Privacy in the Age of New ID Solutions

This op-ed is a companion to our July 30 post, which you can read here. 

Despite Google’s recent delay in phasing out Third-Party Cookies (3PC), the writing is on the wall: online publishers must explore new identity (ID) and first-party data solutions to maintain their targeted advertising capabilities.

In an ideal world, publishers would offer more contextual or data-neutral solutions to advertisers, and advertisers would pay well for limited-data ads. We are not there yet, and bids with identities (real or dubious) command the ad market. But with the era of casual tracking and profiling nearing a regulated and technically enforced end, the online industry—from advertisers to ad tech intermediaries—may find they do not need to rely heavily on personal data to sustain useful levels of targeting and measurement. 

The Shift to Alternative ID Solutions

Universal or alternative IDs, which leverage persistent identifiers like email addresses, phone numbers, or device IDs, have emerged as potential solutions to provide a consistent user experience across platforms. However, these cookie alternative solutions come with significant privacy-perceptional challenges that publishers must navigate with care. Unlike 3PCs, which were often invisible to users but readily controlled by the informed, these new IDs are more opaque, raising the stakes for obtaining genuinely informed consent at scale.

Cutting Through the Marketing Hype

It's easy for publishers to get swept up in marketing claims that promise compliance and privacy without substantial evidence. To navigate this landscape, publishers must focus on the specific technological mechanisms and privacy safeguards each solution offers. The shift in Google’s 3PC phase-out – from by fiat to through elevated user choice – offers a window for publishers to test and evaluate these new solutions thoroughly. In collaboration with legal and privacy teams there is an opportunity to do more than try to replace the utility of 3PCs. 

One silver lining from Google’s turbulent Privacy Sandbox initiative is that a pro-privacy shift in ad targeting is possible, if painful in the short term. 

Evaluating ID Solutions

A common misconception in the industry is that authenticated ID solutions like The Trade Desk’s popular Universal ID 2.0 are inherently more privacy-compliant than 3PCs. The assumption that a user logging in or providing a tokenizable email or phone equates to consent for tracking and targeted advertising is flawed and potentially dangerous.

When considering cookie-alternative ID solutions, publishers must prioritize privacy and compliance, thoroughly vetting how these solutions handle user data and ensuring those methods are compatible with requisite transparency and choice requirements. This is not just about technical efficacy but about ensuring industry does not slip into atavistic complacency. This includes understanding how solution providers create the IDs, and whether they employ privacy-enhancing technologies (PETs).

Where required, consent under GDPR, CCPA, and other formative privacy regulations, must be explicit, informed, specific and freely given. Logging into a website or subscribing to an email newsletter does not automatically meet these conditions. Publishers must ensure they obtain clear and specific consent from users, regardless of the ID creation, storage or resolution methods used,

For advertisers and marketing technology companies, the challenge is multiplied as companies evaluate new ID solutions as they are applied across thousands of individual publishers.  ID solutions that can tell a consistent and credible story about how these privacy considerations are addressed across publishers, will have a massive advantage.

Additional privacy considerations should include:

• Data Security: encryption, access controls, and data breach response
• Data Minimization & Purpose Limitation
• Data Subject Rights: access, rectification, deletion, opt-out mechanisms
• Third-Party Agreements
• Data Retention Policies & Secure Disposal
• Regular Audits and Policy Updates
• User Communication: transparent privacy policies
• Anonymization and Pseudonymization Protocols

Building a Robust Future for the Digital Industry

As the online industry undergoes this latest transformation, the ultimate goal must be to create a digital ecosystem that is privacy-fit for the future. This is not only necessary to comply with evolving regulations but also to meet user expectations. The rise of ad blockers and increased opt-outs from data sharing underscore the strategic imperative for publishers to maintain user trust, respect privacy rights, and preserve advertising effectiveness.