Planning for a Post-Cookie Future

George Tarnopolsky, Vice President, Programmatic

February 23, 2021

Digital advertising is changing.  Third party cookies and mobile device IDs, trackers used to build a $100B ecosystem, are about to be discontinued without a universal alternative to replace them.  Let’s dive deeper into how we arrived here, what likely short- and long-term outcomes look like, and what smart marketers can do to prepare for the changes.   

How we got here 

Cookies were originally envisioned as a way for users to set browser preferences.  In the late 1990s, ad tech pioneers like DoubleClick and AdKnowledge quickly recognized that they could set and read cookies as part of the communication between a user’s browser and a central ad server.  In fact, cookies, the underpinning of a vast advertising ecosystem, are built on extremely basic technology.  For one, cookies always require that something is loaded on the client-side (in browser) to a user–whether it’s an ad or a 1×1 pixel.  Even more complicated concepts, like cookie synching between multiple companies, are architected via 1×1 pixels and placeholders where ad tech companies pass their cookie IDs into the pixel with each ad call.  The basic nature of cookies opts users into targeted advertising from a given provider, for example The Trade Desk, with the first impression. Opt out generally exists at a provider level (ie opting out of all ads served by The Trade Desk) vs per individual campaign.  To the defense of cookies, they are neither identifiable nor persistent, allowing users to delete them on demand.   

Graphical user interface, application, website

Description automatically generated

(Image Source: Polymath Collective) 

Mobile device IDs, such as Apple’s Identifier for Advertising (IDFA) and Google’s Android Advertising ID (AAID), are also used for ad tracking, though a few key differences exist.  Loading an ad into a mobile app is easy enough, via the integration of a code block known as a Software Developer Kit (SDK).  One key difference, however, is that cookies only exist in web browsers, so mobile app tracking is different by design.  Mobile IDs are the identifiers of a mobile device and accessible by the SDK of an ad tech provider such as Mopub or Google Ad Manager.  Technically, users opt into sharing their mobile device ID and other mobile datapoints, such as their latitude and longitude, when they accept the permissions of a mobile app.  However, it is fair to say that while user consent to ad tracking is explicit within a legal definition, and provided per each individual app install, there is a disconnect between user expectations and experience.   

Graphical user interface, text, application, chat or text message

Description automatically generated

(Image Source: Greenbot) 

Industry insiders always perceived cookies and device IDs as a stopgap tracking mechanism.  However, progress has been slow–and only initiated with a changing legal climate, against a backdrop of users demanding greater privacy choices.  Today, opposition to cookies is uniform–from consumer privacy groups to legislative frameworks, with both the GDPR (requiring consumer opt-in) and the California Consumer Privacy Act (requiring opt-out) taking a position on cookies.  At its core, users want to better control their consent, and to provide explicit opt-in on the web property where they see advertising.  While the advertising industry laments change, the digital rights of users are better protected without the use of third party cookies and mobile ID.

Where we are now 

Google announced that they will be discontinuing support for third party cookies by early 2022, while Apple announced that they will roll out restrictions to IDFA permissions in early 2021.   

Graphical user interface, text, application, chat or text message

Description automatically generated

(Image Source: MediaPost) 

With these impending changes, ad tech companies need to solve for three sets of problems:   

  • Ad targeting and controls that rely on cookies and mobile IDs, such as frequency capping and creative sequencing 
  • Ad measurement that relies on cookies, including viewthrough conversion tracking and attribution 
  • Audience targeting that relies on cookies, including the use of first and third party data in Programmatic   

These topics were broadly discussed in online publications and panels at the beginning of 2020, set aside during the height of the global pandemic, and in the spotlight again as we head into the last quarter of 2020.  There are several workstreams, and opinions, about the future of a post-cookie ecosystem.  At this time, potential solutions are still at an early stage.   

Alongside their announcement, Google launched a Privacy Sandbox on GitHub–intended as a workspace for companies to submit their proposals for the industry to discuss and evaluate.  The proposals have been conceptual, with three entries (all named after birds): 

  • Google’s “TURTLEDOVE,” proposing that all ad server logic is stored client-side in the browser 
  • Criteo’s “SPARROW,” proposing that ad server logic is served in the cloud 
  • Google’s “DOVEKEY,” proposing that ad server logic is stored in key-value pairs and evaluated by a third party trusted server

In addition, leading ad tech companies have been proposing their own universal IDs for publishers to start utilizing alongside cookies.  Publishers who have installed the Prebid.js open source header bidding software can select from different options within the included User ID Module.  The universal ID sub-modules include: 

  • Trade Desk’s Unified ID 
  • Criteo’s ID for Exchanges 
  • LiveRamp’s Identity Link 
  • ID5 Universal ID 
  • ..and more 

A participating publisher can install multiple universal ID sub-modules, and include these IDs in their bid request alongside cookies.   

Chart, bar chart

Description automatically generated

(Image Source: Adweek) 

Today, the universal ID landscape is a fragmented one, with no clear leader. Universal ID proposals also face two key roadblocks: 

  • The new IDs are being offered by ad tech companies with their own vested interest in having their solution become the dominant one.  As such, universal IDs face barriers from being adopted by competitive companies.  The Trade Desk, Criteo, and LiveRamp all vie for dominance in the ID space. 
  • More importantly, new universal IDs only replace cookie technology, without addressing the privacy and consent concerns contained in legal frameworks like CCPA.  As such, universal IDs are a stopgap measure that will allow companies to transact in the short-term, after cookies are no longer supported.  Long-term, cross-site universal IDs won’t survive without evolving, since they go against the principles of greater privacy choices and consent.   

A likely frontrunner in a post-cookie ecosystem is first party data, or CRM data.  Similar to the walled gardens of Facebook and Twitter, publishers can pass a hashed email address of a logged in user into the bid stream–and allow buyers to target their own list of hashed email addresses.  Some ad tech providers, including Xandr and Google, are uniquely equipped to solve this problem–since they operate both an SSP and a DSP.  CRM data activation is perhaps the most important replacement of cookies and mobile IDs.  

Graphical user interface, application

Description automatically generated

The growth of CRM targeting will signal a rising importance of large publishers, who are able to protect their content behind a login. This will be reflected in a shift in programmatic buying increasingly towards large publishers.  However, an unintended consequence of this change may be a decline in independent content, if smaller publishers aren’t able to monetize as effectively as before.   

Another key question about using email for audience targeting is scale.  Today, only an estimated 10% of programmatic traffic has login IDs attached to it, and that number could potentially double or triple over the next few years. This leaves out the majority of programmatic traffic; as such, email does not fully solve the problem of audience targeting in a post-cookie world.   

How marketers can prepare for changes 

The most important thing marketers can do to prepare for changes is to do an audit of their current media plans.  A simple summary can showcase what tactics, and associated budgets, rely on cookie-based tactics versus which ones do not.  The good news is that many tactics are not cookie or mobile ID dependent today, including: 

  • Publisher Direct Buys / Programmatic Guaranteed Buys 
  • Search Engine Marketing 
  • Email Marketing 
  • Social Network CRM Targeting 
  • PMP and Keyword Contextual Programmatic  

On the other hand, several key tactics rely on cookies and mobile IDs today–including Remarketing and the lion’s share of Programmatic data targeting.  Even solutions labeled as “people-based” today only validate an audience against a known universe; Programmatic targeting is generally transacted in cookies and mobile IDs.   

An audit of current media plans will help illuminate each brand’s risk and exposure to cookies in their campaigns.  Appending key frontend metrics, such as CPC and Conversions, can further highlight how cookie-based tactics compare to non-cookie-based tactics in terms of efficiency and effectiveness.  As a next step, marketers can model scenarios of likely outcomes, for example: 

  • Scenario 1: Cookies and Mobile IDs are no longer supported; all buying is reallocated towards non-cookie based tactics 
  • Scenario 2: Cookies and Mobile IDs are fully replaced (example, with universal IDs) behind the scenes, and media buying tactics continue in their current state 
  • Scenario 3:  Certain tactics, such as audience data targeting, are transacted via new methods such as CRM data or via universal ID targeting–however, the new methods don’t account for 100% of previous spend.  Remaining budgets are shifted to other methods, such as keyword contextual targeting.  Scenario 3 is the most likely, and the most difficult outcome to predict with precision. 

In addition, marketers should engage all activation partners, including DMPs, DSPs, and Ad Servers, around their plans in a post-cookie ecosystem.  An RFI process can help highlight segments leaders and laggards in this area.  It’s likely that by partnering with industry leaders like the Trade Desk and LiveRamp, marketers are best equipped for a post-cookie future. 

With the discontinuation of cookies and mobile IDs quickly approaching, it’s clear that marketers and technology companies need to adapt.  Once strategic, cookie and mobile ID technology has become tactical and outdated.  Publishers and Marketers that own opt-in, first party audiences will hold a key advantage in being able to reach audiences online. This includes technology companies that act as the connecting tissue between many different ids, including LiveRamp, the Trade Desk, and deterministic providers like Facebook, Google, and Amazon.  Web users also stand to benefit from increased transparency and privacy controls.