Home Data-Driven Thinking First-Party Consent Can Replace Third-Party Cookies

First-Party Consent Can Replace Third-Party Cookies

SHARE:

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Manny Puentes, founder and CEO at Rebel AI.

Google’s recent decision to deprecate third-party cookies on Chrome will severely cripple browser-based targeting, cross-site tracking, frequency capping and retargeting. Ad platforms will be blind outside of the contextual attributes passed in any opportunity to serve an ad.

Third-party cookies have been an anonymous, necessary evil to deliver highly targeted ads. Though third-party cookies are discussed in terms of consumer privacy, the third-party cookie itself is actually completely anonymous. Platforms can’t determine who you are based on the generated ID representing your device. Real privacy concerns start to proliferate when you mix third-party cookies with form data, such as email, first name and last name, and send that data along with a cookie.

If you extrapolate this use case and allow for that same ID to persist from site to site, data platforms can get smarter about your behavior and interests.

Email won’t save us

Any ID, cookie or otherwise, that can eventually be tied to form-data/PII will become a privacy issue. In light of the coming changes to Chrome, some companies have announced they will use email or other types of identifiers to replace some of the consumer targeting that will be lost.

Some platforms are proposing email as the Rosetta stone to “anonymously” identify the consumer. Let’s take cross-site tracking as an example. If platforms are left with first-party cookies, all of the data will be siloed by site. That means the consumer will have a different first-party cookie ID from site to site as they surf the internet. In this new paradigm, email will be used as the key to stitch the data together to reveal behavior and interests, same as before, except with strong standardized joining criteria for offline data.

Email represents another ID tied to the consumer vs. the device, and is even more intrusive. With this change, consumers can further be tied to offline data, such as home refinancing applications or store visits if they gave their email to receive digital receipts.

Yes, I know it’s hashed and “anonymous,” and can’t be reverse-engineered. But an entity with raw consumer data and consumer emails can continue to link form-data/PII, therefore identifying the consumer all over again.

The problem isn’t a technical one. The industry will eventually figure out a way to technically track consumers. The real challenge is abiding by the emerging policy, legislation and regulation requirements that dictate what consumer data companies can and cannot collect.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

The consent solution

Sites are highly dependent on the first-party cookie, and as the industry transitions to using first-party cookies to target advertising, consent becomes a more controllable asset. This is a new opportunity for consent platforms to provide the gateway to ensure that the needs of consumers and the ad ecosystem are met.

Consent platforms have come a long way in establishing a strong foundation to protect the consumer. As an industry, we are finally giving consumers the ability and opportunity to not be tracked.

In tandem with these platforms, there’s technically still a way to use first-party cookies for cross-site tracking, frequency capping, targeting and retargeting without the need of a hashed email to keep the ID anonymous without using PII.

Let’s say I browse to cnn.com, receive a prompt to allow cookies, and I hit “Allow.” If the consent platform took the “cnn.com” location in the browser and reset the location to point to “optin.com?url=http://cnn.com,” it would allow a first-party cookie to be set on “optin.com.” If optin.com would immediately redirect back with “http://cnn.com?optin_id=123,” it would allow for the first-party cookie to be read off of the URL set on “cnn.com” with the key of “opt_in” and the value of 123.

This technical workflow would allow for subsequent calls, if they had JavaScript on cnn.com to query for “opt_in” and pass the value to ad platforms on the URL, along with any metadata appended as a query string parameter to reenable targeting and cross-site tracking. The redirect in this use case, after you hit “Allow,” would give back the same ID on “optin.com” any time the consumer allows cookies for tracking.

Click here to enlarge graphic.

For this to work, standards and specifications will be paramount, and the IAB must play a crucial role in standardizing the first-party cookie workflow outlined above. For example, we would need the key for the first-party cookie to retain a unique standardized name so that platforms that are interested in passing the ID (opt_id=123) know what key to query on the first-party cookie.

An open consortium would also be needed to manage and own the “optin.com” domain, the services required to apply the redirect and the open-sourced JavaScript to set first-party cookies off of the URL to later be queried by other platforms.

The aforementioned workflow would only activate after hitting “Allow Cookies” on a consent platform. As you can see, the ecosystem would share the same ID when targeting and tracking, granting the consumer more control over consent and providing the road map for a safer consumer experience.

There will always be a workaround to track the consumer. While the industry is fretting about the death of the third-party cookie, the real problem is not a technical one. The issue remains what we are legally able to collect on the consumer while adhering to evolving standards surrounding consent and privacy.

We should also be looking at the data that Facebook and Google are collecting. In-home devices, Gmail, Google Documents, Google Maps, Search and Google Apps are all collecting data on a first-party basis, and killing the third-party cookie will do absolutely nothing to stop them from collecting data and monopolizing the advertising market. In fact, it’s empowered their initiatives.

I’m optimistic about the long-term opportunities that this change heralds. The third-party cookie was messy for reasons not related to privacy. Though Google and other industry giants have given themselves an advantage, this change will spur the rest of the industry to innovate, creating new solutions to compensate for the changing environment. The death of the third-party cookie truly empowers us all to come together and build a seamless environment that adheres to privacy controls managed by one ID that represents a consumer and their consent.

Follow Manny Puentes (@epuentes), Rebel AI (@Rebel_AI_) and AdExchanger (@adexchanger) on Twitter.

Must Read

Intent IQ Has Patents For Ad Tech’s Most Basic Functions – And It’s Not Afraid To Use Them

An unusual dilemma has programmatic vendors and ad tech platforms worried about a flurry of potential patent infringement suits.

TikTok Video For Open Web Publishers? Outbrain Built It.

Outbrain is trying to shed its chumbox rep by bringing social media-style vertical video to mobile publishers on the open web.

Billups Launches Attention Measurement For Out-Of-Home

Billups, a managed services agency that specializes in OOH, is making its attention measurement solution and a related analytics dashboard available for general use.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
US District Court for the Eastern District of Virginia, Alexandria

The Google Ad Tech Antitrust Case Is Over – And Here’s What’s Happening Next

Just three weeks after it began, the Google ad tech antitrust trial in Virginia is over. The court will now take a nearly two-month break before reconvening for closing arguments right before Thanksgiving.

Jounce Media's Chris Kane at Programmatic IO NY on Sept. 25, 2024.

The Bidstream Is A Duplicative, Chaotic Mess – But It Doesn’t Have To Be That Way

Publishers are initiating more and more auctions – but doesn’t mean DSPs are listening to more bids, according to Chris Kane.

Readers Are Flocking To Political News, Says WaPo – And Advertisers Are Missing Out

During certain periods this year, advertisers blocked more than 40% of The Washington Post’s inventory over brand safety concerns.