Privacy Protecting

Monetising data from individuals

Customer data, both anonymous and Personally Identifiable Information (PII), has been collected for some time.

For example, many businesses invested in Data Management Platforms (DMPs) that collected and segmented the data for their businesses. DMPs utilised third-party cookies to capture individuals' information, allowing advertisers to better target and retarget individuals across the internet.

Vendors of DMP platforms (and other similar products) benefited from the sale of data services, and businesses benefited from improved audience reach and targeting.

However, improved targeting has fed growing privacy concerns, many individuals did not feel that they had consented to the capture and use of this data, and had little to no control over this process. Much of the time, the individual’s data was collected without them being aware and for no legitimate benefit to them.

To help combat this, vendors of browsers (and other platforms) implemented controls to help prevent the sharing of such information.

Third-party cookies and App tracking transparency

Browser and operating system vendors moved to protect individuals' data. Apple made the first move, blocking third-party cookies on Safari and Firefox, immediately impacting a business' ability to 'see' and activate this traffic. Google will follow, with removal of third-party cookies in Chrome slated for 2024. In addition, in 2021, App Tracking Transparency (ATT) was implemented by Apple, with the aim of protecting individuals from having their devices tracked without consent.

The impact has been felt by businesses - with audience reach, segmentation, personalisation and conversion tracking all being significantly impacted. This reduction is material, ~60% mobile and ~25% desktop.

Privacy initiatives and removal of third-party cookies have created an unequal playing field. Control has been taken away from businesses, their revenue has been impacted, and they have been forced to seek other, less safe methods of tracking and sharing data. There are no alternatives at present.

First-party data strategy

Many businesses have moved to the management of first-party data, captured, and activated using their own Customer Data Platforms (CDPs). CDPs are designed to be the central hub of a brand’s first-party data, both known and unknown. The business can then utilise the first-party data within the CDP to create and activate audiences.

CDPs require individuals to authenticate and provide Personally Identifiable Information (PII), and in doing so, increase the risk of a data breach, impacting individuals and businesses alike. Leading CDP vendors mitigate this risk by implementing leading data storage and encryption practices.
‍
Most businesses currently have a low authentication rate. This poses a challenge, as a CDP is driven based on the capture of authenticated user data. To combat this, many businesses implement processes to encourage visitors to authenticate, yet this can be hard to do without impacting user experience.

Some businesses look to reduce the need for authentication by capturing data on an unauthenticated individual linked to a digital fingerprint. Fingerprinting generates consistent identifiers based on browser and session attributes, and may include Personally Identifiable Information.

Fingerprinting is also probabilistic in nature, so it is possible for matching errors to occur. Also, it is rare for individuals to know that they are being identified and tracked, and it is unlikely that they have the ability to specifically consent or opt-out of the fingerprinting process. Even if individuals opt-out, the fingerprint is persistent, they can still have their data linked to this identifier in the future. For these reasons, fingerprinting is generally frowned upon.

Sharing first-party data

To increase audiences and marketing effectiveness, some brands have entered data sharing arrangements, leveraging data sharing, and matching technologies (e.g. Data clean rooms). These systems increase the risk to privacy by utilising hashing of your PII data and other inferior mechanisms for protecting and sharing data. These methods of matching utilising hashed PII typically return a low match rate, and in turn reduce the effectiveness of marketing activities.  

The use of PII also increases the risks associated with a potential data breach, exposing businesses to severe financial penalties and reputational damage. In many cases, the sharing of PII is not justified, as the personalisation of website content and advertising can be achieved without sharing PII.