Universal IDs for Publishers: A Guide for Non-Techies
#first party data
The third-party cookie might still not yet be dead, but they have suffered some serious injuries and the prognosis isn’t good. Safari and Firefox have both taken an aggressive stance against third-party cookies. Google will likely pull support from Chrome just as soon as it can find a way to do that without triggering anti-trust complaints.
Third-party cookies are still with us, but their days are numbered and this is a problem for anyone who relies on ad income. The problem is most challenging for independent publishers.
Why the death of Cookies is a publisher problem
Cookies going away is more of a problem for publishers than advertisers. The internet has plenty of addressable inventory that can provide huge amounts of targeting information without needing third-party cookies.
The problem for publishers is that this inventory is all tucked away behind the monopolistic walled gardens of Facebook, Apple, Amazon, Google, and soon Netflix (the so-called FAANG companies). Advertisers will always be able to find an audience from the huge inventory of logged-in users those big platforms offer, but that risks ad-spend being kept inside those high walls and independent publishers being left outside picking up the crumbs.
This is neither good for publishers nor good for a free and open internet that isn’t controlled by five large companies. As it stands, Google and Facebook together control around 45% of user attention online, but account for 70% of advertising revenue, leaving smaller players being proportionally underpaid.
Enter the Universal ID
The solution that the non-FAANG publishing world has been moving towards is the Universal ID. The idea is simple: Rather than relying on third-party cookies to identify a user across the internet, we assign each user a unique ID. Of course, this is online advertising so the reality is somewhat more complex, but the concept is an easy one to grasp: A central database of IDs that publishers and advertisers can reference to identify users without sharing the information they have about them.
The reason this isn’t as simple as it seems is partly due to a combination of technical and non-technical challenges. On the technical front, we have issues like the fact that browsers do not include any sort of unique persistent ID. This means that identifying when two sessions come from the same using either means the user handing over the means to identify them, or some informed guesses being made based on a combination of less unique data points (“Deterministic data” vs “Probabilistic data”). Less technically driven challenges to include the plethora of competing solutions that are jostling for adoption and the need for different players to maintain their value by keeping data behind their own, somewhat lower, walls.
All of this means that we don’t yet have what many would expect from a Universal ID. Instead, we have several different solutions, none of which are truly universal. Whilst this isn’t perfect, it is progress and these solutions can bring significant value to publishers today. Each solution has its pros and cons, and most publishers will end up settling on using a handful of solutions rather than being reliant on one. The dominant solutions are currently:
- – Unified ID
- – UID2.0
- – ID5
- – IdentityLink
- – Publisher Common ID (PubCID)
- – SharedID
- – Advertising ID Consortium
How Universal IDs work from a publisher perspective
Each of the solutions above (not to mention the others available) works slightly differently, but they mostly follow the same underlying approach. When viewed from the publisher’s perspective, the key steps look like this:
- 1. Publisher collects identifiable information (such as an email address)
- 2. That data is encrypted and the hash sent to their chosen Identity Solution
- 3. The Identity Solution looks for a matching hash in their database and returns the relevant Universal ID (creating a new one if there is no match)
- 4. The Universal ID is now added to all ad bid requests by the publisher so that advertisers can bid accordingly
In practical terms, this usually means having an account set up with each solution and adding a code snippet to share and retrieve the data before the ad request is made.
Are these Universal IDs privacy compliant?
It’s important to note that the personal information of the user is not shared by the publisher when a Universal ID solution is implemented. Personal information, such as email address, is turned into an encrypted hash and then that hash is shared. These hashes cannot be readily reversed to find personal information, and in many cases, only part of the hash is shared. The hash is still designed to identify that specific person, but the information used to generate it is not shared.
That said, the privacy implications of each of these systems do vary. Largely they have been created to solve the third-party cookie problem, not the privacy problem. Some are better than others, but whether they are “privacy compliant” or not is very dependent on how you interpret that phrase. GDPR is generally seen as the litmus test for privacy compliance and it’s generally considered that most of these solutions are not yet fully GDPR compliant. Central to the challenge of changing that, is the problem that any data that can identify a user is considered personal information under GDPR.
In theory, a Universal ID could be a boon to privacy. Having a few centralized places where you control the use of your identifiers could bring benefits to users over managing thousands of third-party cookies. It’s currently still too early to tell how that side of the application will develop.
Will these solutions last, and is it time to adopt them?
AdTech moves quickly and often changes direction just as fast. It is no surprise then that publishers are reluctant to dedicate time and resources to implementing every initiative at the outset when neither their benefits nor likely longevity is clear. Whilst the dominant systems may consolidate and change, it now seems very likely that this type of solution is likely to be a significant part of the publisher solution for the coming years.
For those considering implementing one (or several) of the Unified ID solutions, there is good news. These solutions already bring benefits in terms of yield. How much benefit will depend on your audience and how addressable it is. The biggest gains are to be had for publishers whose users skew towards cookie-blocking browsers (particularly Firefox and Safari), but who can identify those users because they are logged in or have signed up to the publisher in some way. What’s more, they are not too difficult to set up either and many publishers working with third parties like Insticator can easily opt in.
What should publishers do now?
Firstly, publishers should talk to the partners that they work with. Many partners will offer ways to easily implement these solutions and others will be able to give direction on which solutions will have the most impact on their setup.
More strategically, publishers need to be thinking about addressability. As third-party cookies become more scarce, the need to identify our users becomes ever greater. The share of impressions that come from identifiable users should be a KPI for every publisher thinking long term. In practical terms that means giving users reasons to be logged in when ads are shown: Personalisation, email newsletters, freewalls, alerts, and all types of member benefits are fair game. The key is to have the user identify themselves and continue to do so before each first-party cookie expires.
At Insticator, we help publishers leverage their first-party data to reach advertisers for targeting. Our content engagement and commenting products allow you to get a unique perspective on the audience and their interaction on the site.