25 March 2021
Walled gardens, data clean rooms and third party cookies - how campaign measurement is poised to change in 2021 and beyond!
If you’re a paid click consultant, chief marketing officer (CMO), analytical lead or happen to fill a similar type of role in your company, you may be wondering what the future of online ad measurement looks like when third party cookies are finally put to pasture.
If so, you’ve stopped in the right place. Whilst this article won’t exhaustively cover exactly how things are likely to change once third party cookies are dead, buried and cremated, it’s worth remembering that nobody in the industry knows for sure how things will look in 2022 and beyond.
At the moment, there is fragmentation within the industry as to which tools or method(s) will eventually replace third party cookies for advertisers and many of these key moving parts are still in their development phase.
Given this uncertainty, I will attempt to provide an introduction to some newer measurement tools and techniques so you can start to explore these options today, and give your business a clearer sense of direction going forward.
To kick things off
Let’s establish the concept of a closed platform and how that relates to some new tools on the market, with thanks to Wikipedia:
“A closed platform, walled garden, or closed ecosystem is a software system wherein the carrier or service provider has control over applications, content, and media, and restricts convenient access to non-approved applicants or content. This is in contrast to an open platform, wherein consumers generally have unrestricted access to applications and content.”
Ever heard of a data clean room?
The original term clean room, and its usage, came from the manufacturing industry. Tight quality control meant that during manufacturing, a room needed to be free of any foreign contaminants, lest it spoil the end product. This is big across all types of food manufacturing as cleanliness is super important for quality, regulation and consumer health reasons.
Stemming from this, the term data clean room was adopted by the digital advertising industry to explain a method of providing access to a wealth of data, but with strict constraints and or rules which govern that access.
The most recent adopters of data clean room usage in the industry - Google, Facebook and Amazon. These companies are heavily investing in data clean rooms because of a need to be able to prove to businesses that their advertising dollars are being spent wisely within their ad tech ecosystems. At the same time, they must walk the tight rope of respecting and protecting user privacy.
Serious breaches involving user data, both in terms of security and privacy, have wrecked havoc for public trust in companies such as Facebook recently, where user data access was unrestricted and shared openly with a third party. The most publicised example being the Cambridge Analytica scandal.
This kind of breach and negative publicity has further pushed these companies towards data clean room solutions, such as Google’s Ads Data Hub (ADH) and Facebook’s Advanced Measurement platforms. However, these clean rooms, also referred to as walled gardens, impose restrictive access constraints. For instance, you can measure your ad performance within Google’s Ad Tech ecosystem or within Facebook’s Ad ecosystem, but measuring your performance across both ecosystems (multi-touch attribution) is already difficult to do today.
If walled gardens are to become the new norm, it’s likely that accurate ads campaign measurement will become more challenging going forward.
What do these walled gardens do exactly?
At a high level, once you provide your business’s data, e.g. conversion data, these platforms will allow you to match, via queries, your own datasets to Google or Facebook’s respective ad platform datasets (think of data such as impressions, clicks, likes, shares or other interactions of intent). By using these walled gardens and the data they can provide, you can uncover new customer insights and learn more about how respective interaction points on these networks lead to a sale or conversion further down the line.
Below is an example of ADH’s dataset matching process:
Left side: DV360, Google Ads, Youtube data is available to be queried in Google owned BigQuery project.
Right side: Customer owned BigQuery project contains recent conversion data (eg: sales data)
Centre: Customer using Ads Data Hub is able to query both datasets, return matching aggregate data and find actionable insights, all whilst protecting user privacy.
How is user privacy protected?
Using Google’s ADH tool as an example of how user privacy is being protected, there are a few methods employed to protect users:
Insights are based on aggregate level data (not individual user level data)
You don’t send your data directly into ADH itself, rather you upload it to your own Google Cloud platform BigQuery project and use the BigQuery platform to extract data from ADH.
The data is merged in a form of “no man’s land” (outside your project) and returned to your datasets/project, when a match can be made
In other words your first party data (conversion data for example), does not enter Google’s walled garden and Google’s advertising data is not able to be exported outside of the platform (out of the walled garden)
You retain control over your business data
You can only query Google’s user data in ways that Google permits
There are also additional privacy thresholds and filters because even if your query returns a match between your data and Google’s data, ADH will only return data if the result is above a pre-determined threshold.
Query limits which may apply
If ADH determines a specific query will only return X or less rows* the result may not return any data at all. *Where ADH determines results less than X may infer information about a specific user.
However, it’s not just row limits which may block a query returning data. Since ADH reviews your historical query results to determine if data should be omitted or returned, the running of certain queries may trigger a privacy protection check. This is especially true where returned results don’t change adequately between each new query.
ADH prevents the “Guess Who” approach
If you’ve never played the board game of Guess Who, watch this 50 second introduction to the game to get up to speed. The idea of the game, is that each round brings you closer to identifying your opposing players character via a process of eliminating questions about each players character. As you progress you place characters faces down which you’ve ruled out with each round of questions.
If ADH was your opponent in Guess Who, then ADH would let you ask generic questions that matched multiple characters (rows of data or faces). However, if you asked ongoing subsequent detailed questions that only applied to say three or less characters, then ADH wouldn’t give you a response.
To clarify, ADH prevents queries that would result in a similar process of elimination to the game Guess Who, in an effort to protect user privacy.
The last layer of protection worth mentioning involves blocking some advanced SQL functions, which may expose user data if misused. You can read more these restrictions on the privacy checks page of ADH developer docs.
Will privacy sandbox tools like ADH still let you build smart lists?
Yes, you can build and manage audiences via ADH, although there are conditions and limits. The types of lists you can build can be split into two types:
Lists based on how users have interacted with prior ads
Exclusionary conditions to assist with frequency capping (DV360 only)
Currently, these lists won’t automatically refresh on their own and require ongoing queries being run to maintain a given audience list.
How will this replace third party cookies?
Up until now one of the reasons that Ad Tech platform providers have been able to collect so much data for targeting purposes and smart list building is because they have been able to extract it via the prevalent use of third party cookies and the cross site tracking that they have enabled.
However Google recently shared a post titled, Charting a course towards a more privacy-first web. In it, Google’s Director of Product Management for Ads and Trust, David Temkin, states:
“Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.”
And this is precisely where tools such as ADH and the FLoC proposal we blogged about prior begin to come into play. They allow companies to discover similar insights to what was facilitated via third party cookies, but also claim to prevent the kind of cross-site and invasive user tracking that third party cookies facilitated.
The perfect storm is driving industry reform
Right now a number of factors are all converging to create a perfect storm in the digital analytics and measurement industry. If you’ve been a reader of our blog for a while you’ll note that we’ve previously cited Government regulation around user privacy through GDPR, COPPA and in Australia the 1988 privacy law review as partially responsible. It is clear that regulation is pushing Big Tech companies that collect massive quantities of user data to treat collected data with a lot more caution, care and respect.
On the other side of the same coin, the tech industry is also regulating itself, with companies like Apple using their market power and Intelligent Tracking Prevention (ITP) initiatives to gradually erode the reliability of third party cookies.
The following timeline demonstrates how third party cookie functionality is quickly crumbling as respective browser vendors deploy more and more stringent privacy measures.
Image: The Genesis of Browser privacy restrictions and the death of third party cookies can be traced back to Safari ITP 1.0 in 2017.
Whilst regulation and browser changes are playing a part in the demise of third party cookies, end users are becoming increasingly more attuned and aware of how they are being monitored and how the subsequent collected data is being handled.
This is further motivating users to opt out of products in revolt of changes and tweaks to terms and conditions or where possible move platforms to other providers where alternatives do exist. Refer to MeWe adds 2.5M users in 1 week.
For this reason, we firmly believe the companies that take user data seriously are the ones that will survive and flourish if third party cookies cease to function. Reading between the lines on Google’s recent announcement to finally kill off third party cookies, it appears they are trying to get ahead of Government and Industry regulation which threatens their existing business model. But it may also work to their advantage.
So who is going to benefit most?
If you thought this was going to displace the companies currently at the top of the Ad Tech food chain, the following news may be somewhat disappointing. Those that are currently set to benefit most are also the businesses with the biggest respective audiences of registered user accounts.
Facebook has 2.8 billion active users, Google’s numbers are a little harder to provide exact parity with (since they are split over multiple product offerings) and Gmail alone accounts for 1.5B user accounts globally.
Google and Facebook will still be able to identify signed on users who interact with their products and services, often cross site thanks to their popular login integrations (device graphs). Other Ad Tech companies, who don’t enjoy the benefit of the same massive user footprints, may be at a disadvantage since they don’t have the same kind of first party identifiers in wide use at their disposal.
“Google hasn’t promised to stop personalised marketing, or gathering of data, inside its own products - which would involve changing its current product terms and conditions. Regulators still need to ensure competition, through legislation, or advertisers will have little choice as to where they spend their money and there are fewer privacy advantages for the average user. You have one large trillion-dollar company that effectively, through an unfair contract, tracks you more of the time, the only difference is you’re going to be logged in, and part of their walled garden. How does that make people more private, or more secure?”
So how should my business proceed going forward?
There isn’t a single magic bullet solution to adapt to a world without third party cookies. Rather, we believe there are several technologies that will help minimise disruption to your online campaign measurement and efforts.
These tools are all good places to focus your attention and energy going forward:
But as you may have gathered by now, working with these new data hubs, privacy sandboxes and campaign measuring tools will not be a direct plug n’ play affair and will likely require extensive changes around how you measure the effectiveness of your advertising today.
The current situation is not too dissimilar to the 1980s when VHS or Beta video formats were looking to dominate the home VCR market. Eventually VHS won that battle after a few years competition in the marketplace, at which point it became more and more difficult to find BetaMax machines or tapes.
Which tools and techniques will ultimately prevail in the Ads Measurement industry over the next few years is yet to be determined, but the more familiar you are with the existing tools and options, the less likely you’ll be caught blindsided when an eventual winning solution does emerge.
If you’d like help making sense of these new tools, platforms and concepts or you’re looking for data engineering expertise, get in touch with our team and we’d be happy to chat and help formulate a digital strategy for your business in 2021 and beyond.