Google called the future of Unified ID 2.0 into question, without directly naming it, by clearly stating that it has no plans to support email-based identifiers or any mechanism that it views as mirroring the functionality of cookies.
For Google, it’s Privacy Sandbox or bust, at least when it comes to the open web. (Google’s own first-party products and services are an entirely different story.)
Regardless of Google’s opinion on the matter, however, the industry soldiers on, including The Trade Desk (which spearheaded Unified ID 2.0 as an open source industry initiative), the Partnership for Responsible Addressable Media (which is currently reviewing the UID 2.0 code) and the IAB Tech Lab (which is in the mist of hammering out the Project Rearc principles that will underpin UID 2.0).
But there are other challenges facing Unified ID 2.0, putting aside Google’s rebuke and its prediction that email identifiers “aren’t a sustainable long-term investment” due to consumer expectations for privacy and the rapidly evolving regulatory environment.
For example, can the effort scale? What happens to small and medium-sized publishers that can’t convince their visitors to authenticate? Will the central body that eventually administers the ID have too much power? Will the increasing popularity of disposable burner emails and Apple’s “Sign in with Apple” option break UID 2.0’s identity backbone?
And, the biggie: Will enough consumers actually consent to their email being used as an ID for ad targeting and how do you get them to do it?
Scale and mid tail
Without enough publishers and consumers on board, Unified ID 2.0 is a cool concept car without the gas to make it go.
Getting scale is a significant challenge, said Hugo Loriot, a partner at You & Mr. Jones-owned data agency fifty-five.
Although the purpose of UID 2.0 is to bring addressability to the open web in the absence of third-party cookies, the end result could actually be another walled garden, he said.
“It’s a little deceptive to present this as the future of the open web versus Facebook, Google and others, because it’s mainly the big publishers that will have the ability and the right value proposition to get people to sign in, which will earn those publishers higher CPMs tied to identity resolution – and that’s great for them,” Loriot said. “But for the vast majority of publishers, the ones who aren’t able to join the club, CPMs will fall.”
Dave Pickles, CTO of The Trade Desk, acknowledges that the burden on mid- and long-tail publishers “is a big deal.”
“Some publishers have logins today, which I think makes UID 2.0 a no-brainer, but that’s not the case for publishers that don’t have a direct relationship and that is where a lot of my attention is right now,” said Pickles, pointing to the work that Criteo and others are doing to develop a single sign-on platform to help publishers gather consent.
But even if every small, medium and large publisher on the internet joins UID 2.0, that doesn’t mean consumers will be willing to share their email address.
Developing a systematic – and convincing way – to get people to opt in is crucial. “This whole thing only works if users consent to a targeted internet by providing their email,” said Tom Kershaw, CTO of Magnite and chairman of Prebid.org, which recently agreed to serve as one of the independent operators of Unified ID 2.0.
The Trade Desk is optimistic that with a user-friendly SSO system and consumer education, this is more than possible. Pickles estimates that over time there’s no reason why 80% of internet users won’t eventually authenticate if the value exchange is properly explained and executed.
But take that with a grain of salt. Even LiveRamp, which joined the UID 2.0 initiative last year and has a lot riding on the viability of its own Authenticated Traffic Solution, believes that publishers should aim for at least 30% authentication … a far cry from 80%.
To be fair, though, the average cookie match rate is only around 40% on a good day – and it’d be foolhardy to assume that authentication is a 100% solution for everyone.
“It’s unrealistic to expect the whole web to be authenticated … not everyone will do so,” said Tom Richards, global product director at programmatic media solutions provider MiQ. “A diversified cookieless activation strategy is required.”
Who holds the keys?
There is, however, an even more existential question dogging UID 2.0, and that is whether it will remain truly open source.
Although Prebid has signed on as an independent operator, that only means it’s going to operate the cloud accounts that UID 2.0 will run on, and that Prebid’s GitHub repository will be home to the underlying software.
But UID 2.0 is also looking for an administrator, an entity that has the power to audit and shut off bad actors. That job will most likely fall to the IAB Tech Lab.
“It’s a major concern, the potentially authoritarian, centralization aspect of all of this,” said Joshua Koran, head of innovation labs at Zeta Global.
“Imagine if a kill switch was built into the ID itself,” Koran said. “How many publishers would want to put their entire business at risk? Who writes new regulations to replace what governments have already come up with? Moreover, if there is an alleged violation, which justice system or law enforcement will investigate?”
And here’s another rub: what if consumers actually take active measures to avoid their email address from being used as an identifier?
A growing number of consumers are signing up for temporary “machine-generated emails” provided by services such as Burner Mail and Simple Login in order to conceal their real email address. And Apple, for example, is aggressively pushing its Sign In With Apple SSO service, which generates a unique, random email address that forwards to a user’s personal email.
“Every one of these solutions gives out a different email address for the same user for every site they go to and it just breaks everything,” said Keith Petri, CEO of a new startup called LockrMail that provides people with a single publicly facing email address that they can use across publishers, retailers and other sites.
“What I think UID 2.0 doesn’t take into account is that there is an equal and opposite reaction coming from consumers when it comes to tracking,” Petri said.
According to Pickles, publishers will have a way to quickly detect whether an email address isn’t legit, and then it’s up to the publisher whether it wants to communicate directly with those visitors and ask them to share something usable.
But regardless of any messaging or the development of an opt-in system that explains the value of UID 2.0, perhaps the deepest challenge of all is that the imitative isn’t necessarily solving a core consumer complaint, said Scott Messer, SVP of media of Leaf Group.
“A lot of people just don’t want to be tracked,” Messer said. “It’s got to be acknowledged.”