By on April 14th, 2021

4 Ways We're Preparing for Changes in Data Privacy (& So Can You)

How Agencies Should Prepare for GDPR, CCPA, iOS14, and the Death of Third-Party Cookies

It’s no secret to any agency, programmatic or not, that major changes are afoot in the ad industry. Between GDPR and CCPA, iOS14, and the phaseout of third-party cookies across all major browsers by 2022, a lot has already begun to evolve in the digital ad ecosystem, with plenty more coming soon.

While some in the ad tech and media buying space have expressed concern regarding the evolution of digital identifiers and ad targeting capabilities, the fact of the matter is that a better-regulated relationship with consumer data is a good thing for the industry: Any ad campaign built on a less-than-consensual relationship with audience data is not likely to benefit those ads’ ability to appeal to that audience in the long run. The fact that an industry-wide transition toward new methods of ad targeting may be bumpier in the short-term than staying with the current model doesn’t mean the transition itself is a bad move.

See also: Audience Targeting 101: How to Show Your Digital Ads to the Right People

“I believe this shift is good, and necessary, for the advertising industry,” Jonathan Stringfield, VP and global head of business marketing at Activision Blizzard, recently wrote in a column for AdExchanger. “The relationship between platforms, consumers, and brands will ultimately emerge stronger for it. Advertisers should, generally speaking, be in favor of things that are pro-consumer … we are not trying to force people to do something.”

Based on our own agency’s preparations for data privacy changes, we’ve compiled the following four ways that others can begin to prepare as new regulations are enacted (and with the expectation that more will follow in the future).

Do Your Own Research

There has been no shortage of hot takes published by ad industry media outlets ever since the impending demise of third-party cookies was announced—and like media coverage in the U.S. generally, the negatives have been highlighted far more often than the positives.

We strongly recommend that all companies do their own research and come to their own conclusions regarding the potential impact of new data privacy regulations on their business model. The most important changes to be aware of at the moment include:

  • GDPR: The General Data Protection Regulation (GDPR) is an EU law that governs the processing of EU citizens’ personal data. It came into effect in May of 2018 (though many brands have yet to pursue and/or achieve full compliance). GDPR requires websites who process personal data on EU citizens to first obtain their consent (“lawful basis”) in order to do so. It also stipulates that any EU citizen whose data you process has the right to request a copy of that data and delete or modify it as they wish.
  • CCPA: The California Consumer Privacy Act (CCPA) is a state-wide law that governs the collection, use, sharing, and selling of the personal information of California residents. It came into effect in January of 2020. The CCPA requires businesses to inform consumers about their personal information collection and sharing practices, enabling consumers to opt out of third-party data sales as well as access and delete any data that has already been collected about them.
  • iOS14: With changes to iOS14, Apple is altering how iPhone applications will receive and process conversion events. This will have a similar effect to blocking third-party cookies on a browser, but Apple’s changes are only relevant at the mobile application level.
  • Cookies: News about the “death of the cookie” pertains to third-party cookies, which are primarily used for tracking and advertising purposes. These types of cookies are currently being phased out across major internet browsers: They are already blocked in Safari and Firefox by default, and Chrome plans to block them by default starting in 2022. It’s important to note that first-party cookies, which are used to track things like website analytics, logins, and shopping cart behavior, originate from the main domain a user is visiting and are still allowed across all browsers, with no plans to be blocked in the future.

There are many guides available online that detail the (relatively minor) changes your business can make in order to comply with GDPR and CCPA. With iOS14 and the phaseout of third-party cookies, the primary impacts will be felt in the decreased availability of data sets on the behavior of consumers outside your own website—which leads to our next recommendation.

See also: Every Ad Agency Should Be Offering Programmatic in 2021. Here's Why

Prepare to Rely on Other Data Sources

“Many data companies that are reliant on third-party cookies will essentially no longer be able to operate using their existing business model,” says Riley Tompkins, senior data analyst at PrograMetrix. “Companies that rely on ethically sourced [personally identifiable information, or PII,] will be fine as that data comes from things like email address and login information.”

While the third-party data scene will become less robust, a good agency knows there’s far more to effective digital ad targeting than third-party data sets. The following data types will become more widely used as third-party cookies are phased out:

  • Zero-party data: Forrester defines this as “data that a customer intentionally and proactively shares with a brand, which can include preference center data, purchase intentions, personal context, and how the individual wants the brand to recognize her.” As indirect data about consumers becomes less widely available, savvy brands will want to do a better job of simply asking their customers about their preferences. This may well give advertisers a better understanding of those customers than they were previously (and perhaps incorrectly) inferring through third-party data.
  • First-party data: First-party data will be as important as ever, and we will likely see email logins become more ubiquitous across the web as visitors stop being tracked through third-party cookies. First-party data will likely become the best way to run retargeting-style digital ad campaigns going forward.
  • Second-party data: Second-party data is first-party data bought from someone else—for example, through Lotame’s Private Data Exchange (PDX). There is a good chance second-party data will gain importance in the marketplace as a way to expand the reach of digital ad campaigns beyond first-party data.
  • Contextual targeting: Contextual ad targeting will continue to be an effective and viable digital targeting tactic, and is likely to increase in importance and sophistication with the phaseout of third-party cookies.
  • Location-based targeting: Location-based ad targeting tactics—including location retargeting, location-based interest segments, and foot traffic attribution—will also continue to play an important role in ad campaigns, since location data is registered through real-world signals rather than third-party cookies.
  • Private marketplace (PMP) deals: There will likely be more of a reliance on private deals and the targeting abilities they provide, whether through PMP contracts or deals made directly with publishers. Publishers with a great deal of their own first-party data (such as the New York Times) stand to benefit from this shift.

See also: Programmatic Private Marketplace 101: Definitions & Ways to Use PMPs

Keep Up With New Solutions

As a company, we’re always following new developments in consumer data privacy closely, but the industry’s pace of change right now is rapid and many of the stories published today will be rendered irrelevant by new announcements and advancements in the months to come. The following are the potential identity solutions that currently seem most likely to define the next chapter of digital ad targeting and addressability, but the list could easily change substantively by next year.

  • Unified ID 2.0 (UID2): Our partners at The Trade Desk are working closely with many others in the industry on Unified ID 2.0. UID2 will enable advertisers and publishers to track individuals based on various identifiers and anchored primarily by authenticated log-ins (with email addresses, phone numbers, and more). These are linked to an identity graph, which defines each user’s profile. This solution will give users the ability to manage, delete, and opt out of tracking; the technology will be open-source and operated independently from TTD, by Prebid.
  • Authenticated Traffic Solution (ATS): Similar to UID2 but developed by the team at LiveRamp, ATS will be interoperable with UID2 and capable of linking to the identity graph mentioned above. According to LiveRamp, “ATS enables individuals to participate in a two-way value exchange with brands and publishers. By authenticating themselves, individuals are able to maintain control over the use of their data. In return for individuals’ trust, brands and publishers can create valuable experiences and content.”
  • Panorama ID: Panorama ID was created by Lotame as a cookie-less alternative; it was built with similar methodology as, and is also interoperable with, ATS and UID2. It is a “people-based, privacy-compliant identity solution for the open web … built from multiple inputs (web, mobile, CTV, and customer data).”
  • Federated Learning of Cohorts (FLoCs): Google’s current most likely solution to the phaseout of cookies in Chrome is known as “federated learning of cohorts,” or FLoCs. This method is used to cluster large groups of people together based on their shared interests. Currently this solution is being tested in Google’s Privacy Sandbox. Google has said they will not create any cookie alternative or support any identity solution that tracks individuals as they browse the web.

See also: What's In a Programmatic Ad Tech Stack, & How Much Does It Cost?

Embrace the Changes

At PrograMetrix, the continued relevance of our business model depends on our ability to effectively target programmatic ads for our partners and clients as data regulations change—and we’re not concerned about our ability to do that. Your business doesn’t need to be afraid of these changes either: Taking the basic steps outlined above will ensure that you’re ready for them when they arrive.

An important thing to remember is that just because the solutions mentioned above may not be ready yet to provide the type of microtargeting third-party cookies can doesn’t mean they won’t become increasingly effective as time goes by—they may even surpass the current effectiveness of cookies, and keep consumers happier with advertisers along the way. Digital ad targeting tactics and technologies are remarkably robust and varied, and many new solutions are already in development as well. The increasing sophistication of data collection, measurement, and the agencies actually using these new capabilities every day will ensure that a few years down the road, there’s a good chance nobody will miss the old ways of doing things.

At the end of the day, any business worth its salt has to be ready to adapt to change—and chances are, your business has already adapted to a great deal of change over the past 12 months. If you’ve made it this far, trust us: You’ll make it through the next 12 too.

Ready to Take Your Agency to the Next Level?

We're excited to work with you!

Brett Konen is the senior marketing manager at PrograMetrix.