Internet and user privacy have been hot topics of discussion lately. Europe has adopted the General Data Protection Regulation (GDPR) as of May 2018, which deals in protection and privacy surrounding user data in the European Union and the European Economic Area. GDPR dictates that “not only do organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.” One of the leading technologies that come under fire in any privacy-based discussion and fall squarely within GDPR limitations is the use of browser cookies.
Browser cookies, for those who may not be entirely in-the-know, are used to track users, gather their information for advertising purposes, and provide certain web-based services such as live chats. Cookies aren’t new; they’ve been around since the early 90s when Netscape’s goal was to help websites become more profitable. But cookies have come a long way since the 90s. What started as a way for sites to start bringing in revenue has spiralled with the internet’s capabilities and turned into a privacy liability. One that users aren’t entirely comfortable with anymore.
Google Chrome’s Cookie Solution
Cookies, and their increasing privacy concerns are what bring us to one of Chrome’s newer privacy initiatives, Privacy Sandbox. The goal of Privacy Sandbox is to enhance the privacy and security of the internet for its users, while also offering support to publishers trying to navigate these increasingly murky waters. According to the Director of Chrome Engineering, Justin Schuh, the goal is to “address[ed] the needs of users, publishers, and advertisers, and [we have] develop[ed] the tools to mitigate workarounds, we [then] plan to phase out support for third-party cookies in Chrome.” The beginning phases of Privacy Sandbox are slated to begin nearer to the end of the year and complete in two years.
An alternative to cookies, Privacy Sandbox, encourages tracking options such a fingerprinting. Fingerprinting, Ars Technica explains, “collects small characteristics of a browser—for instance, installed fonts or plugins, screen size, and browser version—to uniquely identify the person using it. Unlike cookies, fingerprinting is harder to detect, and user profiles can’t be easily deleted from the stored cache. Privacy [S]andbox uses browser-based machine learning and other techniques to determine user interests and aggregate them with other users.”
The result? You’d still get your relevant ads, just with none of your individual tracking information stored.
But what would that look like?
The NPO’s Experiment
In May of 2018, in response to GDPR, Nederlandse Publieke Omroep’s—the Dutch Foundation for Public Broadcasting (NPO)—website asked users entering the website to opt-in or out of cookies. The notable thing about their prompt was that on other sites, where no reply from a user automatically allows cookies, their website automatically opted users who clicked past the warning out of cookies. As you might expect, many more users opted out of cookies, rather than into them—90% of users, in fact. Here is most likely where advertisers and publishers would have called it a catastrophe. And it may well have been!
Except, NPO found advertisements presented to users who opted out of cookies “were bringing in as much or more money as ads served to users who opted in. As of January 2020, NPO has found that their house-made server works well enough to give up cookies entirely. And rather than decline, its digital revenue is dramatically up, even after the economic shock of the coronavirus pandemic.”
Of course, the current argument holds that targeted ads are better for users to see relevant ads, and by extension, reach the precise right customer and obtain higher, more successful CTRs. This is done by programmatic, or automatic, advertising where advertisers bid to show their ads as a website is loading to a particular user whose profiles and browser history’s fit specific parameters. This was no longer an option on NPO’s website as 90% of their audience had opted out of cookies by opting out or clicking out of the question.
NPO took ad serving into their own hands, crafting their own programmatic ad server. Now when a user navigates to a page on NPO’s website, “a signal automatically goes out to advertisers inviting them to bid to show that user their ad. But there’s a crucial difference: With Google and most other ad servers, advertisers are bidding on the user. With [NPO] ’s new ad server, advertisers are blind—they receive no information on the user. Instead, they get information about what the user is viewing. Pages and videos are tagged based on their content. Instead of targeting a certain type of customer, advertisers target customers reading a certain type of article or watching a certain type of show. This approach, known as contextual advertising, harkens back to the days before microtargeting.”
As of January 2020, NPO has found that their house-made server works well enough to give up cookies entirely already. And they’re reporting a staggering increase in digital ad revenue, they’re up “62 percent and 79 percent, respectively, compared to last year.”
In light of the increasing demand for user privacy, Google’s Privacy Sandbox initiative, and the plan to vanquish cookies web-wide in the next two years, NPO could very much be on the cutting edge of a serious shift in the digital atmosphere. That isn’t to say that the entire world will end up on the same page eventually. Whereas GDPR and instances like NPO’s cookie experiment are more widely accepted in Europe, the “identity resolution” sector in the American advertising industry is working to develop ways to continue micro-targeting once cookies have gone the way of the dinosaurs.
It’s anyone’s guess where the advertising industry will end up in two years, and it may very well end up in slightly different places when compared across the globe. One thing is for sure, digital ads must remain compelling and continue to draw user’s attention—whether served as contextual marketing or microtargeting post-cookies.