designsoliman - Fotolia
What the loss of third-party cookies means for IT departments
Due to browsers and companies making it all but impossible to use third-party cookies, companies should consider a strong foundation of customer data to stay relevant.
Global pandemic. Political disintegration. Accelerating climate change. Murder hornets. The past year has offered plenty of reasons to worry. But if you really want to see someone get upset, ask a marketer about the loss of third-party cookies.
People in other disciplines may not understand why a small change in a tiny piece of technology should cause hair-on-fire panic among marketers. To briefly set the scene: New privacy rules have led browser makers to block third-party cookies (cookies that send data to someone other than the website owner). Advertisers have used those cookies to target individuals, track visitors across websites and to connect ad views with purchases. Privacy concerns have also led Apple and other device makers to limit access to IDs that were used for similar purposes on mobile devices. The result is a huge disruption that has advertisers, publishers and others scrambling to reengineer large portions of their industry.
Most of the technical work to replace cookies is being done by specialists at publishers, agencies and industry groups. But the results will ultimately impact systems at almost every company that manages customer data -- which is almost every company, period. It's not too soon for IT managers to look at how things might play out, even if we don't yet know who will win the cookie replacement race.
Cookie-free approaches to digital advertising
Broadly speaking, there are four approaches being taken to build a new foundation for digital advertising.
Alternative IDs based on personal identifiers
This is the approach most favored by the ad industry, since it preserves the precision of current methods. The most common proposal is to use an email address provided by website visitors. This would be hashed to create a unique ID that could be calculated independently by anyone who collects a user's address, enabling publishers and advertisers to recognize the same individual across different websites and other channels without revealing their identity. The concept is sound and can be extended by linking the email-based ID to other IDs, such as account numbers, device identifiers or mobile app logins, for cross-channel and cross-device coverage. The problem is that many visitors don't provide an email address in the first place. This means that coverage will be much lower than marketers had with third-party cookies, which until recently could be used without positive action by the visitor.
Channels with their own identifiers
Anonymous visits may be the default on the open web, but other digital channels are less flexible. Most mobile apps require a login, and devices such as connected TVs are set up with an account that includes personal identifiers. As a result, interactions and advertisements in these channels are inherently linked to individuals known to the channel owner. A given interaction may in fact be tracked by several entities including the internet service provider, device manufacturer and app provider. How much information is shared with advertisers depends on privacy rules, company policies and consent agreements. In many cases, the channel owner won't directly share personal identity but will enable ad targeting based on individual information. The channel owners may also cooperate among themselves to build cross-channel customer profiles, again using privacy-preserving identifiers such as a hashed email address.
Targeting with anonymous segments
One problem with privacy-preserving identifiers is that a detailed profile can often be tied to a specific individual even if it doesn't include a personal identifier. A handful of nonspecific items such as zip code, birthday and employer are often enough to narrow the candidates to a single person. In fact, a great deal of research has been done to determine how much information is enough to de-anonymize such data and, conversely, how to build data sets that cannot be de-anonymized. Common techniques include requiring a minimum number of individuals in a data set, adding random variations to the included data and limiting what queries and outputs are permitted. Techniques associated with this approach include "differential privacy" (sharing aggregate information about a data set without identifying the individuals it contains) and "data clean rooms" (confidential data sets held in tightly controlled environments with limited access). These approaches can be used to assemble ad audiences and analyze ad results. An ad audience will necessarily include individual identifiers, although these may be the privacy-preserving type or be sent to the ad channel without the ad buyer seeing them. Result analysis can be limited to aggregate statistics without any individual-level outputs.
Targeting without individuals
Although advertisers have gotten used to targeting on individual profiles, this isn't the only way they can work. Before the internet, ads were sold based on the audience profile for a TV show, print publication or physical location such as a poster, and everyone in the same audience saw the same ad. This sort of targeting, now called "contextual advertising," is regaining its prominence as individual-level targeting becomes harder. It works best when the context is narrow: You can safely assume that visitors to a football team's website are interested in that football team, but can't infer as much about visitors reading a weather forecast. This means that relevant inventory is limited, and marketers can't serve related ads to the same visitors when they appear on other sites.
How to prepare for life without third-party cookies
Each approach has its own strengths and weaknesses. It's likely that all will be applied to some degree. The important question for corporate IT managers is how to get ready for whichever solutions their marketers choose to adopt. Here are a couple steps you can take.
Reassess your data management platform
Many companies have deployed a data management platform (DMP) to manage audiences built from cookies. These typically combine first-party cookies (from the company's own website) with third-party cookies (acquired from others). As third-party cookies become less available, the value of the DMP is diminished. How much value remains will depend on whether non-cookie identifiers are widely adopted and how they are used. So, don't pull the plug on your DMP quite yet but do keep an eye on it going forward.
Bulk up your first-party data
First-party data relates largely to existing customers, while third-party data relates largely to prospects, so it's not immediately clear how one compensates for the loss of the other. But better first-party data can support acquisition by providing names to contribute to data-sharing arrangements, measuring the value of new customers from different sources and providing inputs to "look-alike" models, which find prospects (in external audience lists) who are similar to your existing customers. Specific steps toward better first-party data include:
Capture more identifiers to attach to your customer records. Different identifiers (email address, postal address, device IDs, etc.) and more instances of each identifier (e.g., more records with an email address) give you more chances to match against external data sets. Examine all customer interaction points for opportunities to capture more data. Improve performance by applying techniques such as "progressive profiling," which builds richer profiles over time by asking new questions as old questions are answered.
Be more thorough in linking your internal identifiers to make your customer profiles more complete. Internal identifiers such as account numbers and app logins won't match with external data, but can connect your data across your own systems. This will build a more accurate picture of each customer, supporting more effective internal promotions and look-alike modeling.
Gather more non-identity data. Adding more data will create richer profiles, which opens new possibilities for targeted promotions and customer analysis.
Manage and prove consent. As privacy rules grow more stringent, it's more important to capture customers' consent for marketing uses and sharing of their data, and to document the exact details of that consent. Clarity in how their data is handled will encourage customers to provide it and make potential partners more willing to work with you.
Improve analytics capabilities. Richer customer data will be most valuable when you have the analytical capabilities to make full use of it. This means data should be prepped and formatted for common analytical projects and stored in accessible locations. It also means both expert and casual users should have appropriate tools and training. Specific projects to expect include customer profiling, segmentation, predictive models, journey analysis and response measurement. In addition, you may need special focus on privacy-related skills such as anonymization and data masking, as well as differential privacy and data clean rooms. Some of these can be done in-house while others are best handled by external specialists or platforms.
Collecting customer data remains important
In a year that stressed every business operation, the loss of third-party cookies may seem a minor inconvenience. But cookies are at the heart of a huge advertising ecosystem. Replacing them will require changes in how ads are purchased, targeted and measured, impacting data, systems, processes and people. The details of those changes are not yet clear, but a strong foundation of customer data will be needed under any circumstances. IT departments that improve their customer data today will have a head start on whatever demands the future may bring.
About the Author
David Raab is founder and CEO of the CDP Institute. A long-time industry consultant specializing in evaluation and selection of marketing technology, Raab coined the term "customer data platform" in 2013.