Companies said to be spending ‘hundreds of millions’ to replace the third-party cookie for controlling user data — but no consensus yet on platform, browser or public

Jun 19, 2020 | advertising, data, identity, technology

Companies said to be spending ‘hundreds of millions’ to replace the third-party cookie for controlling user data — but no consensus yet on platform, browser or public

Who should control user identity on the web — the elements of a person’s interests and attributes, some of which may be considered deeply private? Should it be tech platforms, web browsers, “fiduciaries” or users themselves? Companies are spending tens of millions to be part of the answer, one insider says.

The IAB TechLab, a nonprofit standards-development organization for publishers, ad-tech and web platforms,  was in the running, with its “DigiTrust” shared-identity solution.  But it threw in the towel this week (see story, above). 

“LiveRamp is working on this, The Trade Desk  is working on this. Everyone says the cookie is going to go away,” Mark Dye, chief strategy officer at Bombara (and a LiveRamp advisor) said this week during a recorded BPA Worldwide webinar.  “The cookie is going to get replaced with something.We’re trying to figure out what that something is.  So don’t be deluded into thinking the third-party cookie goes away and this whole thing gets solved. Because there are companies spending hundreds of millions of dollars to figure out what replaces the cookie. So there will be something.” 

The competition is heating up, but so far the solutions comprise a confusing array of current practice, new ideas and entrants.  In the broadest sense there are at least three general possibilities:

  • For the most part, user identity is now controlled opaquely by a plurality of advertising, ad-tech, apps, social media or other technology platforms.
  • In public discussions facilitated by the World Wide Web Consortium (W3C) and elsewhere, web-browser software makers are discussing how their technology can control user-identity data collection and settings — in collaboration with or transparently to the user.
  • So far in mostly the idea category is user identity and data controlled by the user, either on their device, or in partnership with a “information fiduciary” such as a publisher or affinity group. 

Publishers are looking for alternatives to the third-party cookie for connecting their audiences to advertisers. They want to regain lost control over user relationships. In May, Axios’ Sarah Fischer reported The New York Times would phase out use of third-party advertising data. On June 26 at 1 p.m. EDT, Times revenue analytics executive Jay Glogovsky, is slated to speak with execs of LiveIntent, the email marketing ad-tech company, about details of the plan in a webinar arranged by LiveIntent. 

Travis Clinger, of ad-tech company LiveRamp, an Axciom company, writes about “addressability and the ecosystem” in another briefing entitled: “Post cookies, publishers are taking steps to increase user authentications.” Clinger says the goal is to offer “consumers a method to express trust through authentication, and avoid having to rely on unsustainable solutions like fingerprinting, insecure universal IDs or hashed emails”

Technology and marketing companies serving the advertising world — threatened by European and California data-privacy laws — are scrambling to figure out how they can pivot from making money by opaque user data collection. 

Ad-tech company ID5 has created a website and an “advertising identity guide” illustrating its views on “user identity” and says that there are generally two approaches being taken to address privacy — anonymizing users data into “cohorts” or applying a universal shared-ID (typically an email address) that tags a specific user everywhere but — in unproven theory —  doesn’t allow them to be specifically identified. 

These new efforts to cash-in on privacy-aware identity management — through data anonymization or the idea of a “shared identifier” — have been evidence for years and the solutions are varied, often confusing and not all real yet. 

Some recent examples:

  • In 2018, Mick Halstead’s startup InfoSum said it would deliver user insights by mathematically studying aggregated subsets of information, which it said was GDPR compliant. It announced its solution in October, calling it “Discovery” or “data collaboration without compromising commercial trust or consumer privacy.” 
  • VentureBeat reported May 27, on a Google initiative called “federated analytics” which reporter Kyle Wiggers said could analyze end-user data without invading privacy. In a blog post, two Google artificial intelligence engineers wrote that “like federated learning, it works by running local computations over each device’s data, and only making the aggregated results — and never any data from a particular device — available to product engineers.” 
  • Last month, identity-solution provider ID5’s Valbona Gjini summarized the strategy behind its “Universal ID” service, launched in July, 2019, arguing “the market is not settling for Chrome’s ‘Privacy Sandbox’ approach.”  Gjini said 18 other “adapters” are using ID5’s in ad-tech “PreBid” services, second only to an offering by The Trade Desk. Gjini’s report included a pie-chart breakdown of identity entrants’ shares, listing them as NetID, Britepool, Trade Desk, Pubcommon, Liveramp, Criteo, LiveIntent and Parrable, in addition to ID5 and the now-sunsetting IAB-DigitTrust.  
  • Berlin-based customer-intelligence platform zeotap said this week it was launching yet another university identity initiatve called “ID+” and said that among 20 organizations adopting it were Acccenture, Pubmatic and International Business Times. Zeotap said its ID is based on “deterministic offline identifiers.” 
  • Because it is both a browser maker (Chrome) and a giant ad-tech firm, Google is proposing ideas that affect both realms within a project it calls “Privacy Sandbox.”  There’s “Federated Learning of Cohorts”  (FLoC) and TURTLEDOVE, for example, which try to address privacy with data minimization (FLoC) or holding user data in the browser (Turtledove).   Martin Kihm, a Salesforce marketing strategist, talks about them in June 16 AdExchange column. “The future is aggregate, not individual,” Kihm says. And, Kihm says, data collected from the user with the user’s explicit permission.  
  • An Apple-inspired browser-based initiative could support or frustrate federated single-sign-on through a W3C proposal it calls “IsLoggedIn.”

  • The nonprofit Information Trust Exchange Governing Association — ITEGA.org — (sponsor of the Privacy Beat email newsletter), is exploring ways that publishers might help users to manage their own identity and data. It’s been experimenting with the use of Open ID Connect, an open-source technology. Rather than create a new ID system for advertisers, or rely upon web-browser software, ITEGA’s “NewsSSO”  (single-sign-on) idea  is to extend the “login” of a user at a publisher website to work at other websites within a rules-driven privacy network.