A new report from Deloitte (commissioned by Meta) sees privacy enhancing technologies as the new and inevitable normal for online businesses, with big changes coming for ad tech in the near future.
With clear pushes in recent years to put an end to the tracking cookie as the default ad tech tool, Deloitte foresees a collection of privacy enhancing technologies battling to become a new standard that ensures compliance with evolving global data protection regulations while reducing a seemingly inevitable blow to revenues as much as possible. There is not yet a clear answer as to what will emerge as the winner, but Deloitte advises awareness of the primary methods being developed while also ensuring that marketing teams take stock of how personal data is presently being collected and processed.
Privacy enhancing technologies set to take over once cookies are deprecated
As the report notes, privacy enhancing technologies have been made necessary by a combination of increasing government regulation of data handling, and consumers increasingly insisting that their personal data be respected and kept secure. The latter has grown to become a pain point for a variety of industries, as consumers show increasing awareness of how companies handle their data and willingness to walk away from their products if they are unhappy with the terms. This has directly prompted Apple to refocus on the hardware and first-party end of its business at the expense of third-party ad tech, and Google to launch a multi-year campaign to voluntarily phase out the tracking cookie in its products.
Individually targeted advertising has become something of a narcotic to the digital advertising industry, offering returns that are wildly beyond prior static advertising methods. The development has also been a legitimate boon to small businesses and individuals that were previously frozen out of excessively expensive ad markets. However, the writing is on the wall. There was too much abuse of the situation for too long, and Deloitte believes the changes to the ad tech market are coming sooner rather than later.
The new systems that are emerging are roughly grouped as privacy enhancing technologies and share the central theme of attempting to preserve some element of targeted advertising while anonymizing the user and putting better data safeguards in place. These can be further divided into two general categories: the proposed techniques that may have yet to be expressed as an actual standard or product, and the existing technologies that some major players in the tech world are already at work on.
There are a few different directions that privacy enhancing technologies might go in. One of these is “K-anonymity,” in which cohorts representing interest groups are created and individual users are associated with these in a process that can take place on their local device end (using a “federated analytics” approach). The advertiser can see that an individual user whose attention they are bidding for is in a collection of cohorts that they are targeting, but does not receive any personally identifying information about them or ability to long-term profile them. This is fundamentally the approach that Google is taking with its “Privacy Sandbox” and “Topics API” projects, meant to fully replace cookies in Chrome browsers by the end of next year.
Another possibility among privacy enhancing technologies is “homomorphic encryption,” or a technique that essentially leaves non-personally identifiable marketing data available to be scanned without having to decrypt the entire file or set. IBM is among those offering a product of this nature, but few in the ad tech world are showing interest as of yet, mostly due to slow processing and very high storage space requirements.
Meta is experimenting with a combination of technologies that it calls “Private Lift.” This combines elements of K-anonymity with multiplatform computation, in which platforms pass essential marketing data along using private keys without having to attach what amounts to a personal information dossier.
Other privacy enhancing technologies in the works include “trusted execution environments” (possibly supported by data “clean rooms”) in which the processing of marketing data would essentially be handed off to a siloed third party that reports back only with necessary ad delivery information, and differential privacy algorithms that would add noise to marketing data sets to prevent individual users from being singled out.
How will ad tech evolve in the near term?
The report stresses that privacy enhancing technologies are not about to be a “silver bullet” for privacy or signal loss. They will have to be supported by good organizational data governance, which is the element that companies should be working on at the moment as this new sector of ad tech continues to develop.
Privacy enhancing technologies will definitely further strengthen the need for first-party data, which means that organizations need to be thinking about strategies for collecting it with an eye to keeping within the boundaries of global privacy regulations. The report suggests that a voluntary approach offering clear value in exchange for the data is likely to be the most successful; there is already some precedent for this shaping up in Apple’s ecosystem post-iOS 14, where ad tech companies have managed to hold back full “adpocalypse” by voluntarily being more transparent about data use and offering the consumer something in return for it.
The ad tech industry should also anticipate marketing costs going up, given that there is nothing approaching a universal standard among privacy enhancing technologies as of yet and therefore there will likely be market fragmentation and incompatible solutions distributed among business partners. The severity of this issue will likely depend on how successful the major players are in getting together and agreeing on industry standards.
Among the immediate steps the report recommends to the ad tech industry are to educate and build awareness about privacy enhancing technologies among stakeholders, take immediate stock of where organizational privacy program maturity is presently at, improve internal communication and collaboration between relevant teams, ensure present data government frameworks are compatible with these coming developments, and begin testing of available solutions from ad tech providers.