Tom is a marketing executive at a globally-recognized multinational corporation; he’s a client of ours, and his marketing and analytics teams work closely with us. He knows that privacy has and will continue to change the marketing landscape, but despite his best efforts doesn’t quite feel that he has a grasp of the fundamental concepts in a way that he can readily communicate to his leadership.
To highlight that importance, according to the Third Edition of the Salesforce Marketing Intelligence Report, “90% of marketers indicated recent data privacy changes have shifted their KPIs and how they measure performance, with 64% saying they’ve changed how they collect customer data. Despite that, only 36% of B2B brands say they are ready for upcoming data privacy changes, according to another study.” (Forbes)
Needless to say, having an understanding of why and how privacy changes affect fundamental marketing use cases is vital.
Today we will cover one of the most important—and impacted—marketing use cases: Personalized Advertising.
Definition: Personalized advertising targets unique users based on previously collected or historical data in order to influence ad selection.
This user-specific data includes information on interests, past purchases, searches, activity, visits to sites or apps, demographic information, location, etc. (Retargeting, covered in another article in this series, is one form of personalized advertising.)
Business value: Advertising businesses personalize an ad experience in order to make it more user-relevant, thus increasing ROI for the organization; it increases conversion rates of engaged users, and allows for reaching new potential customers.
How Personalized Targeting Works (Using Google)
Data collection to Google: When you visit a website or other ad service—e.g., AdSense, including analytics tools, or video content from YouTube—Google collects this data.
- Websites: Data sent includes page URL and IP address; it may set or read cookies on your browser.
- Apps: Apps that use Google services also share data (e.g., name of app, and unique ID for advertising).
- When you visit a page with any of these ads or analytics products, cookies are set in your browser.
If the user has enabled ad personalization, then Google uses your information to target specific ads from advertisers, and the ad is served.
Ad personalization can take many forms—retargeting as an example. Also, the places in which you may see a personalized ad can vary.
- Example: A newspaper or media website that you’ve registered with may use the information that you’ve given to it in order to show you ads. It may use Google’s ad serving products to deliver those ads.
- Example: You may see ads on Google products and services (YouTube, Search, Gmail) based on information that you’ve provided (such as address) to advertisers and then shared with Google.
Impact of Privacy Changes on Personalized Targeting
Impact of third-party cookie deprecation
The unique identifiers that in large part allow for cross-site personalized targeting are going away as a result of third-party cookie deprecation; as a result, most personalized targeting as it exists today will not be possible.
To understand why, consider that cross-site identification—a necessary component of this tactic—is reliant on third-party cookies (specifically, a unique user ID); an advertiser uses these cookies to identify its audience across sites. As shown below, cross-site identification will not be possible in its current form. (The below example shows the specific case of retargeting—a form of personalized targeting across the internet.)
Impact of ITP (Intelligent Tracking Prevention; Safari) and ETP (Enhanced Tracking Protection; Firefox)
These technical restrictions mainly imply two things: duration restrictions on first-party cookies (in some cases of only 24 hours), and third-party cookie deprecation. The former reduces the amount of data available for publishers to create audiences, while the latter has the same effect as above: an inability to identify cross-site users.
Impact of Regulatory Changes
GDPR/ePrivacy (EU): Explicit consent must be given prior to cookies being set, on both the publisher’s and advertiser’s website. This is relevant to select cases in which a user has provided a shared persistent identifier—for example, an email address upon login—across two sites that partner together. In order to deliver a 1:1 targeted experience, there must be logged-in data, as well as consent. (Needless to say, this is well in the minority of paid advertising use cases.)
U.S. Regulations: U.S. users must not opt out (i.e. provide implicit consent) of usage of their data in this particular use case. They must allow for an ads platform (e.g., Google Ads) to set and access cookies for device identifiers used for targeting.
Takeaways & Recommendations
Given all of the changes noted above, organizations must focus on developing robust audience strategies. As covered in the 2022 Durability Summit co-hosted by InfoTrust and Google, the reduction of directly observable signals in the data (e.g., third-party cookies) necessitate new means of audience creation, based on better first-party data collection and leveraging advanced modeling to fill in data gaps. These are the tenets of building durable audiences, which respect privacy guidelines, do not rely on third-party unique identifiers, leverage contextual data and 1:1 user interactions, and that use dual consent (data tracking and outreach; graphic above).
The infrastructure required to manage this privacy-compliant first-party is vital: once you’ve ensured proper data governance processes and policies, consider technologies that will enable this data such as CRMs, CDPs, or cloud service providers.
As noted above, precision 1:1 targeting—not programmatic—will require two-way consent in order to reach users based on identity-related attributes. This means that both advertisers and publishers must gain consent, and must have substantial logged-in data.
Several other strategies are in the works for personalized targeting, such as Google’s PAIR (Publisher Advertiser Identity Reconciliation), contextual marketing, cohorts, and Topics API (another Google Privacy Sandbox initiative). These will be the subject of future articles, as the world of marketing and analytics continues to evolve.