"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Martin Kihn, senior vice president of marketing strategy, Salesforce Marketing Cloud.
Considering the future of post-cookie ad data management, a dominant scenario goes like this:
- Brands gather more first-party data from customers, with their consent.
- Publishers (including gardens) accept personally identifiable information (PII)-based audiences and match as they can.
- “Clean rooms” are used to prevent data leakage.
- A handful of Universal IDs emerge, based on PII like emails and stored on first-party cookies, to allow broader activation on participating sites and apps.
- The browsers – or at least Chrome – adopts an aggregate targeting and measurement mechanism with an avian name.
In this scenario, the email (appropriately hashed) emerges as a key bridge from cookies to the future. Large publishers offer Facebook Custom Audience-like buying. And for the rest of the world, Google assures us that FLoCs are "95% as effective as cookies."
So really – other than losing what Safari engineer John Wilander calls an "arbitrary cross-site tracking vector," – advertisers can look forward to something like business as usual.
Until we start to think about the logistics.
Birds of a feather FLoC together
Each step of the above scenario relies on assumptions that may not be true. The end state is in the hands of the browsers and operating systems that mediate the digital experience. And if it is to host the unified profile of the marketing suite, the CDP will need to adapt.
One adaptation is an ability to work with emerging aggregate, API-based IDs such as FLoCs.
Just last month, Google ran a kind of in-market thought experiment to validate the workability of its FLoC hypothesis. At the same time, the TURTLEDOVE idea got closer to reality through a prototype called FLEDGE. Triangulating from the FLoC experiment to the FLEDGE explainer, we can begin to see where Chrome is headed.
And it's important to remember the explicit philosophy of all the browser working groups, updates like Safari's ITP, Mozilla's ETP, and Google's Privacy Sandbox. In the words of the Safari Privacy Overview: ITP's aim is "to block tracking regardless of what kind of data is used."
Any scenario would be naive to forget this principle. That's why a solution that relies on another user-level ID – say, email – applied across different domains, would seem to be working at cross-purposes with the browsers.
While details around Google’s "95% as good as cookies" claim weren't really provided, we assume it means interest-based FLoCs are almost as good as similar third-party cookie segments at predicting browsing behavior.
In contrast, FLEDGE assigns browsers to "interest groups" based on behaviors defined by site owners and their partners. The same browser can be in many different interest groups.
As the proposal says, numerous parties will want to put browsers into groups, including advertisers, publishers, and third parties: "A third-party ad tech company might create and own an interest group of people whom they believe are in the market for some category of item."
Which sounds a bit like cookie pools of the past but won't work until the pool itself grows to be fairly large (say, 1,000 people). In this way, individual privacy is not at risk, but techniques like retargeting are still possible.
What does this mean for CDPs?
In general, CDP data is unified at the person-level, using PII. Pseudonymous IDs can be attached to this profile, of course, but there has to be a profile in the first place. A CDP using only pseudonymous IDs is basically a DMP.
To work with media in the future, CDPs will need to link PII with media IDs. Post-cookie, these media IDs may well be FLoCs and "interest groups." That linkage shouldn’t be difficult: a person visits a site and – if they log in or have a first-party cookie ID already – the first-party ID and the users' various interest group labels are retrieved from the browser and joined.
But can the website owner collect the email address? Most website visitors don't authenticate. Among those who do, a rising number sign on with various third-party federated providers ("Sign in with Google," etc.). These providers rely on technologies such as iFrames, popups and cookies that likely won't work in the future. And they can decide whether or not to share the customer's literal ID with the website.
A well-known issue, federated log-in, is the subject of yet another sandbox proposal: WebID, submitted to the W3C last year, would for example translate an email into a site-specific ID. It’s similar to Apple's 'Sign in with Apple' and Mozilla's Private Relay, both of which allow users to obscure emails from sites and apps.
And speaking of apps, Apple's App Tracking Transparency (ATT) framework is much-discussed lately for changing marketers' access to user data, even among users who have opted in. The trend is clear: in the future, even a log-in may not provide an ID that can readily be used to target ads.
We may have to lower our expectations for custom audiences as well. Today, ecosystems like Google's match CRM data for ad targeting. The ads themselves still require cookies to work.
In a world of FLoCs, will Google and others want to maintain the infrastructure for both user-level and FLoC-based audiences? It might be considered more consistent simply to serve and measure ad audiences at the FLoC or interest-group level.
Key requirements for the 'media CDP'
If the CDP is to meet the modern CMO's media requirements, it will have to do three things:
- Master Multiple IDs and Support Advanced Analytics
More publishers will offer PII-based audiences. Where direct connection isn't possible between CDP profiles and ad-targeting IDs or groups – e.g., because emails are obscured, - marketers will need to make the most of sparse data using machine learning. CDPs will need to support ML to fill gaps, using data that's available, either via access to raw data or on-board tools.
- Manage Data Collection, Rules and Updates
- Provide Secure Pipes to Publishers
Post-cookie media buying will require more pre-configured pipelines, similar to private marketplaces today. Advertisers need reliable ways to match audiences with publishers and data providers while meeting regulatory and trust requirements.
Thanks to Kris Chapman for technical guidance.