The forces of regulators, consumers, and tech giants on data privacy are enough to push the digital advertising industry in a new direction.
Why it matters — The race for tech giants to earn consumer trust is heating up as regulators worldwide create laws to protect consumers' data online. Tech giants are signaling their desire to leverage their first-party relationships with consumers. Consumers, meanwhile, are choosing options that decrease the effectiveness of attribution-led advertising. This combination will force the industry in a new direction with massive change. There will be new winners and losers. Publishers and advertisers that adopt new ways of delivering ads to audiences and measuring results in a privacy-centric manner with ad tech partners will survive this shift and see outsized gains.
Online advertising is undergoing one of the most significant changes in its history.
Privacy and data protection awareness have grown as consumers spend more time online shopping. Regulators worldwide are working to create laws to protect consumers while enabling economic growth. Privacy-centric rights advocates have turned their attention to internet data collection, and tech giants are working to earn consumer trust to continue to collect consumer data.
Regulators, consumers, and tech giants are all forces shaping the future of online advertising in a privacy-conscious world.
Regulators’ Impact on Cross-Site and Individual Attribution
Individual privacy rights came against government intrusion into personal life. Privacy rights were strongly correlated with property rights. Such as an individual right to prevent government employees from entering their homes to collect information.
Technological progress, long before the Internet, pushed privacy conversations toward individual rights vs. corporations and other individuals. For example, the telephone invention triggered regulators to create laws protecting individuals from having their conversations recorded without permission.
The invention of cameras pushed regulators to create laws protecting against photographing private moments.
The technological wave of the Internet is squarely here, and regulators are paying close attention and getting involved.
For years, the industry largely avoided regulatory oversight by regulating itself through industry codes of conduct and transparency and interest-based advertising opt-out solutions. These included groups like the Network Advertising Initiative, the IAB, and the Digital Advertising Alliance and provided industry interpretations to regulations like the Children’s Online Privacy Protection Act.
GDPR
The most extensive official regulatory intervention of the Internet for data protection and privacy is the GDPR. This was major as it covers the activities of the 3rd largest economy and 450 million consumers. The GDPR went into effect in 2018, creating a new era in online privacy. The GDPR is in line with most privacy jurisprudence, offering consumers protection from unexpected uses of their data, the ability to opt into and out of data uses, and consumer data portability requirements. In addition, the GDPR lays out a hierarchy of data type sensitivity, ascribes higher protection for more sensitive data elements, and incentivizes companies to collect less sensitive data and fewer data overall to achieve their goals.
CCPA
In 2019, California’s CCPA preparations swept across companies doing business in California as they prepared for a January 1st, 2020, enforcement date. Like the GDPR, the CCPA offers customers protections from unexpected data uses, giving them the right to opt out of specific uses of their data and to delete data about themselves from companies. Unlike the GDPR, the CCPA emphasizes the “sale” of information. Like the GDPR, the CCPA distinguishes between primary collectors of consumer data (“businesses” in CCPA, “controllers” in GDPR) and subsequent recipients of the data (“service providers” in CCPA, “processors” in GDPR). However, it applies slightly different requirements to the roles. It’d be a mistake to assume that because one is a service provider under the CCPA, they’re not a controller under the GDPR or vice versa, as they’re defined slightly differently.
Regulators everywhere are now looking at the impacts of the GDPR and CCPA on the economies and consumer rights of their respective jurisdictions and weighing whether the outcomes are something they want to bring to their constituents. In all cases, regulators want to ensure that consumer privacy is protected and that businesses can continue to generate jobs and growth. Their task is to make the tradeoffs to achieve those goals.
The immediate impact of regulatory action on online advertising has been the tech giants’ responses to limit access to consumer data. It also included shifting away from allowing cross-site advertising and individual attribution to only single-site advertising and individual attribution on sites where consumers see an advertisement and later convert it to meet the advertiser’s goals.
Consumers Are More Aware of Their Digital Privacy
Consumers view ads, consume content, and purchase online more than ever. Advertisers savvy to this have pushed online ad spending to 138 billion dollars. Consumers also increasingly turn to privacy-protecting or privacy-enhancing technologies that impact advertising.
For example, tech-savvy consumers frequently use adblocking scripts. Some use browsers that block vendors that websites rely on for advertising and marketing by blocking third-party cookies or scripts. In addition, consumers state in surveys that they’re concerned about hackers and want to reduce their digital footprint.
Many of the options selected by consumers result in a decrease in advertising effectiveness that relies on cross-site individual attribution. Or where an ad is shown to a user on a property different from where the individual ultimately converts. Branding, awareness, and broad-reach campaigns are less impacted than DTC direct response campaigns.
Tech Giants Prioritize First-Party Relationships
The tech giants with sizeable online advertising business lines are also making many changes to protect their customers’ privacy, often from other companies and competitors.
Browsers are reducing the amount of information websites can collect from their visitors. In addition, mobile operating systems are reducing the ability of apps to correlate an individual across apps, siloing each app’s view of a consumer and causing cross-app campaigns and app-to-web campaigns to suffer.
Some are experimenting with re-inventing their ad infrastructure to introduce private audience matching and attribution even within their properties. While these experiments are early, they signal that the tech giants want to ensure a first-party relationship with a user. From ad exposure to attribution, this path will lead to a successful ad business.
The paths the tech giants have chosen all share some characteristics:
- First, they prioritize first-party relationships with customers, playing to their strength of having an established user base.
- Second, they increase the value of end-to-end integrated ad stacks. This creates difficult choices for advertisers and publishers who want the flexibility to work with the best company for each task rather than having to choose from them.
- Finally, they trend towards keeping individual user data on devices, in-app, or in-browser, rather than permitting other companies to access it.
How Will This Impact on Digital Advertising Market?
The force of any of these groups alone is enough to push the industry in a new direction. They’re unified in a rough direction which guarantees massive changes are coming. There will be new winners and losers. Publishers and advertisers that lean into choosing audiences in new ways and measuring results in a privacy-centric manner with forward-thinking ad tech partners will see significant gains.
At TripleLift, we invest deeply in predicting and shaping the privacy and identity future of our publishers and ad buyers. We also listen to our partners to ensure they can achieve their advertising goals. Are you prepared for the upcoming changes?
