Identity Solutions: What they are, how they work, and how to use them in 2022.
Why it matters — Identity (ID) Solutions are the hottest topic in advertising in response to third-party cookie deprecation and the reduced availability of IDFA. This overview explains the what, why, and how, including first-party vs. cross-domain ID solutions, the data they use, and the targeting and measurement options they enable for marketers.
Identity (ID) Solutions Have a New Job
Identity Solutions aim to maximize addressability for advertising use cases, including developing “cross-device graphs” or “household graphs.” These “graphs” help marketers understand online consumer behavior as they move from device (laptop) to device (smartphone). Or to understand better which devices people living in a single household may be using.
The new cookieless world will reduce device identifiers like IDFA on Apple iOS, causing challenges for cross-domain addressability. As the definition of addressability for advertising is changing, ID Solutions are now marketed as the solution.
Identity Solutions Are Everywhere, But What Are They
The digital advertising ecosystem offers over 100 Identity Solutions, including Liveramp RampID, ID5, Prebid SharedID (formerly PubCommonID), and many more. However, many advertisers aren’t clear on what they are, how they work, or how they can drive advertising outcomes.
This guide should help remove some mystery (hopefully not add more).
The goal is to help develop a shared understanding of how they work. Each organization in the advertising ecosystem should carefully evaluate available Identity Solutions. Then, select the vendors that best fit their desired use cases.
How Identity Solutions May Help with the Changing Definition of Addressability
Third-party cookies and device identifiers, like IDFA on Apple iOS, enable companies in the advertising ecosystem to collect highly accessible and consistent internet behavior data. Companies can collect unique data sets about online consumer behavior as they browse from site to site or app to app.
Companies can then compare and match those data sets to facilitate advertising use cases. This is possible because third-party cookies and device identifiers are effective technical standards that enable each company in the value chain to collect unique data sets and speak the same language when comparing those data sets. As a result, companies can work together to deliver ads to consumers when a data match is found in these data sets.
However, third-party cookies will be deprecated in all major web browsers to protect consumer privacy when Google removes them from Google Chrome in 2023. Device identifiers are also becoming less prevalent due to platform changes that require consumer opt-in for companies to gain access to device identifiers. Ultimately, companies will have far less capability to capture online consumer data as consumers move from site to site and app to app. It’ll also be difficult for companies to compare their data sets to facilitate advertising transactions.
This is where Identity Solutions come in. Specifically, ID Solutions are designed to create a stable and reliable consumer identifier that advertisers may use to measure online consumer behavior and serve targeted advertising.
Cross-Domain ID Solutions Explained
Cross-domain ID Solutions attempt to create an identifier for consumers. It measures consumer behavior as they move from website to website and app to app. Cross-domain ID Solutions require consumer-provided information like email addresses to do so. ID Solutions will also need permission to use consumer information following various data security and privacy legislation worldwide. These include the ePrivacy Directive (EU), GDPR (EU), CCPA (the USA – California), and many more.
How Cross-Domain ID Solutions Work
The concept behind them is simple: consumers usually use a single email address on different websites and apps. As the consumer uses that email address to log in to websites and apps, make purchases, or sign up for email newsletters, the ID solution will recognize the email address is the same. The logical conclusion is that the same person uses the email address on multiple websites and apps.
Where Does The Data Come From
Cross-domain Identity Solutions rely on consumer information, like an email address. However, the consumer information doesn’t have to be an email address but should be unique to the consumer, such as a phone number. For the ID Solution to obtain this data, it must integrate with a website, app, or data provider.
The Identity Solution is then integrated with the website or app to create a consumer identifier when the consumer enters an email address and has provided the permissions necessary per various privacy legislation requirements.
How Identity Solutions Enable Ad Targeting and Measurement
Generally, marketers want to reach as many qualified consumers as possible. So successful cross-domain ID Solutions will be integrated into as many websites and apps as possible. Conversely, cross-domain ID Solutions not installed on many websites and apps will be less successful in helping marketers reach their target consumers.
Websites or apps integrated with the cross-domain identifier will need to add the identifier to the ad request generated when a web page or app loads. Then, the ad request (including the identifier) will be sent to ad-buying platforms, where marketers may choose to show ads to consumers based on the presence of the identifier. This process can be technically complex and usually happens in milliseconds.
When the consumer sees an ad targeted to them based on the identifier, the Identity Solution will have data that enables the marketer to understand the ad’s performance, including any ad clicks, screen time of the shown ad, etc. In addition, suppose the marketer is also integrated with the ID solution. In that case, the Identity Solution may also provide data showing a consumer purchased a product after being shown an ad for it.
Effectively, cross-domain ID Solutions can enable the same use cases provided by third-party cookies and device identifiers.
First-Party ID Solutions Explained
First-party ID Solutions are similar to cross-domain ID Solutions, but there are a few key differences. First, they only identify a consumer on a single website or app rather than identifying a consumer across multiple websites or apps. Second, they can use but don’t require consumer-provided information.
How First-Party ID Solutions Work
When a consumer visits a website or app, an identifier may still be created for that consumer on that individual website or app after the web browser and platform changes are fully implemented. For example, if a consumer provides an email address or other unique information, the identifier may be based on that information.
A first-party cookie ID, app user ID, or other first-party measurement solution may also act as a first-party identifier. In this case, the identifier is the ID of the first-party cookie or app user ID. It would enable the website or app to measure consumer behavior on that one website or app without needing the consumer to provide any information.
How They Work for Targeting and Measurement
First-party ID Solutions enable marketers to target consumer ads based on their online behavior on individual websites and apps. Once third-party cookies are deprecated and the availability of device identifiers is reduced, first-party identifiers will be the most prevalent identifier available for advertising use cases.
Marketers should prepare to take advantage of first-party identifiers for targeting and measuring ad performance. In addition, publishers should ensure they can create and facilitate using first-party identifiers for advertising.
How Identity Solutions Address Consumer Privacy
The deprecation of third-party cookies and the reduced availability of device identifiers result from increased consumer data and privacy protection. Therefore, any Identity Solution should also protect consumer data and privacy.
Identity Solutions generally operate with the idea that consumers can decide whether to opt-in or out of the solution. However, to make an informed choice, a consumer must know how the Identity Solution works. They must be aware that they have a choice, how to make it, and be able to modify it whenever. In other words, consumers should know they’re signing up for an Identity Solution.
The consumer should know they have specific controls over how their assigned identifier may be used or treated by the Identity Solution and companies who integrate it. Finally, they should know they have the right to request access to, edit, or delete their associated ID Solution data. This ensures the solution follows multiple privacy regulations, including GDPR, CCPA, etc.
Consumer Awareness and Choice
ID Solutions must address consumer privacy in three essential experiences to facilitate consumer awareness and choice. These are initial signup, changing permissions or settings, and data subject access requests (DSARs) defined by various privacy legislation globally.
ID Solution Sign Up
“ID Solution Sign Up” occurs when a consumer provides personal information, like an email address, used to generate an identifier. Companies should consider how they’re enabling the consumer to be aware that they’re signing up for an ID Solution. This includes detailing their choices on how the ID Solution is used and exercising their rights under applicable privacy legislation.
Some Identity Solutions place this information in a privacy policy behind a standard “I agree to the privacy policy” statement. Others make the information more available on the page at the time of signup. In the European Union (EU), the ePrivacy Directive generally requires consumers to consent to capture device information. The GDPR further requires companies to establish legal validity for using that information to complete business processes, including advertising. Several data protection authorities suggest consent is the only valid legal basis for most intrusive activities related to cross-site advertising. Consumers need appropriate awareness and opportunities to provide permission as legislation requires.
Generally, consumers relate increasing transparency and awareness with greater levels of trust. Harvard Business Review found that 90% of consumers believe how their data is treated reflects how they’re treated as customers. As such, each company should decide the best approach for helping consumers be aware of their choices. They should enable consumers to make choices to build trust. Further, each company should decide how best to comply with applicable legislation that may impact their ability to capture and use data or work with an Identity Solution.
Changing Permissions or Settings
Consumers who opted into an Identity Solution should be able to change permissions or settings they previously applied. In addition, each ID Solution often has a unique feature set for what permissions are available. This also includes how consumers interact with them and how easy they are to find and use.
Similar to awareness, permissions and settings that are easier to use will engender greater trust. However, permissions and settings that are harder to find or use will feel “shady” to a consumer, hurting trust. As part of the Identity Solutions evaluation, companies should ensure that chosen vendors enable consumer choices aligned with their desired or created brand image.
Data Subject Access Requests (DSARs)
Various privacy legislation has been passed, giving consumers the right to understand better and control how their data is used. Data Subject Access Requests (DSARs) are written into many of these laws. They usually give consumers the right to access, request edits, or delete the data a company has about them.
Identity Solutions should ensure they can facilitate DSAR requests from consumers and act on them appropriately. In addition, companies choosing ID Solution vendors should ensure the Identity Solution provides consumer-facing mechanisms for DSARs for any legislation that applies to their business.
Other Identity Solutions
There are two other types of Identity Solutions currently in the market. Both are cross-domain ID Solutions but risk not working when browsers fully implement their privacy-protecting proposals. Therefore, companies should complete appropriate due diligence to select solutions that will work after browser changes are fully implemented.
Pseudonymous Cross-Domain ID Solutions
There are a few proposals for Cross-Domain ID Solutions that would create a pseudonymous identifier for a consumer that would be synced either to a central server or through a network of servers by web or click redirects. Effectively, when a consumer visits a website participating in the pseudonymous ID Solution, the consumer would quickly be redirected to a different website that would set an identifier, like a first-party cookie, before quickly sending the consumer back to the original website. On the other hand, suppose many websites were to participate, and consumers were all redirected to the same website or a network of websites where the pseudonymous ID is set. In that case, online consumer behavior could still be measured across websites.
Pseudonymous cross-domain ID Solutions would effectively re-create the capabilities of third-party cookies. Web browsers like Google Chrome have stated they’re working to prevent this cross-domain consumer tracking.
Probabilistic Cross-Domain ID Solutions
Some Cross-Domain ID Solutions use combinations of data points about internet connections and/or device information to generate an identifier for different devices. This capability is sometimes called “fingerprinting” because it combines data points highly likely to identify individual devices. Like a fingerprint does for a human.
The primary data points used to create these probabilistic identifiers are IP address and User-Agent. The IP address is a string of numbers that identifies a specific device’s connection to the internet. The User-Agent provides information about the operating system, device type, web browser, app, etc., used to access the internet.
All major web browsers are beginning to implement changes to prevent this information collection. The stated goal of these changes is to “prevent fingerprinting” to avoid tracking consumer behavior across websites. Companies should complete proper due diligence to ensure that Identity Solution vendors are using technologies that will be viable after browser changes are fully implemented.
Limitations of ID Solutions
Explore the limits of ID Solutions and why they aren’t a one-stop shop, or even a perfect solution, for solving the changing addressability landscape.
