Identity Reality Check: Most Identity Solutions Will Fail

The Sell Sider” is a column written by the sell side of the digital media community.

Today’s column is written by Ian Trider, VP of RTB platform operations at Centro.

If there are at least 80 companies purporting to offer identity solutions, surely the ad tech industry is set, right? Nope. I would argue that most of these companies will fail for technical, business, or policy reasons.

The prospects of identity solutions can be evaluated on the presence or absence of the following three key elements. If these elements are present, it is at least possible for these technology providers to succeed.

Without them, it’s just another exercise in wasted time for advertisers and publishers.

Element #1: A Compliant Method To Create and Store IDs

Browsers and device makers have made their stance very clear: any means of tracking users must use approved methods. Google, Apple, and Mozilla have stated that any tracking that does not use approved methods will be considered covert tracking/policy circumvention and they will seek to stop it.

Identity requires the creation and storage of an ID so the user can be recognized later. This must be done in a way that does not run afoul of these policies or it will be short-lived. In order to comply with their policies, identity will have to be derived from users signing into a publisher website and stored in a first-party cookie on that site.

Any other means of generating a cross-site pseudonymous ID, or linking an ID across sites without explicit user login on each site, involves fingerprinting or other “unintended” techniques. These techniques will not meet with those tracking policies.

Element #2: A Business and Technical Plan to Get IDs into RTB Bid Requests

Creating a piece of code that identifies users doesn’t mean that identity can be actionable for media buying. DSPs need to be able to use this identity code to perform audience targeting, frequency capping, etc.

But DSPs can only act on a user based on the data in a bid request. They don’t get to run code on the user’s computer until they serve the ad. At that point, it would be too late, so the publisher and exchange need to be involved to supply an ID in bid requests.

Putting identity into a bid request requires a secure mechanism or process for (a) passing IDs from publishers to exchanges and (b) for exchanges to pass those IDs onwards to DSPs. This technical challenge already has multiple technical solutions. The more significant roadblock is the gargantuan business development effort required to get publishers and exchanges to adopt. ID solutions must have a critical mass of publisher and exchange buy-in or they won’t be useful for advertisers.

Element #3: Consumer Transparency and Control

 Consumer expectations and growing regulatory scrutiny is driving the need for consumer transparency and control. Consumers must be able to observe that tracking is occurring, and who is tracking them. Consumers must be able to exert control technologically over the tracking.

In practice, this means that consumers should be able to prevent being tracked, rather than just requesting that data companies don’t track them. Today, consumers can prevent tracking with cookies. Other methodologies often lack that tracking control.

Covert tracking methodologies inherently fail here – they cannot be observed or reliably controlled. A user who is being tracked via a fingerprint has no reasonable way to know that it’s happening. Nor would they know how to stop it.

Probabilistic methods of identity also fail this test. Consumer privacy rights must be reliably respected. Since probabilistic identity is not guaranteed to consistently and reliably identify the user, their privacy preferences cannot be guaranteed to be respected.

Evaluating Partners Using These Three Elements

 These three elements form a basis for evaluating whether a given identity solution has a realistic prospect of success.

Some questions to ask include:

  • How are you determining the user ID? Is it based on a user logging in? If not, how do you generate an ID without running afoul of browser policy?
  • Are you attempting to identify the user across sites, and if so, how does that comply with policy?
  • How will you get your IDs from publisher to exchange to DSP to target audiences?
  • How do consumers know they are being tracked and how do they control it?

Identity providers that can’t rationalize their answers with the aforementioned elements will never get off the ground. Or, their efforts will come to an abrupt end at the hands of regulators, browser makers, or both.

Identity providers that can provide answers that satisfy these three requirements will have a chance at becoming the industry standard.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!