Since we published and updated this article, this area has continued to rapidly evolve.
Google has released GA4 to address the privacy challenges, while the cookie deadline has been postponed (yet again) till end of 2024 as Google starts the migration of 1% of Chrome users to Google Privacy Sandbox starting in Q1′ 2024. The timeline is evolving as we speak. Meanwhile, Apple continues to up its privacy ante with iOS 17 release.
So, in the interest to keep everyone abreast with many of the related issues with Cookies and Privacy, and the related challenges, we will continue to update this article, while also sharing with you the approaches that we at Knorex are taking to assist our customers to navigate.
Targeted Digital Advertising through Third-Party Cookies, MAID, IDFA, GAID
For the longest time, “advertising cookies” or “browser cookies” or “cookies” for short, have fueled the growth of rich user profiles to be created to enable much more relevant ads targeting, personalization and measurement/attribution, all of which to drive towards less annoyance for consumers, better efficiency for marketers while providing the revenue source to sustain the publishers.
Cookies comes in two forms: first-party and third-party cookies. Cookies are simple text files containing sequence of letters, numbers and symbols that are placed into users’ Internet browser of their computer or mobile device to enable the cookie owner to recognize your browser and build a profile of you. First-party cookies are those that are placed by the website owner when you visit their website, while third-party cookies are those that are placed by one or more third parties which the website owner has made arrangement with.
Third-party cookies store your browsing history and interests when you visit a website. This enables marketers to transfer the information through such third-party cookies to continue their engagement with the users elsewhere or when they revisit in much more relevant and personalized way by tapping on prior or profiled user’s information. Third-party cookies can be used to track across websites, and used for measuring ads performance and attribution of ad spend.
In mobile apps, cookies are not applicable as a mobile app functions very differently from a browser. So, a counterpart called Mobile Advertising IDs (MAIDs), which are predominantly represented by Google Advertising ID (GAID) or Apple’s Identifier for Advertisers (IDFA) are used in place of cookies. MAID is generated by the mobile operating system such as Android and iOS as a sequence of random letters, numbers and symbols to be used as a unique identifier for tracking a consumer’s journey and ad spend attribution. To learn more on MAID, check out this article.
The Demise of the Third-Party Advertising Cookies
In recent times, data privacy has become a pivotal matter especially with the enforcement of GDPR in Europe, CCPA in California/US (and more states have joined in), and other related privacy laws in numerous countries worldwide (learn about Knorex’s privacy policies and efforts). Apple, in particular, has significantly drummed up its multi-prong efforts in tightening privacy protection.
In a short span of 3 years, Apple has released a flurry of Intelligent Tracking Prevention (ITP) versions (v1.0, 2.0, 2.1, 2.2, and 2.3) for its Safari Internet browser/iOS to address users’ privacy concerns by preventing cross-site tracking and completely removing the support for third-party cookies starting in September 2017 with the release of Safari 12 and iOS 11. Henceforth, 7-day expiration for first-party cookies and 1-day expiration for cookies set by link decoration are now the new norm. These measures have made it extremely difficult for marketers to track users as before, to retarget them and attribute the conversions on Safari browser, which commands a sizeable market share in the US and the mobile universe.
Google Chrome has been following the footstep of Safari by enforcing the SameSite tracking and stopped sending third-party cookies in cross-site requests unless the cookies are secured and flagged using an Internet standard called SameSite (learn more about Google Chrome’s SameSite and here; and technical explanation about SameSite). Google has also (re-)announced the phasing out of third-party cookies in 2 years’ time, triggering the demise countdown of the Great Cookie. Similar action was taken by Mozilla Firefox browser.
Since Apple’s momentous rollout with its iOS 14 by making its IDFA explicitly opt-in for all apps instead of the previous implicit opt-in back in June 23, 2020. Apps now must seek users’ permission before the app can use their identifier for tracking purpose. This effectively cripples tracking as more/most users will enable the “Ask App Not to Track” option, thus making it harder to track and attribute in iOS devices. Google had announced similar announcements for Chrome and Android.
On June 7, 2021, during the WWDC21 event, Apple announced a slew of privacy-related features as part of iOS 15 release including Mail Privacy Protection (masking of IP address, limiting information on if an mail is opened, limiting pixel trackers in email), Privacy Report (on Safari Browser and Mobile devices), and Private Relay (which hides users’ emails and Its). Of all these, the masking or hiding of IP addresses would have the most consequential impact on digital advertising as IP address serves as one of the key signals as part of a unique identifier. This act is a follow on to the update of Apple’s ITP effort (see above).
In July 2023, Apple is expected to roll out iOS 17 which will further expand its privacy initiatives, including automatic removal of link trackers from browser URLs (a potentially high disruptive move to quite some applications if not done right), blocking of trackers and prevention of “fingerprinting”, and more.
Impact on Digital Advertising Ecosystem
All these changes introduced by the different browsers and operating systems including iOS, Android, are posing significant challenges to the digital advertising. Here, we list out some of the impact and our thoughts about some of the approaches/directions:
- First-party data has been gaining huge
will gainmomentum. Although opt-out is now replaced by opt-in, we opine that many publishers or vendors will find ways to get consumers to opt-in, albeit with much more effort, time and cost to reach a shrunk addressable audience;
- AdTech vendors will have to work within the first-party data framework and evolve. This will surely limit the reach/coverage due to the scale of the first-party data, and will likely lead to rising cost of integration and affect real-time targeting. Data enrichment or augmentation will be something that might needs to be considered to extend the scale. (See here for a primer on First-party, Second-party and Third-party data);
- Industry-led initiatives such as the open-source Unified ID 2.0 (UID2), EU-specific EUID, IAB Europe’s Transparency and Consent Framework (TCF), will see increased visibility and momentum, as getting the sufficient adoption from major industry players continue to be a work in progress. Wide enough adoption is critical to achieve the scale needed to provide the sufficient coverage. Of course, there are also vendor-centric solutions such as from Google’s Privacy Sandbox initiatives
- Increased and revived use of fingerprinting technique or tapping on a variety of signals or identifiers by stitching together bits of information (e.g. browser used, IP address, plugins, OS, carrier, and so on) powered by machine-learning/AI predictive capabilities. Some of these info, of course, will be increasingly curtailed to prevent such use, eg. Apple’s obfuscation of IP addresses through their PrivateRelay feature (see above);
- Server-to-Server (S2S) Integration will gain momentum among publishers and customers to directly integrate with Tech vendors and bypass the whole cookie/Digital Id approach. We anticipate active investments in this space and with new tech players coming on board to provide simpler solutions to both publishers and customers something like the rise of header bidding;
- Third-party DMP vendors need to look beyond cookies or digital ID to provide services around new identifiers which are based on their first-party ID or perhaps collaborating with other providers such as telcos for their telco-based ID or with Unified ID 2.0 (UID2) to build out their identity graph;
- Increased use of probabilistic data instead of solely or heavily relying on deterministic data to extend reach/scale. To mitigate and improve the “precision” or granularity, we will see companies taking the approach to integrate a wide variety of data, signals and sources with regular interval refresh to create a meaningful dataset;
- Ability to attribute conversions will be extremely hard to achieve anymore or may not be supported at all, hence dialling digital advertising traceability back into the times of traditional media;
- Ability to perform de-duplication across channels will be almost impossible as all these identifiers get phased out;
- Further reliance on Big Techs (Amazon, Facebook, Google, Microsoft and yes, Apple too!) to chart the fate of digital advertising industry at large though it may be a tall order to rely on them to be altruistic and govern for the greater good since each controls a sizeable ecosystems with its own set of rules that each would much prefer to stick with and use;
- (Specific to Facebook/iOS) Further restrictions on multiple aspects on Facebook with the introduction of iOS14 ranging from targeting, ad creatives and creation, conversions events and measurements on web and app, and reporting.
How is Knorex Addressing These Challenges?
These are extremely challenging headwind that the (digital) advertising industry is facing. Here at Knorex, we have been hard at work to develop various technologies and solutions to work in compliance with the privacy law/framework/industry standards:
- Enabling first-party cookies to track and attribute: We implemented this solution to ensure that tracking is done on the website domain of the advertiser, i.e. on the website where the advertiser’s customers place their order for a product or a service. In other words, we will not be dropping our cookies (i.e. also known as “third-party cookies”) on the website of the advertiser in the process of enabling tracking sales conversion on the advertiser’s website. Knorex tracker will only access the customer’s information via the advertiser’s website/domain and using Knorex proprietary technology to track users across website(s) and app(s). This will allow us to achieve the following:
- Compatibility with ITP 2.x requirement by Safari;
- Support SameSite cookies for Google Chrome browser;
- Ability to retarget users as well as the ability to track attribution.
- Server-to-Server (S2S) Integration: Knorex has developed its proprietary technology to send user signals happening on the advertiser’s website through S2S integration with the advertiser. This will allow Knorex to help track users across the different advertising channels without dropping Knorex pixel into the advertiser’s website. The events that are track-eable include booking, purchases, registration, signups or any events occurring on the advertiser’s website(s) or mobile app installation, post-install events that happen after a user clicks on any Knorex ads. We foresee this as one of major approaches pushed by different adtech vendor as it doesn’t rely on cookie or digital id, and so far, it is in full compliance with privacy laws. Even Facebook seems to be advocating this approach by pushing out its conversion API solution ahead of its pixel-based approach for all kinds of attribution tracking and optimization. This approach is also widely used in mobile apps in the form of postbacks.
- Contextual targeting (or cookieless targeting): Using Knorex proprietary technology called Knorex Lumina™ which is a contextual engine that Knorex has been developing over many years, enables our customers to target and show contextually relevant ads to a cohort of users reading articles with matching relevance/context to the campaign that an advertiser is running. Knorex Lumina now supports over 17 most popular languages in the world and counting. Such contextual features serve as additional data signals to our Knorex KAIROS AI/ML engine to enhance its relevance to reach the right audience or cohort. Already, we have observed strong improvement in performance in terms of CTR and CPC for campaigns running using our contextual targeting on a month-to-month basis. Right now, we are in our final leg of optimization on conversions (purchases, leads, in-App install, etc) to achieve our desired performance. This will serve as an alternative to cookie/digital ID based targeting and reduce our reliance on such mechanism.
- Partnering with identity vendors to participate in industry-driven initiatives: We have also been working actively with third-party identity vendors such as LiveRamp‘s RAMP ID, to be part of their ecosystem, and where LiveRamp is also a party to the industry-driven open source project of UID2 which is now guided by the IAB Tech Lab. We believe that by combining such solution with our other solutions like (S2S Integration, first-party cookie support) can provide good coverage when it comes to (re-)targeting users, and conversions attribution, while also improving the efficiency of different stakeholders in terms of the cost of infrastructure as well as targeting capabilities.
- Google Privacy Sandbox project: As Google’s Privacy Sandbox project continue to evolve, an initiative by Google to make the web more private while still enable tracking and measurement to create a thriving digital businesses. The original initiative under the moniker of Federated Learning of Cohorts (FLoC) is officially dead.
Here is one of the study done on it. Instead of using third-party cookies to track users from site to site across the Internet, FLoC works by using machine-learning algorithms to categorize users into groups or cohorts based on their common interests. The initiative is controversial, with players testing it while facing headwinds with others. It will likely require further tweaks and adjustments to garner wide enough support to be viable.This has now been replaced by not one, but multi-prong approach through these few key APIs made available via Chrome (one of the mostly used browsers in the world): (a) Topics API; (b) Protected Audience API; (c) Attribution Reporting API; (d) Private Aggregation API;(e) Shared Storage; and (f) Fenced Frames API.
Reach out to us if you would like to find out more about Knorex solutions.