Understand the limits of ID Solutions to help choose the best solutions for your business.
Why it matters — ID Solutions are the hot topic in digital advertising in preparation for the deprecation of third-party cookies. Learn about their limitations so you can consider a portfolio-based approach that addresses the gaps left by ID Solutions.
Identity (ID) Solutions, Not Without Limitations
Identity (ID) Solutions are gaining new life in the eyes of marketers as third-party cookies and other ad identifiers are phased out. They come with taglines like “Future-proofed identification for digital advertising” and “Proactively protect your investments against ID loss”.
However, it’s important for companies to evaluate these solutions with an eye towards the changes driven across the internet ecosystem. The information below should help companies create a framework for evaluating various ID solutions.
Browser and Platform Changes To Prevent Cross-Domain Identification
Web browsers and platforms have stated they are focused on preventing cross-domain and cross-app consumer identification. Effectively, a company should not be able to know that a consumer visited websiteA.com (or AppA) and then subsequently visited websiteB.com (or AppB).
To do so, web browsers and platforms are making technical and policy changes that will make it far more difficult to achieve cross-domain identification. These changes include, but are not limited to:
- Deprecating third-party cookies
- Masking IP addresses (eg: “Gnatcatcher”, iCloud Private Relay, Mozilla VPN) and User Agent information (e.g. “User Agent Client Hints”) so individual devices may not be probabilistically identified or “fingerprinted”
- Updating mobile device identifiers so they require opt-in consent on an app-by-app basis (Apple iOS14.5+)
- Enabling consumers to generate temporary email addresses for one-time use (Apple Hide My Email)
These changes don’t prevent website or app owners from convincing consumers to provide their information in exchange for something of value (ex: goods, services, content, etc…), but they will make it more difficult for those consumers to be recognized on other websites or apps on the internet. As such, the utility of ID Solutions that rely on some of the impacted capabilities will be limited.
Consumer Permission, Awareness, and Choice
ID Solutions are often, but not always, based on consumer-provided information, like email address, phone number, or other uniquely identifying data. Consumers should be made aware that they are contributing their data to an ID solution, that they are giving certain permissions for how their information may be used, and that they have choice and control over their information in the future. However, not all ID Solutions treat these consumer interactions the same way.
First, different legal frameworks will apply depending on where the consumer is located, the consumer’s citizenship, and where the company is located. While the advertising industry is global, the laws that apply to consumer data are largely regional in nature and will have unique requirements.
As an example, ID Solutions that capture identity information about European Union (EU) citizens should have good answers for how they comply with the ePrivacy Directive and GDPR. To comply with the ePrivacy Directive, they will need to provide certain controls for consumers to provide consent, change consent and revoke consent. To comply with the GDPR, they will need to provide appropriate notice and transparency into the purposes for which they process data and the legal basis on which they rely, obtain consent for those that require it, provide consumers the right to object for those that require it, perform Data Subject Access Requests (DSARs), including the ability to view, edit, and delete data captured about them and comply with the other host of requirements that may not be obvious but are required of companies capturing, using and sharing user data.
Second, there isn’t a global framework for consumer interactions that ID Solutions must follow. Most ID Solutions have created separate and proprietary systems to enable consumers to make choices related to their information. Some ID Solutions make consumer controls readily available to consumers, whereas others make consumer controls difficult to discover, difficult to navigate to, and provide very limited options for consumers to make changes.
A few ID Solutions are marketed directly to consumers to help them manage their identity online, including logins and privacy preferences. To effectively meet the needs of consumers, these solutions must focus on solving pain points for consumers and make it easy for them to update their permissions, consent, and control access to their data. Other ID Solutions aren’t as consumer-focused and may make it more difficult for consumers to update their permissions, consent, or to control access to their data.
Finally, some people in the internet ecosystem believe that all consumer identification will require clear and unambiguous consumer consent or at least fulsome opt-out rights in the future as a result of increasing regulation. If true, it may force ID Solutions to push the reset button on any identities already present in the system. It’s difficult to predict exactly what will happen if future regulation requires clear and active consumer consent, but it will likely present a challenge to companies who base their advertising or business entirely on the presence of a cross-domain identifier.
As companies consider the use of ID Solutions, they should consider how the ID Solution treats the consumer touchpoints. Does the ID Solution enable easy integration with any existing privacy or permissions frameworks already in use? Does the ID Solution make it easy for consumers to exercise choice or make changes? How will the brand image and consumer trust in the brand be impacted by the controls provided by the ID Solution? If using more than one ID Solution, how will the company respond to an opt out of one ID solution but not the other? How will the ID Solution be impacted if clear and unambiguous consent is required from consumers in the future?
Consumers Rarely Sign Up Online
As illustrated by the Addressability Spectrum, relatively few websites are able to capture consumer-provided information for the purposes of creating identifiers at a scale that is valuable to advertisers. The vast majority of websites will be unable to convince significant amounts of their consumers to create an account, buy a subscription, or sign up for a newsletter in order to capture an email address.
Many websites and apps have made valiant efforts to increase the amount of consumer information provided by consumers, but most have not significantly moved the needle. In fact, most websites are able to earn identifiers based on consumer information less than 2% of the time. This statistic applies to some of the largest websites and apps in the world. To be clear, this isn’t pointing a finger at poor performance by website and app owners. Rather, it is highlighting that convincing a consumer to sign up for a product or service is really difficult. The fact that some of the largest websites in the world, with high repeat viewership, fall into this bucket is an indication of that difficulty.
Expanding on that difficulty, a transaction occurs when a consumer provides information. Consumers are expecting something of significant value in return when they provide their information. If a consumer is forced to provide information to access something she values on the internet, chances are high that there is a competitive product, service, or content that will not have as much friction for the consumer to access similar value. Further, if the consumer is purely browsing the internet for entertainment and not to complete a specific task, the difficulty of capturing consumer information is even more challenging.
If many websites or apps begin requiring consumer login or subscriptions, consumers are more likely to find alternative ways to spend their time or find alternate paths to obtain the value they’re seeking. As such, consumer signup rates may increase by a few percentage points, but it’s unlikely that consumer behavior will undergo a wholesale change overnight.
Website and app owners will need to decide how to balance their desire to capture consumer information with their desire to maintain viewership. Companies that are considering ID Solutions should understand the sources of consumer identity and the quantity of unique identities that are available.
Website and App Participation In ID Solutions Is Low
Significant effort is required to create valuable products, services, or content for consumers to voluntarily trade their information to access those products, services, or content. After websites and apps go through the effort to earn consumer trust and consumer information, they likely aren’t going to willingly give that information to other entities if there is a risk that they lose control of that data and their competitors are able to profit as a result.
This impact is playing out with ID Solutions. There are more than 100 million websites on the internet, but the leading ID Solution implemented using Prebid.JS has just over 25,000 installs as measured by an independent third party. 25,000 installs is significant and difficult to achieve, but the implication is that there are few websites, relative to the whole web, that will have the capability to achieve any ID match at all.
The more work that websites and apps do to earn consumer information, the more likely they are to be protective of that information. If that’s true, then the origin of shared consumer identities is less likely to come from premium websites and apps that offer goods, services, or content that is capable of earning consumer trust and consumer information at a large scale.
Companies that are considering ID Solutions should understand the install footprint of the solution and be confident that the websites and apps where the ID Solution is installed is sufficiently large to achieve their goals.
ID Match Rates Will Be Low
A significant impact of low consumer sign-up rates and low website participation is that match rates with advertiser data are also low. Specifically, advertisers will often attempt to serve ads to prior customers by using information about those prior customers to find them on other websites or apps. Third-party cookies and Ad IDs made this process fairly straightforward. However, this will not be as easy with ID Solutions.
Once browsers and platforms fully implement their planned technical changes, IDs may only be matched based on an exact data match between the data captured by different websites or apps. In other words, if an email address is the same on different websites or apps, then there can be an ID match. The impact can be evaluated in two ways.
In the first method, assume that regulatory changes or technical changes by browsers and platforms will prevent IDs captured on one website / app from automatically being used to identify the same consumers on another unrelated website / app. The total potential match rate for any given website will be equivalent to the total percentage of visitors that the website or app can identify. Using this method, less than 2% of identities are likely to be matched on any given website or app as the vast majority of websites have not captured identities for more than 2% of their audience. Some websites / apps will achieve higher match rates, but they will be few and far between.
In the second method, assume that IDs captured on one website / app may be automatically used to identify the same consumers on another unrelated website / app. Specifically, the ID match rate on any given website will be equivalent to the overlap between the individual website visitors with the set of all known ID Solution identifiers as compared to the overlap of IDs known by the advertiser. If the average website contributes less than 2% of all identifiers, and the largest websites contribute most of the identifiers, the smaller websites will stand to gain far more than the largest websites. Under this scenario, the largest websites should clearly understand that they are limiting their revenue by enabling ad targeting of their consumers on other websites.
Companies that are considering ID Solutions should be aware that ID match rates on a website by website or app by app basis are likely to be low. Additionally, ID match rates will be influenced by regulatory and / or browser and platform decisions.
Cross-ID Syncing Without Clear Policy Frameworks Or Consumer Protections (Or Universal Consumer Opt-in Without Universal Opt-out)
Currently, multiple ID Solutions in the market are linked together as a result of contractual agreements they have made. This has significant consumer impacts that most consumers aren’t aware of. When a consumer agrees to participate in one ID Solution, the identifier is replicated in several other ID Solutions. If the consumer later chooses to opt out of the original ID Solution or delete the identifier, the linked ID Solutions are under no such obligation. In this situation, the consumer is likely not aware of the linked ID Solutions or that an equivalent identifier exists in other systems.
As not all ID Solutions offer the same access to consumer controls and there isn’t a global standard for ID Solutions to provide common consumer control functions, consumers are unlikely to effectively make their desired changes. The consumer identity, based on consumer provided information, is effectively irrevocable by the consumer.
This scenario can create risk for companies. If a company is integrated with more than one of the linked ID Solutions, the company will likely receive an opt out signal for the ID Solution the consumer opted out of, but the other ID Solutions will show the ID as still valid. If the consumer’s identity is used in this scenario, the company may be at risk of using consumer information that shouldn’t be used.
To avoid undue risk, companies that are considering ID Solutions should carefully examine the relationships and agreements in place with other ID Solutions and ensure that consumer choices are evenly represented across all linked relationships. Until a trusted and verifiable global ID Solution framework is in place to enable consumers to control their data in all settings, companies will need to ensure they complete proper diligence themselves.
Probabilistic IDs Are Threatened
Several ID Solutions use “probabilistic” methods to link data collected on one website or app to data collected on another website or app. These methods often use connection or device data, such as IP Address and User Agent, to link the different data points as the connection and device data isn’t likely to change. The combination of the IP Address + User Agent is often enough to re-identify a specific device on websites or apps.
All major web browsers have already, or are planning to, mask IP address information in order to prevent probabilistic identification. Further, Google Chrome is making changes to the amount of User Agent information that is available in certain circumstances. The combined effect of these changes will make it incredibly challenging to create probabilistic identifiers.
Companies that are considering ID Solutions should evaluate the amount of probabilistic matching that is used to develop identifiers. Browsers and platforms are likely to continue working to prevent probabilistic matching, so choosing an ID Solution that is primarily based on this data may provide some short term value, but long term value is at risk.
Alternatives to Cross-Domain ID Solutions
In a future post, we’ll dig into emerging solutions, like Clean Rooms, that offer an alternative to ID Solutions and enable websites, apps, and advertisers to leverage their first party data without needing to share it or risk having it unexpectedly provide an advantage to competitors.