The Pathway to Privacy in Digital Marketing

By George News, WePlay Comments Off on The Pathway to Privacy in Digital Marketing

WePlay Spotlight
Louis Fry

Louis Fry

Analytics & Ad Ops Lead

Welcome to a new edition of Spotlight, the series where our in-house experts take centre stage to unpack today’s digital topics with a specialist lens.

Our Ad Tech expert, Louis Fry, takes a look at the user privacy directives affecting ad campaigns and the range of solutions being developed in response to them.

Thursday 28th January 2021 was Data Protection Day. Perhaps not one that will be marked as a future public holiday, but it represents an international effort to empower individuals to understand how their personal information is being used, collected, and shared in our digital society. It was also an opportunity for businesses to reflect on how we might measure the success of ad campaigns while protecting user privacy, and what steps can be taken to get there with scale.

Over the last ten years, an extensive blend of companies has developed across websites, apps, and murky intermediaries, all reliant on an infrastructure of ad identifiers such as Browser Cookies, Device IDs, and Browser Signals to exchange information. 

“This data is pieced together, shared, aggregated, and monetized, fueling a $227 billion-a-year industry.”

 Gröne, Florian, Pierre Péladeau, et al., “Tomorrow’s data heroes,” Strategy+Business, February 19, 2019.

Measurement is fundamental to digital marketing. However, the tools at hand right now – third party cookies, device identifiers, or browser signals such as fingerprinting – have a privacy challenge. Not to mention, there are other issues with avoiding data loss between platforms, identity management across multiple devices, and simply a lack of transparency and standardisation across the board.

This has set us on the road to a slew of evolving regulations in the form of GDPR, ePrivacy Directive, Lei Geral de Proteção de Dados (LGPD), and the California Consumer Privacy Act (CCPA), amongst others. Legal regulation has empowered users with the knowledge that they have a fundamental right to know how their data is being used and to understand that there are businesses reliant on the sharing of their data. 

The pro-privacy revolution has slowly led to an arms race by large tech companies to proactively increase privacy protections for competitive advantage. For one, Apple’s changes to IDFA in iOS14 could cost Facebook as much as 7% of total revenue in Q2 2021. 

“We continue to face significant uncertainty as we manage through a number of cross currents in 2021. We also expect to face more significant ad targeting headwinds in 2021. This includes the impact of platform changes, notably iOS 14, as well as the evolving regulatory landscape.” 

Facebook CFO Dave Wehner

Big and small players in the ecosystem have a variety of dependencies on these identifiers. For the most part, the vast advancements over the last decade in the ability to monetise user data for behaviourally targeted advertising and attribution analysis have been based around these technologies. Unsurprisingly, moves to enhance user privacy have been slow. Moreover, the COVID-19 enforced emphasis on survival has come at the expense of the transformation to a privacy-centric advertising industry.

The Winds of Change Are Blowing

Fundamentally, identity techniques need to allow for optimisation, ad targeting, and measurement at scale. I have mixed feelings about the proposed single Universal ID that allows for data interoperability across the web. Universal IDs are essentially encrypted first-party data, such as email addresses or customer IDs, collected by publishers and shared across the web. Naturally, this has a problem with security, but also scale. 

The headwinds are moving to a more decentralised data infrastructure where data is connected but never shared. New standards in privacy are also shifting power into the Browsers or Operating Systems – we all should be hopeful that a brand new open standard to dealing with identity in browsers without third-party cookies will be hatched. Otherwise, when the third-party cookie crumbles, many publishers will not be able to compete with the ability of walled gardens to generate vast first-party identities without third-party cookies.

I’ll bank that the industry will eventually form a common framework for measuring addressable media. At this point, it seems likely Browsers or OS will become a dam that restricts the flow of user-level data from client side to server, rather than the current medley of trackers sharing data freely.

First Party, Second Party, Third Party?

In the evolving regulatory landscape, first-party data assets are key to long term sustainability.

Every time a customer goes onto your website or app, they leave valuable information that is likely to be accurate and relevant to your business. Customer Data Platforms are on trend this year and can better facilitate this process, since taking customer data from multiple sources and putting it in one place is complicated. If customer data translates into more revenue for your business, then it is a worthy endeavor.

88% of marketers say collecting first-party data is a 2021 priority

Merkle’s 2021 Customer Engagement Report.

While everyone is talking about first-party data, it’s important not to overlook the growing trend of data collaboration partnerships with a non-competing brand to achieve a competitive advantage. Safe second-party data collaboration can be done under the umbrella of privacy compliance via the use of Clean Rooms, where data can be connected but not shared.

The Cookie Crumbles

This time last year, Google played catch-up in privacy posturing by stating that they ‘plan to phase out support for third-party cookies in Chrome’ by 2022 at the latest. This was big news, given Google has a 69.28% browser market share and vested interest in advertising revenue. However, it’s worth bearing in mind that Safari and Firefox already block all third-party cookies by default and that Google has been using statistical modeling to gather website conversions for traffic that can’t be measured from Safari directly for some time.

Google’s ‘Privacy Sandbox’ followed this announcement – an umbrella term for a bunch of privacy-preserving API proposals designed to ‘support business models that fund the open web’. Seemingly developed by someone with a passion for ornithology, we’ve broken some of these proposals down.


Pronounced like the collective noun for birds, FLoC is a proposed method of client-side grouping of users into flocks of people with similar interests large enough to offer scale, while maintaining the anonymity of a person or single device within each cohort. FLoC will use browser history, such as URLs and likely page content. Importantly, this information is all kept in your web browser, with the browser only flying out a single flock ID to a server. This FLoC ID would represent a large group with similar interests, rather than an ID which represents a single cookie or device. 

 “Our tests of FLoC to reach in-market and affinity Google Audiences show that advertisers can expect to see at least 95% of the conversions per dollar spent when compared to cookie-based advertising.”

–  Chetna Bindra, Google’s Senior Product Manager 

Naturally, there is some scepticism across the industry. I wonder how much better it is than taking advantage of contextual targeting and brand suitability to target people with the right mindset? The good news is that it’s available for public developer testing starting in March 2021.

First Experiment (FLEDGE)

In January 2020, Chrome proposed a complicated specification for an API called TURTLEDOVE (“Two Uncorrelated Requests, Then Locally-Executed Decision On Victory”). The goal was to find a way to retarget users with advertising without the browser revealing anyone’s browsing habits or ad interests. 

In response, there were many bird-themed counter-proposals. Some just added some new feathers, but others wanted to fly in a slightly different direction. FLEDGE (First “Locally-Executed Decision over Groups” Experiment) is an expansion of TURTLEDOVE and the many different proposals which came from it. The test is expected to run this year to validate how on-device ad selection might work in a post third-party cookie environment, but still lacks a few privacy features needed for 2022.

There are regular meetings under the auspices of the Web Platform Incubator Community Group (WICG) to address open issues and suggest technical fixes, which you can join here.

The Return of Contextual Targeting

This option has been around since the days of print media, where specific editorial content is paired with relevant advertising. However, it has evolved considerably in the era of machine learning and natural language processing to become a consumer-centric approach to targeting the mindset of the user. 

Last year, GumGum published a case study that evaluated the cost efficiency of contextual intelligence targeting vs. behavioral targeting. The winner?

“Contextual targeting was more efficient than behavioral targeting on average across campaigns when looking at three different measures for cost efficiency CPC, vs CPM.”

‘Understanding Contextual Relevance and Efficiency’ – GumGum study

However, the technology employed by partners may vary greatly from advanced natural language processing to basic keywords. After all, technology is only as good as the process employed by the team running your campaigns.

Ad Tech has always been complicated. Managing change and predicting industry dynamics even more so. We must all assume that regulations will continue to evolve and become more stringent. So, whichever array of solutions you choose, it should be flexible and agile enough to adapt to these headwinds. If FLoC, FLEDGE, or TURTLEDOVE take flight, you won’t want all your eggs in one basket. 

Interested to know more? Reach out to us at!

  • Share: