Joining the FLoC? Be Ready for the Future of Cookie-less Identity

(Many thanks to my colleague Ariana Wolf for lending her expertise to this post) 

There are seismic changes coming to the ad tech and digital advertising industry. Due to browser changes and new privacy regulation, third-party cookies are going the way of the dodo! 

Recent History

We’ve been hearing about these privacy developments since Apple introduced Intelligent Tracking Protection (ITP) and started blocking third-party cookies in Safari and iOS. Google followed up with Privacy Sandbox and later announced the end of third-party cookies by 2022. 

Google and other industry players are now trying to chart a course through the cookieless future that works for advertisers, publishers and consumers alike. The vision is a world in which digital ads can still be targeted to people based on their online behavior, but in a way that respects individual data privacy.  

The Google Privacy Sandbox is a collection of proposals for what this future could look like, based on two key principles:

1. Replacing features and capabilities served by cross-site tracking (and the removal of third party cookies that enables such tracking)
2. Mitigating workarounds to ensure the new environment functions in a privacy-safe way.

While the Privacy Sandbox proposals are still just that — proposals — Google has put a clear stake in the ground by publicly committing to not only deprecating third-party cookies in Chrome, but also to avoiding the use of alternate identifiers to track individuals as they browse the web or use Google products. 

What’s at stake

As digital consumers, we value privacy considerations and regulations. At the same time, we know that the funding of the open (i.e., non-walled or authenticated) web is largely dependent on advertising revenue, with publishers of all sizes reliant on ad revenue to operate. Advertisers and ad networks dearly want accurate targeting, to spend their ad dollars wisely and efficiently, and to measure the performance of their ads to attribute what’s working. Consumers also want, and benefit from relevant, personalized experiences and advertising online. Everybody will be impacted by these changes.

Sandbox proposals currently taking flight

As mentioned above, Google introduced the Privacy Sandbox as a first step in determining the new future of identity, privacy and advertising. The goals were to preserve the ad-supported web while limiting intrusive cross-site tracking, third-party cookies, fingerprinting, cache inspection, link decoration and network tracking. The idea is to create a set of privacy-preserving, browser-based APIs to anonymize and aggregate user data so that no individual user can be identified, but still allow advertisers to use this data to serve ads, use interest-based targeting, and measure conversions.

Google’s migration to FLoC and TURTLEDOVE

The leading Privacy Sandbox proposal Google is considering is called FLoC, or Federated Learning of Cohorts. FLoC works by applying machine learning to data that is stored in the Chrome browser to create cohorts or anonymized groups of users with similar interests. Advertisers can select the cohorts they wish to target without getting any private user data.

According to a recent study by Google, FLoC will reproduce 95% effectiveness of targeting using soon-to-be-legacy third-party cookies. Some in the industry have questioned the 95% effectiveness number (since it was based on simulations of FLoC, among other factors), but Google has stood by it. FLoC is limited to working only on Google Chrome browsers, so advertisers may have to employ separate approaches to Google-owned properties versus other ad networks/venues. FLoC will allow marketers to only target users at the group/interest level, not the individual level, meaning the level of granularity or specificity that we’re used to today, will no longer be available in order to protect identity. We’re moving from precision marketing to predictive marketing and marketers need to adapt.

For remarketing, Google has a complementary proposal called TURTLEDOVE, which also stores data in the browser and can match general categories of consumer interest to ad auctions to determine which ad is displayed to certain users. Google has been working with ad tech providers to solicit feedback on TURTLEDOVE, leading to a number of other spin-off proposals for how it should work. These include many other bird-themed ideas: SPARROW (building a third-party gatekeeper, proposed by Criteo), PARRROT (allowing publishers to retain control of the auction, proposed by Magnite) and others, which Google has taken into account and incorporated into TURTLEDOVE’s most recent iteration, FLEDGE. While there’s still much to determine as far as how FLoC and FLEDGE will work precisely, these are Google’s two leading proposals as of now. 

Google’s proposals have been received both favorably and critically, depending on who you ask.  But the fact is that in 2022 third-party cookies will be deprecated in the world’s leading web browser, and that Google will replace them with something entirely new, whether it’s FLoC, FLEDGE or something that’s yet to be created. And if anyone has the resources, data and capabilities to help shape the new web, it’s Google. 

If your head is spinning following all the birds, just keep in mind that ad networks collect three broad categories of information that Google’s proposals are looking to preserve:

• Targeting based on context (contextual ads): When you hear “contextual” think first-party and contextual information, i.e. you as a publisher informing advertisers to place ads on pages related to specific topic (e.g. international news)
• Targeting based on interest (FLoC): in this approach, the ad will be served based on the interest of the person who will see the ad (e.g. Music lovers)
• Retargeting (Turtledove/FLEDGE): based on previous actions the person has taken (e.g. offer free shipping to someone who started the ecommerce checkout process)

A rebuild of how the web works

Beyond Google’s Privacy Sandbox initiative, dozens of other proposals are being discussed by a consortium of industry players in the W3C Web Advertising Business Group, each with a different approach and often different use case. These proposals are intended to address digital advertising use cases such as impression and viewability measurement, conversion measurement (including multi-touch attribution and cross-device/cross-browser measurement), fraud prevention, brand safety and transparency in billing. We’re witnessing a rebuild of how the web works.

Some of the other proposals to replace third-party cookies focus on identity. One of the leading contenders is Unified ID 2.0, which was put forth by The Trade Desk, a major demand-side advertising platform. Unified ID 2.0 is an open-source identity framework built from hashed and encrypted email addresses. As of now, The Trade Desk has transferred the operations of the Unified ID 2.0 framework to Prebid.org (a non-profit led by industry peers). 

In its’ March 3rd announcement, Google explicitly stated that its future approach will not use identifiers to replace third party cookies, casting doubt on the viability of Unified ID 2.0 and similar proposals being adopted industry-wide.  

Things to consider (as of now)

We have a little time before these changes take effect, but not much – about a year.  Ad tech companies are working to determine what to do with the limited knowledge of the future that we all have. Critical details on how these changes will be implemented have yet to be determined, and the overall impact and acceptance of these changes remains to be seen. 

On March 30, Google started rolling out FLoC on a sample of Chrome users and publishers are giving feedback, but this capability is not yet available broadly. 

To prepare for the cookieless future, here are a few steps you can take now:

1. Your first-party data strategy will be essential to the future of digital marketing, whether FLoC, FLEDGE, Unified ID 2.0 or other proposals come to life. Google has stated that first-party data will work as an input to targeting and tracking on its products. First-party inputs are also critical to identity-based proposals. Invest now in collecting and enhancing your first-party data before third party cookies are deprecated so that you have a competitive edge when they are. It can take time and investment to collect the data, plus build the toolset, infrastructure, and processes needed to capitalize on it, so it is critical to begin as soon as possible. When the changes are finally activated in 2022, you will be ready to power your future marketing.
2. Start setting and managing the expectations internally that reporting, conversion and attribution will be impacted by these changes, and as of now we don’t know what the impact will be.
3. Be ready to test when FLoC, FLEDGE and other ad targeting options become available, learn from testing and be ready to update your workflows.
4. Advertisers with a large marketing spend can invest in advanced measurement techniques such as media mix modeling (this is not going to be real-time measurement and it’ll require historical data)
5. Stay up to date on changes in the ecosystem on both the privacy regulations front as well as the tech companies updates (e.g. Apple’s AppTracking Transparency)
6. Don’t lose the trust of your customers. Ensure your tracking practices follow your stated privacy policies and applicable consent requirements (and of course, are created in partnership with your legal team)

We’re helping our client brands to conduct audience creation, testing strategy and impact analysis to adopt FLoC and FLEDGE methodologies when the time comes. But more urgently and importantly, we are providing support for the larger privacy-oriented first-party data journey that all organizations should be pursuing right now.

Contact us to speak with a first-party data specialist.