On the path towards a post-cookie digital ads ecosystem there is general agreement that 1-party data based approaches will be a key building block within the portfolio of options in the future, given that technical limitations and also more stringent viewpoints about regulatory enforcement are coming into play. With respect to data, the ecosystem is evolving/must evolve from a largely 3rd party data driven approach (be it simply cookies for campaign control) to a 1st and 2nd party data driven setup.
This is true in general, not only in terms of data driven campaigns/audiences but also in relation to contextual or other targeting options. Publishers, for example, view contextual information/interests of users derived from their sites as 1 party information and will also need to enable campaign controls via information collected on their sites.
Digital services both on the buy and the sell side are investing into extending their first party audiences and data to enable new means of audience addressability by investing into building more durable deterministic user-relations for high quality campaigns which is challenging, but besides that the general mechanics w.r.t data and legal responsibilities are shifting.
In the past/current system, mainly relying on cookies or other technical identifiers, publishers and advertisers simply speaking allow 3rd parties to collect information in their sites and help to establish the necessary legal basis for that. Consent Frameworks are largely centered around this very setup (details on legal topics are not in scope for this document).
Switching to a 1st/2nd party driven ecosystem digital services see themselves shifting into a situation where they need to provide data (as a controller that did collect data in his own user relation) to enable data driven campaigns and thus must focus much more on establishing legal ground (consent) for themselves at first within the context of the processing that takes place downstream.
With that said the problem arises how, by whom, when and where this data is/may be processed, provided and retained - specifically when it comes to enabling transparency for users, as well as the ability to abide by them executing their legal rights on information requests in regard to their data, as well as requests to purge data/withdrawal of consent.
The current programmatic or more general data driven campaign mechanics are not fit for purpose for this scenario (1p data) as they do not address how to avoid leakage, how to give 1st parties a structured means to technically or contractual control of 1p data use and of course how to deal with deletion and transparency requests.
The aim of this document is to identify a technical setup, control options and if needed topics which need a contractual foundation (and between which parties) to address the above mentioned general challenges.
NOTE: This document is focused on publishers' perspectives for now, factoring in expected functionality/needs/demands from buy side clients
NOTE: This document is mainly driven by European companies being covered by the GDPR, so main focus is GDPR centered
This document is about enabling business choice/control of data flows in the context of a 1st/2nd party driven ecosystem and not a framework for user choice / privacy signaling. The approach described here can certainly and hopefully will inform current and future frameworks for user choices, make them more transparent and enable business to more easily abide by their legal requirements.
- Achim Schlosser
- Alwin Viereck
- Andreas Sierts
- Christopher Reher
- Christine Blaes
- Hannah Althauser
- Jochen Schlosser
- Robert Blanck
- Thomas Mendrina
- Tom Peruzzi
- Elena Turtureanu