"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Warren Lapa, CEO, Unique.
When Google announced its plans to block third-party tracking in Chrome, the ad tech ecosystem immediately pivoted to first-party data and derived personal identifiers. The pitch was, “It’s the future! It’s inherently privacy compliant! It works better than anything in the past!”
But is it the panacea the pundits claim it to be? I think we’re fooling ourselves if we say yes. Worse, we’re spending a lot of time, resources and money heading down a dead end. Privacy regulations make it clear that consumers will have a lot of say over how their data is collected, stored and used – notions that our industry gives considerable lip service to but has yet to fully grasp.
Google has received a lot of flack for its FLoCs, but cohorts deserve our attention because they are the only user-targeting idea currently on the table that is privacy compliant. And it’s quite likely they’ll deliver privacy-centric campaign optimization.
Here are three reasons why:
The fallacy of “first-party data”
The general assumption we hear today is that when data controllers – be they brands or identity graph companies – collect data on a consumer, it’s their “first-party data,” which they can use as they see fit for targeting users, setting up clean rooms for audience overlap analysis and sharing with their ad tech partners.
Robin Caller, writing in AdExchanger, takes issue with that premise. “That data is not, and never will be, ‘your’ first-party data. The customer is the first party in this transaction – you, as the marketer, are the second party.” He offers a warning that the entire industry would be wise to heed: Privacy regulations don’t agree with that assessment, and the regulators will start going after “processing” violations very soon.
Let’s be specific here. GDPR requires data controllers to have a legal basis (of which consent is the one most talked about) to both process data and to profile users via any automated processes. "In addition, the European Union's Privacy and Electronic Communications Regulations (PECR) require consent for use of all but essential cookies."
The California Privacy Rights Act of 2020 (CPRA) allows users to say no to entities sharing their data (even if they’re the so-called “first party”). A consumer can say yes to first-party cookies issued by the publisher, but not to sharing their data for a variety of ad tech activities, which can range from retargeting, look-alike modeling and mapping to a maintained ID graph.
There is a pervasive fallacy that “first-party data” goes beyond that first set of permissions, but it’s increasingly obvious that post-permission sharing would involve a complicated layer of consent to satisfy privacy regulations.
As an industry, we embarked on a quest for data because we believed we could achieve a state of one-to-one marketing, where we could know the consumer’s exact frame of mind and target them with the right message at the right time. But we’ve never come close to achieving one-to-one marketing, because it was based on faulty assumptions. Page views, clicks and shares largely predict momentary interest. More often than not, we were targeting the wrong customer with the wrong message, and we’ve angered consumers and regulators alike in the process.
The future of digital advertising will be less data, and the industry needs to stop looking for workarounds. This is where cohorts come in.
The efficacy of cohorts
Are cohorts good enough to drive campaign performance? The answer is, it depends how you build them. Cohort sensitivity is an important consideration – how and why to include a user in a cohort are make-or-break issues in terms of efficacy.
Assuming that the industry can answer the efficacy issue (and it will be solved with ethical application of data science), I think cohorts have the potential to balance privacy and targeting better than current personal-identity-driven marketing, as long as they are built using consented and permissioned first-party data for the customer’s life cycle.
Currently, Google owns the cohort creation conversation because of its work around FLoCs, but Google’s cohorts are built in its Chrome browsers, which is just one possible approach. What if advertisers and publishers built and optimized their own cohorts based on their own first-party and fully consented data? And what if they optimized them over time, reflecting the changing needs of their consumers and readers? I can envision a scenario where brands have multiple, even thousands, of cohorts that they layer on top of one another to home in on their exact audience.
And what if brands and their ad tech partners got better at reading content signals in the context of the cohort they’ve created? Would they be able to assess the intent of a group of users acting as a cohort on a publisher site or a walled garden platform?
Custom cohorts built using first-party data, combined with smart contextual assessment, can be a critical component of the marketer’s and the publisher’s arsenal.
Cohorts can comply with both the spirit and the letter of the law
The real benefit to cohorts, in my view, is they’re a privacy play based on aggregation and not personal identifiers. Brands and publishers could build their custom cohorts based on their own first-party data, and they can request specific consent, so that hurdle is cleared. And Google makes the case that targeting is based on a group of users, not individual users, which means it’s more privacy compliant than targeting based on tracking data. Finally, in this scenario, context plays a much more significant role, which aids in overall privacy.
Ultimately, are cohorts good enough?
Coming from the TV business, using cohorts like age, gender and geo, I think they can be. But we will need to put the effort into making them work, because respecting consumer privacy while keeping programmatic transactions viable is paramount.