Some background
During the early days of the internet there was a joke that went like this: “On the internet, nobody knows you are a dog”. It alluded to the idea that anybody could be anything or anyone online – even if you were a dog pretending to be a cat. This joke played well into the human need to be in control of who knows how much about us. Websites that we only visit once and then never again should not know as much about us as the email provider that we interact with daily.
Alas, the third-party cookie actively diminished this distinction without much restriction at all, allowing for the creation of online identities that are overly sensitive. Over time the triad of society, technology providers, and regulators converged to the understanding that those third-party cookies are a malformed solution prone to misuse and uncontrollable infringement of user privacy. Therefore, one technology provider after another discontinued support for third-party cookies. Google Chrome now is the only player due.
In the meantime, all the new privacy enhancing technologies that browsers and operating systems have introduced as replacements for third-party cookies strengthen the requirement for online identities to be prismatic, to be different based on the purpose of the processing or the depth of the relationship between the user and the website. This requires there to be many different and specialized solutions for all the things that third-party cookies once solved.
In this article, we will take a closer look at one of the solutions designed to solve some of the advertising challenges in the scenario that there is a deeper relationship between users and websites, the so-called “lower funnel”. Namely, user-provided data.
What do you mean “user-provided data”?
The challenge of lower funnel advertising continues to exist, third-party cookie or not. Advertisers want to re-engage existing customers with new generations of products or complementary services. Therefore, people working in adtech companies started to look for identifiers that work across website-contexts and could allow for this type of advertising. They found it in a type of data many internet users carry around in plain sight and are willing to provide to website owners if need be: email addresses, phone numbers, and other types of directly identifying data. Few people actively use more than one email address. Fewer people actively use more than one phone number. Therefore, from an adtech-perspective, this creates the advantage that most people will re-use the same email address for their Facebook account, their Google account, or their TikTok account.
Image 1 shows an exemplary identity graph that advertisers collect about a user for measurement and/or targeting purposes. The cookie IDs on each of the user’s devices are different which leads to a fragmentation of the identity graph. However, in the likely case that the user uses the same email address across all those devices, the collection of it will allow for linking all those devices together and defragmenting the identity graph about the user.
So, if advertisers started enhancing the purchase conversion with the (uniquely hashed versions of) email addresses of the customer before sharing it with different advertising platforms, the data collected would allow for a more comprehensive understanding of the user journey, from their first ad impression to the final purchase. This leads to more accurate attribution of conversions to marketing campaigns. Google has assigned a dedicated brand name to this process (“Enhanced Conversions”), so did Meta and TikTok (“Advanced Matching”), while other adtech vendors simply backed this possibility natively into their data ingestion protocols and did not invent a special brand name for it (e. g., criteo). In addition, the use of user-provided data allows advertisers to retarget those users with ads across both different websites that the user visits and different devices that the user is using. Thus, from the advertiser’s perspective, sharing user-provided data with their adtech vendors brings economic value which will increase the motivation to implement such practices across vendors. Advertisers that made use of user-provided data for their campaign targeting, have increased their conversions by 10%, as TRKKN reports here.
Regardless of the favourable economics of user-provided data in advertising contexts, using it to enhance the cookie-based adtech user graphs leads to nothing less than a tectonic shift in what is the foundation of user identities online. This means we have to address the privacy aspects of it before diving head first into its implementation.
The privacy part
The single biggest difference between cookies and user-provided data is the users’ inability to detach themselves from the identifier without consequence. Users can delete cookies. Cookies expire automatically or become useless when users change their device. Cookies can be blocked if need be. However, users practically cannot separate from their email address. It is the most sticky, most deterministic identifier that exists. This demands extra care for the users’ desire for privacy before repurposing the data they provide for advertising. Specifically, this demands transparency and consent.
For users to make an informed consent choice, they require transparency about the processing. For this transparency to successfully reach and educate the user, it needs to be presented in the right context. It will not contribute to the transparency much, when information about the use of user-provided data is buried under dozens of other consents for cookies that website owners collect from their users on first sight. Instead it means providing the information about the processing in the context in which the user provides their data. For example, as an info box next to the field into which the user types their email address. Based on this information the users can grant their consent to allow for this additional use of their data.
The flipside of granting consent is withdrawing consent. Since there is no natural way in which an email address expires, it is important that advertisers implement sensible, aggressively short retention periods for user-provided data. Finally, users need to be given the opportunity to withdraw their consent at any time. Here, consent management tools fill the gap and provide features that are specifically dedicated to the handling of user-provided data, such as the upcoming Usercentrics Audience Unlocker, available here. Usercentrics Audience Unlocker provides the user with a friendly interface to view and manage consent decisions specifically for user-provided data in a self-serve mode.Such features provides the need for transparency and user control when advertisers decide to enhance their targeting data with data provided by their users. Some users will appreciate the option to be retargeted with the newest generation of a product based on data they provide to advertisers. Others won’t. Either way, the users should remain in control.