The Evolving World of Tracking Media - Mark Green, founder and CEO of MediaBrain mulls the issues of the day
Tracking digital media consumption is an evolving science. As aspects like cookies crumble, other tools like pixels are being increasingly leaned upon. What remains to be seen is how far the governments of the world plan to go in restricting companies' abilities to collect and analyze personally identifiable information.
Before jumping into opinions, let's spell out what today’s primary collection methods are.
A pixel is a line of code that you embed in your digital content. It is used to record each time that content is exposed. The line of code collects some data in the moment of the exposure and sends it to a listening service. The pixel’s code prescribes what to collect and where to send it, typically collecting the type of device, type of app or browser, IP address, operating system, screen resolution, and date-time of the exposure.
Making sense of pixels requires data partners with device graphs and consumer data platforms, to tell you who owns the device and what else is happening around the time of the exposure and after.
Pixels can tell you what is happening with your content in digital media. They do not tell what is happening with other people’s content. So you can know about your ad but not the publisher content or journey to your ad, and of course, you are blind to what your competitors are doing. Third party measurement services can fill in some of these gaps.
While linear TV is now mostly digital, linear distribution generally does not support pixels. On the other hand, most on-demand viewing is being rendered through separate streaming apps which do support pixels. As linear distribution transforms its tuning to apps, we expect pixels to become the predominant way to measure your content exposures for all TV. We expect third party ACR measurement services to provide the full view of all exposures across all TV content.
While pixels collect information page-by-page, cookies collect across pages. They are downloaded to and stored on your browser so they can track the browser activity across pages.
1st party cookies only track users of the website from which the cookie comes. The user’s benefit is that 1st party cookies remember them, so they do not need to login again. The publisher's benefit is that they get to see everything each user does on their site, across all visits until the cookies are deleted or expire.
3rd party cookies track everywhere you go on the browser. 3rd parties never announce that they are different from 1st parties. Sometimes 3rd parties like 1st parties ask for permission in the small print of a “terms” agreement that is almost never read. Often, 3rd parties do not even ask that much.
Cookies are the primary method used by publishers to track digital activity on websites. For tracking activity not through browsers, such as apps on your phone, tracking is built into the device’s operating system, the two big players being Apple’s iOS and Google’s Android. The tracking information from cookies and these operating systems are equivalent and sometimes lumped together.
Before consumer privacy became a thing, the tech and marketing tech companies were all about collecting and connecting this data to use and sell it. The trick was figuring out how to connect the data to know who was using a given device and in what context: where, when, and for what purpose.
The exercise of connecting data is called graphing. Certain pieces of data are the same across measurements, such as device ID, Cookie ID, IP address, GPS, and street address, and these are used to group the information. As an example, all the information from one phone (device ID) probably uses one IP address more than any other at the home address of the device’s primary user. Mapping IP addresses to street addresses with additional information like preponderance of GPS data points, let’s devices be grouped by IP addresses and Home addresses and Cookie IDs via IP addresses. While there is some educated guesswork at the start, with enough information knowing who owns and uses what becomes close to a sure thing. The graph is the backbone to connecting everything else, like your shopping habits, financial transactions, vacations, etc. When you carry a tracking device like your phone everywhere you go, tracking you becomes easy. This is what being “on the grid” means.
Most people are unaware of the “grid”, that they are “on the grid”, and how many companies have access to this information.
A few people made it their mission to raise awareness and that led Europe to pass a law (the General Data Protection Regulation) saying people have to give their permission to be tracked by a company for each case. Interpreting what this means is now being decided in the agencies and courts that implement and adjudicate laws. Europe is in the middle of this. Meanwhile California with a similar law (the California Consumer Privacy Act) is just starting to go through this process of implementation and adjudication.
The Privacy War
In concert with the European and California governments, Apple has recently championed privacy by requiring cookies to be opted in on their Safari browser and tracking to be opted in on all iOS devices. Google is taking similar actions on cookies with their Chrome browser, but has yet to follow with tracking opt-ins on Android devices.
Various companies have been preparing for a cookie-less world by leaning towards pixels and building graphs that work without Cookies. For publishers who track their own content, this is straightforward. For 3rd party trackers, this means getting cooperation from publishers and sampling activity through opt-in panels to cover the rest. For bidding exchanges, this means publishers selling their unique and duplicate impressions from within their sites without knowledge of how they duplicate with other sites. While buyers use frequency caps, they really have no information on frequency across sites until their ad exposure pixels come back and are mapped to their internal graphs, that they rent from data partners, tell them. Unlike exchanges, DSPs do have lists of notional people from graphing devices, cookies, emails, IPs, and physical addresses together, and they leverage these lists to buy reach through direct deals and bidding on exchanges.
Leveraging their respective sign-in and inventory sales partnerships, Facebook and Google track many publishers (both websites and apps) and provide bidding with frequency caps across many publishers, guaranteeing greater reach. The capability to track across sites is the strategic advantage that Facebook is starting to lose with Apple’s moves and new opt-in rules from GDPR and CCPA. While Google faces similar challenges, they retain control of tracking through their Android and Chrome distribution systems.
While publishers can continue to track consumption of their own content and collect personally identifiable information, such as IP addresses, from users with permission, there are strict rules about sharing that information with data partners, exchanges and advertisers. The informed consent of the user is required to transfer the information to other parties and the data must not be used for any purposes except for those specified at the time of collection. The full impact of how supply side “selling” platforms (SSPs), exchanges, and demand side “buying” platforms (DSPs) handle personally identifiable information outside of the European Union and the UK is yet to be determined.
Data handling is evolving fast. Some companies are avoiding personally identifiable information by generalizing their data to aggregations so individuals cannot be identified. A simple way to become GDPR compliant is to link consumer information at the post code level. Other companies are specializing in handling personally identifiable information for companies that have permission to use it.
How CCPA is interpreted and enforced will likely be similar: though nothing is definite, as activists and companies battle each other in this privacy war.
Most likely: people will be fine with being measured but not targeted, and enforcers consequently treat these as different use cases. The winners will be the measurers, who track activity but do not need to share personally identifiable information in selling their measurements. The losers will be the targeters and re-targeters of individuals and narrow cohorts, where personally identifiable information is necessary to frame the cohort.
The ability to measure will be controlled by those who either own the content or own the distribution systems.
Facebook will be the most challenged, as they gradually get cut off from their 3rd party sign-in data. Google will find that their targeting will need to be more generalized, but will still have the advantage of controlling and tapping into Android / Chrome tracking data beyond their content tracking.
Amazon sits in a differentiated position, being a retailer with explicit permission to collect consumer information in relation to both purchases and reviews. So advertisers do not need to share personally identifiable information to buy advertising space that targets specific buyers. Amazon’s marketplace size makes this valuable to advertisers.
Beyond marketing through retailers, advertisers will need to relearn the value of cohorts that are not simply lists of people or addresses.
Everyone will return their attention to reach. For digital media, it will be the beginning of really taking reach seriously.