Advertising and Targeting Without Third-Party Cookies

The legal entities and browsers are both contributing to the demise of the 3rd party cookies. The shared goal behind these efforts is protecting users’ privacy and facilitating a different way of how advertising works on the Internet.

According to the recent IAS research, 94% of UK consumers say online data privacy is important to them when browsing online content. Responding to this demand, the key stakeholders in the advertising industry intend to improve transparency and give users a better choice of how their data is being collected, stored and used.

Legal environment

The privacy regulations such as General Data Protection Regulation (GDPR) in the EU and California Consumer Privacy Act (CCPA) in the U.S. aimed to solve concerns around consumer privacy and declared that cookies were personal data.

GDPR has come into effect in 2018 and applies to any organization based in the EU and covers a wide range of data processes that make use of personal data. Any organization not based not in the EU that offers goods or services to data subjects in the EU should also comply with GDPR.

CCPA applies to for-profit organizations that collect personal information of California residents and either report annual revenues greater than USD 25 million, manage data of 50 thousand consumers, or derive more than half of their income from selling the personal information of California residents.

Other jurisdictions are also on their way to implement privacy regulations in the near future, including: Nebraska, Virginia, Thailand, India, and New Zealand. By launching these privacy measures, governments act on behalf of consumers and force tech companies to increase the level of privacy and change how they handle user identifiers.

IDFA and mobile identifiers

IDFA is Apple’s in-app mobile ad identifier, similar to Google’s AAID. While cookies are a web-only technology, these identifiers are provided by the operating system and used for user identification in mobile ads.

Apple announced that iOS14 will give users the option to decline or approve app ad tracking their IDFA. And even if a user expressed explicit consent and opted in for sharing their data with the particular application, advertisers would need their opt-in also across all other apps for targeted ads. These changes are presented as the App Tracking Transparency initiative and expected to come into full effect in April 2021.

Browsers

Responding to the growing popularity of privacy-focused browsers like Tor, all major browsers also took steps in that direction. In 2019, Apple’s Safari and Mozilla Firefox already enhanced tracking prevention measures and blocked third-party cookies by default. During that time, Microsoft also introduced similar features in its Edge browser.

In 2020, Google Chrome launched some additional security features that made it mandatory to ensure cookies are read via HTTPS. By 2022, Google will cease support of 3rd party cookies in Chrome browser, which accounts for the largest market share worldwide. The latter move will completely deprecate the 3rd party cookies as a tracking tool because the majority of Internet users will no longer be reachable through it.

As a replacement for cookies in the matter of conversion tracking and user attribution, Google presented the initiative called the “Privacy Sandbox”. Basically, it creates anonymized signals (that are not cookies) for users interacting with ads and provides API interfaces for advertisers to receive aggregated data. This solution, however, will not solve the problem of addressability and targeting without cookies.

All major browsers have also reduced or declared future reduction of fingerprinting and probabilistic IDs, which identify users based on a wide range of signals such as operating system version, browser version, fonts, etc. Combined with the loss of mobile IDs like IDFA or Google’s AAID, all these measures imply that non-consensual user tracking on the Internet is on its last breath. Simply saying, scarily relevant and persisting ads based on the recent app installs, visited pages, or abandoned shopping carts are likely to go away.

Cookies are text files that are placed on a browser to identify this particular user later — on this website or other sites. These snippets of data formulate the web identity of a user and help websites and platforms address individual visitors.

First-party cookies are created and read by the website a user is visiting. Their primary purpose is to improve user experience; for example, they can fill in details in forms or adjust the preferred settings. Third-party cookies are created by a website a user is not currently visiting and used primarily for marketing purposes.

1st vs 3rd party cookies

In some cases, however, the availability of 3rd party cookies can deteriorate publishers’ revenues. For example, if advertisers wanted to reach New York Times audiences at a lower price, they would trace them through cookies and reach these users on other websites where ad impressions cost less.

Let’s review how 3rd party cookies have been used for targeting until their depletion.

For example, when a user visited beachwear.com, the website dropped a cookie on their browser. Typically, advertisers would want to show items a user showed particular interest in on publishers’ websites. Ad networks and SSPs then categorize this user and synchronize cookies on publishers’ websites, so that advertisers can bid against particular users.

From an advertiser’s perspective, cookies are used in many ways, including the following programmatic functionalities:

• Frequency capping, or limiting the number of times ads appear in front of a particular user in a given time (without universal web identifiers it cannot work across sites)
• Targeting new audiences with third-party data
• Retargeting and dynamic creative optimization
• Last or multi-touch user attribution

Most importantly, cookies also provide data to track user attribution and evaluate cost-efficiency along the marketing funnel. With this tool, it is possible to link the ad creative shown to a user, for example, 30 days ago, with purchases made recently. Without cookies, it will be harder for marketers to assign value to undertaken media efforts.

The vast majority of campaigns in native programmatic have employed targeting or retargeting via 3rd party cookies, so after their removal advertisers will have to use other types of targeted advertising (sociodemographic, geo, device, contextual or interest-based) or build alternative solutions for user identification.

3rd party cookies depletion will result in fundamental changes in how users are targeted and retargeted. Industry solutions that are currently available for the advertising market can be divided into two large groups, the ones based on other user identifiers and those that rely on other data to make targeting decisions.

First-party identity solutions

Many publishers and brands have already started their own initiatives to gather first-party data, such as loyalty and subscription programs. Therefore, publishers and advertisers can partner and share their customer data sets, such as email addresses, IDs, customer profiles, etc. These efforts can also help brands deliver more personalized messages to individual consumers. For example, brands can advertise birthday freebies to their clients on publishers’ websites.

These profile data sets are supposed to be aggregated on one side, typically by a publisher, and then sold to advertisers. Publishers have to make sure that users agree to provide this information voluntarily and manage a user's consent choices by privacy-compliant software services.

In addition to compliance issues, the main problem with this strategy might be the scalability of advertising campaigns. Users’ unique IDs like hashed email addresses and their personal data would have to be gathered by a publisher, passed, and stitched together with advertisers’ data. Therefore, this solution is viable for advertisers and publishers that already have robust data sets within their CRM systems.

Third-party identity solutions

To solve the issue of scalability, publishers and ad tech platforms can form cooperative alliances and syndicate their first-party data with universal identifiers. Some examples of these cross-industry initiatives include The Ozone Project, Project Rearc by IAB Tech Lab, and Partnership for Responsible Addressable Media (PRAM).

Syndicating publishers’ data transforms it into third-party data, pushing active participants of these initiatives to invest in privacy control systems and ensure that all requirements of privacy laws are met. Consumers have to be provided with more control over their personal information and support data sharing voluntarily, in exchange for content or web services they get.

Even though these efforts may help retain user addressability for advertisers, they also may create additional walled gardens in the ecosystem and eventually raise similar privacy concerns as cookies or mobile identifiers. In the long run, it cannot be 3rd party cookies by another name. Any cross-industry solution that replaces 3rd party cookies should implement a better consent framework, the one a la iOS14, which in its turn diminishes targeting pools for advertisers.

Contextual intelligence

To stay privacy compliant and achieve scalability, advertisers can shift their focus from users’ personal data or past behavior towards the environments where interest or purchase decisions are likely to appear.

The idea of programmatic technology targeting a user based on the webpage context isn’t new, but it can prove effective in many cases. According to Pinterest research, the positive environment of an ad has a strong impact on purchase decisions: 6 in 10 US adults are more likely to convert if an ad is shown in a positive context.

The recent advances in content classification will allow marketers to ensure ads are matched to the most relevant and suitable content. Today, on-page content can be assessed based on:

• Topics on the page
• Negative or positive sentiment
• Conveyed emotions

With deep text classification, semantic analysis, and machine learning, it now becomes possible to identify high-impact environments where users are more susceptible to advertisements and make sure these placements are safe for the brand. Context can also be used for creative optimization: this approach is called “mindset marketing”, and it assumes that advertisers design campaigns to match the mindset of the customers viewing them, based on the placement and content around each ad.

Finally, context does matter for consumers, and users want to see contextual ads rather than other types of targeted ads such as behavioral, geo, or demographic. According to the IAS study, 81% of UK users prefer ads that match the surrounding content of the page.

In 2020, about 30% of all ads have been rendered on browsers with no 3rd party cookies like Safari and Firefox. By 2022, it is estimated that almost all cookie-based browser tracking will be gone completely. The depletion of 3rd party cookies is disruptive for everybody in the digital advertising ecosystem affecting targeting, measurement, and personalization during ad delivery.

In the short run, there is no evident solution of how agencies and brands should future-proof their targeting strategies in the upcoming cookieless reality. By focusing on first-party identity solutions, advertisers risk falling behind in terms of scalability. Universal IDs can eventually arrive at the same destiny as cookies as consumers demand more thorough control over their data.

Even though contextual targeting solutions are still to be implemented on a massive scale, the majority of industry professionals agree that contextual targeting will gain favor in the long-term perspective. This approach will allow brands to not only adjust to the absence of cookies but also engage with consumers in the most suitable environments and protect users’ privacy.