Digital advertising is ready for innovation. While the industry revenue grew a record 35.4% in 2021 (Interactive Advertising Bureau) and is on pace for another banner year in 2022, it’s also under intense regulatory and consumer scrutiny. Increased demands for improved data privacy standards from consumers, regulators and technology companies — including the ongoing phase out of third-party cookies by all major internet browsers — is spurring the need for change in the architecture that powers the current online advertising ecosystem.
There are numerous drivers behind the pressures on traditional advertising technology (AdTech) and the need for a new set of technologies and strategies that can be categorized as AdTech 2.0. Most notable among these are Google’s Privacy Sandbox initiative and ramping global regulations aimed at digital data processing. This year is expected to be a watershed period in which these and other market factors come to bear on organizations that rely upon digital advertising to generate revenue. To maintain viable digital marketing programs in this new world order, organizations will need to establish transparent and compliant alternatives to traditional AdTech.
This article is the first in a series about the collision of digital advertising and data privacy. It covers the key things organizations need to know as this space evolves, while subsequent articles will outline critical steps that will enable organizations to adapt, innovate and prepare for AdTech 2.0. With this storm brewing on the horizon, organizations should begin thinking about the following issues:
What is Google’s Privacy Sandbox? Google announced this initiative in 2019 and has stated that the Privacy Sandbox, “aims to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving digital businesses. The Privacy Sandbox reduces cross-site and cross-app tracking while helping to keep online content and services free for all.”
Essentially, this program is designed to provide a way for businesses to access user information while simultaneously upholding consumer privacy. According to the current timeline on the Privacy Sandbox website, “Stage 1” of the transition will begin in late 2022 and continue into mid-2023, at which point, “Chrome will phase out support for third-party cookies over a three month period finishing in late 2023.”
How does the phase-out of third-party cookies impact antitrust concerns? The U.K.’s Competition and Markets Authority (CMA) and numerous Attorneys General in U.S. states have pursued antitrust investigations relating to moves by tech companies to eliminate third-party tracking. Authorities are concerned that the replacement of third-party AdTech with alternative tracking mechanisms within popular browsers will result in the monopolization of online ad markets and/or the need for online advertisers to rely on tech companies as intermediaries for all advertising transactions. To date, at least one CMA investigation was closed after the regulator accepted certain commitments to alleviate anti-competitive concerns.
What about data privacy regulatory enforcement? In the EU, numerous data protection authorities have signaled intent to enforce data protection within the AdTech space through guidance documents, enumerating specific concerns such as a lack of governance, transparency, inaccurate lawful basis to process data, sharing with third-parties and automated decision making based on profiling, among others. Regulators in numerous jurisdictions have issued millions of euros in fines under GDPR, focused on improper use of online tracking technologies. In the U.S., to date, five states (California, Virginia, Colorado, Utah and Connecticut) have enacted consumer privacy laws, while another 17 have consumer privacy bills winding their way through the legislative process. The common thread among these laws is the consumer’s right to opt-out of third-party ad tracking.
What’s a necessary first step to take toward preparedness? From a tactical perspective, organizations need to assess their U.S. state readiness programs according to the requirements of current and impending laws. These should include an assessment of the online tracking technologies the organization uses, so marketing and privacy teams can partner to accurately determine how to operationalize opt-out consents on either a state-by-state basis, or by using the requirements from one state as a standard (if taking this approach, it’s often advisable to default to the strictest requirements). Teams will also want to forecast the investments they will need to make to implement new privacy controls and prepare for related budget requests.
How does this impact the broader digital marketing strategy? Many organizations are improving internal alignment to prepare for a post-third-party AdTech world, or at a minimum, a hybrid world. This is a good step in the right direction, and teams should initiate or continue the internal strategy conversation with other stakeholders across marketing, risk, information security and compliance. These discussions should address future proofing against enforcement in the EU, U.S. and other jurisdictions, while protecting and growing revenue derived from digital advertising.
Ultimately, organizations need to begin thinking about how to break their reliance upon the third-party AdTech industry by migrating toward the emerging zero-party/first-party data approach. While the coming storm will bring uncertainty and force functional changes to the way websites operate, it also presents a significant opportunity for innovation and transparency, which will drive down regulatory risk while protecting and growing advertising revenue. With a flexible, risk-based approach to consent controls and the use of in-house online tracking technologies, organizations will be in a position to optimize their own data pools, decrease marketing costs, improve the customer experience and grow revenue.