IAB Tech Lab President Dennis Buchheim On Preparing For The End Of The Third-Party Cookie

The technical backbone of digital advertising is being ripped out, and the IAB Tech Lab is committed to helping its members figure out what to do when third-party cookies disappear from web browsers.

Although the IAB Tech Lab built a universal ID – DigiTrust – that will continue to run as long as third-party cookies still exist, it’s not going to build a new ID that will survive the demise of third-party cookies.

Instead, it will beat the drumbeat of standards and compliance.

Along with coming up with technical standards and privacy compliance guidelines, the IAB Tech Lab joined the browser working group W3C, and will closely communicate with the browser and privacy community to figure out a solution. Buchheim laid out IAB Tech Lab’s post-third-party-cookie plan with AdExchanger.

AdExchanger: What’s the latest on Project Rearc, which was unveiled in February?

DENNIS BUCHHEIM: The name implied re-architecting digital marketing. It’s really a change from tracking-by-default to a privacy-by-default environment. We’re thinking about pursuing a range of standards and projects that will support companies to be compliant with consumer expectations and regulatory expectations.

What about the identity proposal – Project Oasis – previewed at the conference?

It’s always better to get a group to react to something, vs. saying “Give me your ideas!” But it wasn’t clearly articulated as being one of the possible paths forward and that it was not DigiTrust 2.0 or an identity service at all. It was about standards and compliance. Since then, we’ve taken a step back to consider the different problems that can be solved, and where the IAB Tech Lab can play a role.

If the Tech Lab isn’t going to build a new ID, is DigiTrust dead?

DigiTrust has an expiration date. DigiTrust depends, to a degree, on third-party cookies. It’s very useful today, and will be until the last third-party cookie is served. It absolutely serves the benefit of reducing code on page for publishers, which is good for consumers in terms of load time for sites. And it’s safer for the publisher. It’s good for DSPs and SSPs because it improves match rates. But it won’t be particularly useful once there are no third-party cookies.

Why not create a DigiTrust 2.0 without third-party cookies?

Even DigiTrust has faced some headwinds from certain member companies, not surprisingly, because they have competing solutions. The challenge we always have as Tech Lab is figuring out what is a high value add but doesn’t cross the line of being more than a foundational capability.

Is it possible that the IAB Tech Lab will step in later, years from now even?

You never know. Or, if there’s a lot of commonality between them that is a lowest common denominator that we can pull out and make an industry capability. But right now, we want compliance and standards that will encourage innovation, but in a way that’s consistent enough that it doesn’t create friction in the market.

There’s a lot of tension between the privacy and browser community and the ad community. How can you collaborate with them and reconcile vastly different points of view?

I’m more optimistic that there’s a middle ground than I ever have been. There is a lot of evolution even in how the ad industry thinks about consumer engagement and privacy. We are in W3C and we’re encouraging key member companies to be involved in W3C with their product and engineering teams.

There is no substitute for actually hashing out your differences with the browser engineers. And there are places where we find common ground, and collaborate with some of those players, like Chrome, to understand how they can evolve a bit from their positions and make changes that could be very meaningful for the economics, and a consumer’s ability to access content on the web, but completely preserve privacy goals.

What’s made you optimistic?

Chrome has the interesting position of being part of a company that also has a large ad business. They operate very independently, but they are the most sensitive of the browsers to maintaining an open, ad-funded web. It’s been encouraging to see real ideas come to the table. Some of them are problematic, don’t get me wrong, but they solve real advertising use cases. Like the concept of FLOCs or TURTLEDOVE or measurement proposals.

What about Safari makes you optimistic about their policy?

Not much. I’m not going to mince words. They are in the W3C. They listen. They put one proposal forward on attribution that was not very thought through.

I’m not optimistic, but I’m hopeful. Chrome, Mozilla Firefox and Microsoft Edge are all in discussions, and if there starts to be some level of consensus among browsers – and they start to actually believe that we mean what we say, which is that we’re really trying to find solutions with the right balance of privacy, personalization and economic benefits, then they will get to a point where they have to be more participatory.

What should we expect from mobile operating systems?

We expect change and we’ve seen change in how mobile ad IDs can be used and what kinds of alerts pop up for location tracking. This is reasonable.

But how do we get to a point where there is more consistency? I have an iPhone and a Windows laptop. Would I like those to behave consistently in terms of privacy practices? Yes. The competition right now on privacy features is strange. If every participant was really interested in privacy first, they would be joining these collaborative processes. Not everybody is.

This interview has been edited and condensed.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!