default
• December 2019 CCPA: California legislation enacted, requiring OneTrust and cookie opt-outs
• Jan 2021 Apple iOS 14: Apple iOS 14 requires users to explicitly grant permission to all websites, apps, etc for ad tracking
• Sep 2021 Safari IP Masking: Allows users to hide IP addresses from trackers
• June 2022 Firefox Total Cookie Protection: Partitions cookie storage for each site visited to limit cross-site tracking
• TBD Google Chrome: Google continues to delay when it will kill the third-party cookie

This timeline is continuing to develop with states like Virginia, Colorado, and California developing new privacy legislation.

The Cookieless Future is Already Here

Many browsers have already introduced policies that limit cookies and other advertising identifiers by default. This is apparent in Safari, Firefox, and Edge, along with other browsers with less market share.

Although Chrome takes up the most of the market share, many brands and sites see a much larger proportion of their traffic coming from browsers like Safari. In some cases, businesses heavily dependent on iOS can see the majority of their traffic impacted by browser policies. The Cookieless Future is already here for 30% of the browser market share.

Evolving to a Privacy-First Web: The Future of Advertising Identification

As cookies and other advertising identifiers lose their resilience on the web, advertisers and sites are enlisting new strategies to track and target online advertising.

First and Zero-Party Identifiers

First-party data has been core to many sites’ strategies for years. Facebook and Instagram (Meta)’s ad business is so robust because of their focus on the collection of a myriad of different data from users. Gated experiences or benefits that require consumers to provide their email or other IDs are also becoming essential to eCommerce businesses as they work to retain customers with loyalty programs.

Zero-Party Data: Data that a customer intentionally and proactively shares with a brand, which can include preference center data, purchase intentions, personal context, and how the individual wants the brand to recognize her.

Forrester

Zero-party data, a term coined by Forrester, is also growing in importance. Using these data elements to target advertising is much lower on the creep scale compared with passively collected information like items added to a cart.

Open Source Identity Frameworks

Open source identity frameworks or universal ID solutions are unique user IDs that allow AdTech companies to identify users across websites. They are created in various different ways but are most frequently based on a combination of direct and indirect identifiers.

Most leading examples like The Trade Desk Unified ID 2.0 and Secure Web Addressability Network (SWAN) are highly dependent on direct identifiers like email addresses. Others like the original The Trade Desk’s Unified ID and the Advertising ID Consortium are dependent on a mix of direct and indirect identifiers.

To provide an example of how these work in practice, let’s take a look at The Trade Desk’s Unified ID (UID) 2.0. This solution requires users to log in via a single sign-on solution. This syncs a user to a unique identifier and allows ads to be targeted or consent to be better managed across sites and devices. These solutions become highly dependent on consumers logging in to function correctly.

We have all enjoyed a mostly free internet for the best part of the internet’s history. This has only been possible because of advertising-based revenue models, but with the deprecation of advertising IDs publisher value statements will have to change. Sites that use UID 2.0 or other open source identify frameworks will have to introduce friction into this value statement. No matter the success, the number of targeted users is bound to reduce.

Google’s privacy sandbox

Google’s Privacy Sandbox consists of several “privacy-preserving” APIs that support different aspects of advertising measurement, targeting, frequency management, and consent tracking. The common theme among these solutions is a shift in accountability for identification from AdTech to the browser.

The two that are most important to the identification problem associated with the cookieless future are:

• Topics API
  • Enables targeted advertising without the need to track which sites a specific user visits.
• FLEDGE
  • Enables remarketing across sites without cross-site tracking by leveraging on-device auction via the browser based on browsing history.

All of the work being done as a part of the Privacy Sandbox is still in far from production. There have been numerous critiques of this work. This is likely the cause of Google Chrome’s continued delays to block third-party cookies.

Specifically, this article describes several problems with the Topics API including:

• Sites that cannot exclude a low-value topic will be at a disadvantage after Topics API is implemented
• Large, multi-topic, reputable domains lose out against focused sites after implementation
• A high risk of reversal on site performance after implementation

FLEDGE, on the other hand, requires sites to call a browser to participate in an ad interest group. From here the browser is responsible for associating the user browsing with that group or audience. Once a consumer visits a publisher’s site that wants to serve an advertisement, the publisher calls the browser and initiates a bid. The publisher then serves an ad based on the winning bid and relevant ad interest group.

This is just the tip of the iceberg for the Privacy Sandbox and it will continue to evolve over the coming years. More can be seen on the Privacy Sandbox timeline on Google’s site here.

What Does it Mean?

Ultimately, the shift away from third-party cookies and other IDs used to target and measure advertising is about managing expectations. Instead of a focus on scraping and storing every element of data and identifier possible, we’re seeing a renewed focus on the collection of consent. There is a reason that marketing channels like Email remain the most productive for many brands. Consumers have clear expectations of what kind of ads they will be served.

On-site quizzes, membership programs, preference centers, and other transparent means tied to direct identifiers will become the norm for ad targeting. The use of indirect identifiers will slowly fade as governments and browsers continue to limit their accuracy. Sites, brands, and advertisers will all need to continue to evolve into this world of a privacy-first web.

Featured image generated by DALL-E AI with prompt “Cookie apocalypse”