February 11, 2021
Director, Data & Analytics
- Ongoing changes to consumer data privacy regulations in digital advertising, and specifically those led by Apple and Google, have implications for Marketers and Publishers that require short and long-term attention to maintain trust with customers and avoid liabilities associated with a lack of compliance.
- In a cookie-less world, there is a need for greater emphasis around 1st Party data for audience building, deployment and measurement given the risks that come with 3rd Party data integrity.
- The importance for consumer consent (consumer’s willingness to share their information) and transparency tied to customer data is paramount. It ensures there is a common understanding for how this data is captured and used in a trusted manner, and that customer data is managed across all data sources, not just one.
ITP and Customer Privacy For Marketers
There are significant changes that are happening in the world of digital advertising, customer data, and privacy1. Outside of government regulation, the largest driver of these is Apple, who for the past 2 years has been making a variety of improvements to their products to enhance customer privacy and to make customer data usage more transparent. Many in the industry think these changes are bludgeoning, however we see them (regardless of it’s self-serving nature) as positive steps in an industry that has not been able to self-regulate2 as much as it needs to. Apple has been ramping up rhetoric recently. In a recent interview, Tim Cook mentioned starting to fight the “data-industrial complex”. And in a different recent speech on data privacy, the Apple CEO stated -- in a thinly veiled reference to Facebook -- “If a business is built on misleading users, on data exploitation, on choices that are no choices at all, it does not deserve our praise. It deserves reform.” Two of the most impactful immediate changes for marketers related to Apple products are 1) restricted cookies in the Safari browser3 and 2) opt-in tracking prompts along with new privacy labels in apps installed from the iOS app store.
We should acknowledge that it’s difficult for Marketing leaders to wrap their heads around customer privacy impacts from online articles and from POVs. The space is fast-moving and oftentimes vague. Most perspectives quickly turn complicated and technical, or the impact is so high reaching that understanding the real impact to your business is obfuscated. From what we have seen, there are two main camps:
- The Marketer/Advertiser perspective. The sky is falling. Marketing and advertising will no longer be effective without some targeting capabilities. Cease all digital spend!
- The Vendor/Publisher perspective. The “trust us -- our solution won’t be impacted”, however the important details remain in a murky black-box.
From our perspective, neither of these is completely true. Marketing and Advertising still work4. And on the other hand, many advertising vendors/publishers will be significantly impacted. Many businesses that rely on extremely precise targeting and measurement (via 3rd party cookies) will need to turn to other methods - such as greater reliance on walled gardens of Facebook, Google, and (to their benefit) Apple. However, the good news for brands -- especially those with significant media spend -- is that everyone is in the same camp. If you have taken customer data management seriously, you are in a good position for the future. And if you haven’t, there is still time to “right the ship”. Providing clear and transparent ways companies are leveraging customers’ data builds trust and is good for the industry long term--however, the challenge in itself in today’s siloed and fragmented corporate environment can be simply understanding where and how customer data is used.
Ultimately, the best long term strategy to protect against a fluid and changing digital marketing environment is:
- A shift from 3rd to 1st party data strategy and improved customer data management. Gone are the days where marketers can work around IT with only vendors and agencies.
- Investment in non-individual based measurement like Marketing Mix Modeling5 or incrementality. Understanding the efficacy of advertising without relying on customer identifiers insulates against further changes in data tracking policy, both governmental and corporate.
- An operating model that allows investment to be moved quickly between channels and without long term vendor lock-in (especially vendors that leverage black-box targeting technology and data).
- Clear customer consent of the ways in which you use their data.
Broad Impacts of ITP to Marketing
Data and Customer ID Management
For the past 10 years, the Marketing function has witnessed an incredible amount of change. As money has poured into digital advertising, we’ve witnessed the growth of several titans of Wall Street in Facebook and Google. In order to take part in this quickly changing environment, and to move at the speed of business, corporate marketers have often needed to work around their technical counterparts in IT-- a function that’s seen it’s own momentous change.
While there are some examples of organizations where marketers and IT work well together, far more common is a relationship in which both parties don't speak the same language, and outside vendors are more than happy to fill the gap. Too often, however, this results in a scramble of vendors and data collection that is impossible to detangle. Taking strides to improve the IT and marketer relationship is essential to navigating changes in privacy regulation and policy. Ultimately, overcoming tracking and privacy challenges in advertising are related to data management6. Start to develop ways to break down organizational silos and a shared language for leveraging customer data appropriately and legally.
Impact on media targeting7
The cookie-based third-party data marketplace and programmatic advertising have always had challenges around target quality among other issues (e.g. viewability, non-human traffic, high frequency, brand safety). We recommend that advertisers reduce reliance on these marketplaces for targeting consumers. The walled gardens marketplaces (e.g. Google and Facebook) will continue to have rich data with strong capabilities to target consumers within their ecosystems based on their own 1st party data8. We also expect geo-targeting to continue to be a strong tactic moving forward. Most importantly, all companies will need to strengthen their first-party data strategy to enable personalized and precise targeting.
In the mid-term future, we see Artificial Intelligence (A.I.) and machine learning playing a much larger role in targeting -- as the ability to leverage a large amount of 1st party data for modeling becomes more viable as organizations analytic capabilities continue to mature.
Impact on Measurement
Measurement solutions reliant on individually identified and third-party cookies such as Multi-Touch Attribution are being disrupted and providers are developing alternative solutions. Web analytics benchmarks will also need to be recalibrated over time as the ways that cookies are set and expire change. We think there will be a new emphasis on non-id based measurement, such as Market Mix Model or surveys. In addition, conversion data will need to be tracked and maintained as 1st party data sources, rather than leveraging the same broad array of 3rd party data tagging.
Impact on Marketing Technology Vendors
Many vendor technologies rely on cookies that are considered third party by web browsers. These vendor solutions are in the process of adapting to these browser changes now and this should be a major consideration when evaluating new partners. Data Management Platforms (DMPs) using third-party cookies will become less attractive components in a technology stack while Customer Data Platforms (CDPs) with an emphasis on first party data are seeing rapid adoption.
Need for Clear Customer Consent
Gaining consumer consent to be identified, tracked, targeted, and measured is now a clear consumer expectation that is well supported by the regulatory and industry changes mentioned above. Fundamentally, organizations need to meet consumer expectations around privacy whether or not these are currently enforced via regulation, browser parameters, or app store conditions. In addition to consent, consumers are looking for transparency and control around how their data is being used. What comes with this consumer choice is where organizations must provide something in return to the consumer for their consent to share data. This exchange of value between consumers and organizations can take the form of improved experiences (e.g. frictionless payment), special offers, or rewards. Brands need to plan to meet these real consumer expectations to get ahead of any new regulatory or industry changes.
We use a framework to better understand and address three different drivers of consent and preference management: Browser, App (phone operating system), and Privacy Legislation (CCPA, GDPR, etc.). Each of these areas overlaps in the customer data they leverage depending on the situation, but all must be addressed.
Key Drivers of Customer Consent
Considerations of customer consent should include Browser Restrictions (e.g. cookies), Phone Operating Systems (e.g. App policy), and broad Privacy Legislation (e.g. CCPA). Each of these three areas must be addressed by any given Brand for full privacy coverage and compliance.
What It Means for Marketers
Today, many Marketers should be working to identify and resolve the very detailed and prescriptive impact to a variety of vendors in many areas. They must assess changes to policies and implications in the following areas
Impact and implications are outlined for:
- Paid Marketing Efficiency
- Paid Marketing Audience Impact
- SDK Updates for Apps across Brands
- Propensity Models
- User Profiling
- Owned Marketing Contingency Plans
- Syndicated Measurement Sources (ComScore, Nielsen)
- Single Sign on
- Radar & Geofencing
- Mobile Measurement (Paid)
Getting To a More Specific Understanding of Impact
First and foremost, in order to make the best immediate strategic decisions, there needs to be a much more precise estimate on impact -- one that includes partners, spend, and change in efficacy of media with and without targeting tactics. One specific, prevalent problem which makes this exercise difficult is the lack of understanding where specific customer data is used in various marketing channels. Understanding data lineage is important for customer data, and should not be the responsibility of marketers but rather the data producers. In addition, if Marketers don’t understand how customer data is being used, it’s impossible to provide more transparency to customers that demand it9.
Marketing leaders immediately find answers to the following questions:
- What is the dollar amount of media running that is reliant on cross-platform targeting? On which platforms and channels is this occurring?
- What is the dollar amount of media that is potentially using targeting signals from your iOS App?
- What is the difference in performance between media that’s reliant on cross-platform targeting as compared to other tactics?
- What is the dollar amount of media that’s potentially impacted by measurement attribution vendors?
Without answering these questions, it’s not possible to make decisions with the understanding of magnitude-- which is essential to determine the true impact of iOS privacy changes.
Data Management and Customer Consent
There must be a clear connection between customer data generation and customer consent. When data invariably makes many “hops”, the compliance of using different customer datasets is often unclear. Too often marketers rely on ”duct-taped” data pipelines, created from data engineering resources that were beg/borrowed/stolen from, and are left without the capability to truly understand how they may be impacted by privacy changes.
Without a more specific understanding of impact, marketing cannot make proper strategic decisions. Leveraging customer data for marketing relies on the real “cost” of its management-- from customer consent, data engineering, and governance. The implication here is that if there is not a clear sense of positive impact on spend, organizationally marketing becomes purely a cost center.
Customer data should be tied to consent and able to be managed across all data sources, not just one. Decisions that Apple is making now are the tip of the iceberg, and we predict will be more far reaching when federal legislation eventually passes10. Ultimately, improved management of 1st party data is the best way to counteract changes in privacy regulation and compliance.
Maximize Relevance of Owned Channels
An area of continued opportunity is within owned channels such as outbound email, on-site upsell, and human touches. The challenges within owned channels are different from other paid media channels. Owned channels are not “free”, and require investment in people, process, and technology.
We believe in taking pragmatic steps to determine the real impact of your various partners and vendors within and outside of iOS App. Make sure you develop a clear link of impacted areas to existing marketing spend to better understand the true scale of potential risk. Without a sense of scale, marketing leaders do not have data points needed to make the correct decisions.
Continue the investments in non-identity based measurement like the MMM modeling. Providing evidence of marketing performance is an imperative in organizations that \ only “trust” direct measurement -- an approach that may be less tenable with privacy rules and regulation. Privacy changes that Apple is making is exposing the need for improvement in the first party data management that marketing is reliant upon, but the costs associated with improved management are non-negligible. Customer privacy and compliance needs for marketing are greater than other parts of the organization by nature of leveraging data across multiple platforms and 3rd parties for advertising. Improvements are an imperative in the near and mid-term as it sets the foundation for improved transparency and customer consent. Operators need to know what data can and can’t be used without a technical development project each time.
To hedge against potential decrease in off-site advertising performance, we believe there are additional opportunities that exist in owned channels, and solving challenges in working with internal teams could lead to longer term benefits. Continue to explore and work with CDP-like platforms that put data into marketers hands, and allow for more complex customer consent rules to be managed in a centralized place.
1 GDPR, ITP, CCPA to name a few.
2 We predict that there will be some sort of federal privacy legislation that is passed with the incoming Biden administration. This is much preferable to 50 different privacy and data management laws and regulations at the state level.
3 Google Chrome, the most widely used browser, will no longer support 3rd party cookies in 2022.
4 Ironically, we think that some of the “old-school” methods of measurement and targeting will become more important as performance marketing techniques become less viable.
5 If you’re already investing in this area, look at ways to increase granularity of results and or accuracy with spend and delivery variability. Work with measurement partners to help plan for variability in channel flighting, not simply modeling the results after campaigns have run.
6 Someone at your organization needs to know, with a technical understanding, what customer data is available, and what can be used (or not used) for marketing and advertising. Reliance on a third party -- agency, tech vendor, or otherwise -- will invariably lead to issues.
7 Individual based, cross-platform, media targeting
8 Which has rightfully come under fire for being invasive. We too have been served an extremely relevant ad just after a conversation with our loved-ones.
9 One of the key principles of our Customer Consent model
10 One reason we believe the current Biden administration will pass some sort of privacy legislation is to help drive standardization. While California’s CCPA was a good start, organizing digital privacy compliance around 50 different sets of state laws and regulations puts an enormous strain on businesses.