Don’t Be Too Enthusiastic about Your Cookieless Preparations

Now that we have entered the General Availability stage of Privacy Sandbox, which means that a vast majority of Chrome’s users are now enabled by that solution, the cookieless future looms around the corner. The next milestone is planned for Q1 2024, when 1% of the traffic will get deprived of third-party cookies, which will then be followed by the gradual deprecation of the remaining 99% in the course of the second half of 2024. What this means is that we’re stepping into a cookieless reality a few months from now, and some of the skepticism in the industry (around whether or not it would eventually happen) is being lifted and replaced by anxiety.

This, in turn, results in many advertisers and their agencies expecting their technological partners to deliver cookieless solutions, which preferably:

1. are ready to work today, no matter the circumstances,
2. and are as scalable and feasible as third-party cookies.

Here’s one thing I can assure you of: as of today, those two major expectations cannot be satisfied simultaneously. So, if you hear that your vendor is declaring full readiness for cookieless, it shouldn’t put your mind at ease. Let me explain why that is.

Ready cookieless solutions

There are many cookieless solutions which try to preserve the personalization-related functionalities that we value in digital advertising. Some of them are already perfectly workable (point “a” fulfilled), and some of them are still being tested. So what do we have in the stack right now?

Contextual solutions

This one is quite old and has been undergoing a renaissance because of its independence from users’ data—the assumption here is that the user is interested in the topics they are reading about at the moment. It’s a safe approach for upper-funnel campaigns, but it does not let you learn anything deeper about the visitor. Moreover, there are not many high-quality websites from a contextual perspective (the vast majority of websites are news-oriented, which usually doesn’t provide insightful information about what users visit). At the moment, information about the inventory is based on a mixture of third-party audiences and contextual data. Therefore, if third-party audiences were to disappear in the current landscape, and everyone would start depending on high-quality contextual placements alone, it would cause CPMs to skyrocket there. In an attempt to make their campaign more affordable, DSPs would become less restrictive about their fetched contextual signals, which would decrease targeting efficacy. 

External identifiers and graphs

It is the closest you can get to imitate the mechanism of third-party cookies, which allows tracking individual users across different websites. We can distinguish two types of external IDs: deterministic, which re-identifies an individual based on PII (Personally Identifiable Information, such as your email), and probabilistic, which recognizes the same user by using plenty of signals related to the user’s equipment and software (such as the exact version of your browser, screen resolution, IP address, etc.). This segment of solutions suffers from a range of pain points, including:

• A lack of clarity of how reliant specific IDs currently are on third-party cookies.
• The scale is incomparably smaller than for third-party cookies as deterministic IDs need users to log in on each website where they want to have them re-identified, while probabilistic identifiers need many signals, which are increasingly being masked by browsers (to name a few examples: Chrome’s IP Protection in Chrome will obfuscate users’ IP addresses, and its User-Agent Reduction truncates the exact version of the browser).
• Regulators appear to not be too fond of solutions that aim to preserve the status quo in terms of a single user reidentification on the web, which creates regulatory uncertainty around those tools.

Publisher-partitioned identifiers and Seller-Defined Audiences

The tools in this bucket are praised for how much control they give to the publishers—to entities which should know the most about their readers. However, no matter how well they get acquainted with their audiences, this information must be put to use on the same publisher’s inventory.

Now that we have tapped into point “a” and browsed through solutions already available on the market), you might have already realized that there’s no single ready-to-use silver bullet that would address all the use cases currently handled by third-party cookies at the same scale. Let’s disentangle point “b” then and see if we can do that based on some tools that are currently under the “Work In Progress” status. So what else is cooking?

Work-in-progress solutions

There is a lot going on in the cookieless area, so one might get impatient and crave some ready-to-go solution, which would put all the third-party cookie depreciation-related worries to bed. So why isn’t there any? The problem is that nobody can reliably test cookieless solutions, while third-party cookies are still enabled for 100% of Chrome's traffic. When the first portion of users is deprived of them (third-party cookies are going to be switched off for 1% of the traffic in Q1 2024, according to the privacysandbox.com current schedule), the industry will be able to assess the real performance of all cookieless solutions in a truly cookieless environment. This, in turn, should trigger a lot of feedback about what needs to be improved and how. Getting those sorts of comments together and accommodating necessary changes in the solutions takes time.

In other words, it’s time to be mindful and cautious about the choices we make in terms of cookieless preparations. If you only rush into ready-made solutions because you long for well-documented performance at this moment, you can easily find yourself hitting a brick wall a year from now. The reason for that is threefold:

• Firstly, some of those solutions report upon their superb performance, but for their key functionalities, they still use third-party cookies (so their performance will radically decrease in the cookieless environment).
• Secondly, certain tools are dependent on signals, which are expected to be cut down by the browsers (including Chrome). A very important example here is an IP address, which for those solutions is often a key piece of information to ascertain who is who. We will only find out how crucial this data is for the precision of targeting once IP Protection and similar mechanisms are officially released, but at that point, it might be too late to react and save campaign efficiency.
• And lastly, the remaining tools enable very high-level personalization (contextual methods) or very narrow environments (publisher partitioned solutions), so depending only on those would be detrimental to your campaign’s performance.

The wisest thing you could do is to treat the currently proposed solutions as a temporary measure and look for long-term solutions among those with a high potential. Those best suited for long-term application, such as Privacy Sandbox, are unlikely to deliver any performance guarantees right now as the environment for efficiency testing is not there yet. 

So what now?

As Privacy Sandbox gains traction, there will be more and more attempts to create innovative products and business models on top of its APIs. It appears to be natural to expect plenty of AdTech companies wanting to explore tools which provide an enormous scale (entire Chrome’s traffic), a high level of usability (which we got used to with third-party cookies), and enhanced privacy protection (solidifying your stances against any regulatory turbulences-to-come). The first such approach is PrimeAudience, which utilizes Protected Audience and Topics APIs, and it will surely be followed by others. So what should you do to future-proof yourself? While browsing through potential options, make sure they provide you with all of the following features: 

• Sophisticated audience creation logic—let it be at least a step up from the contextual approach.
• Cross-site personalization without single-user reidentification.
• Large scale, immune to potential regulatory and technological hurdles.
• Truly user privacy-friendly and compliant with regulations.
• Satisfactory business and operating model for both publishers and advertisers.

‍