There’s a lot advertisers don’t know about how cookies, the backbone of programmatic advertising, work. One of them being the way they are obtained. It turns out to be quite sneaky on occasion. According to a recent audit, many of the cookies used to target audiences to the 1,000 largest publishers in Europe are used without the consent of the person who would see the ad – a problem as this should not have happened since a sweeping privacy law arrived four years ago.
To be clear, this is by no means a new problem. Privacy experts sounded the alarm when this privacy law (the General Data Protection Regulation) came into force across Europe. At the time, traders were worried, but not alarmed. After all, the publishers assured them that they would not be obtaining the consent of Europeans without their consent. Now they are alarmed. They don’t know how strong these assurances really are – and more importantly, if they ever can be.
Spot the marketers who are trying to figure out what all of this means to them. They want to know if the audience targeting they perform on publisher sites uses non-compliant cookies, and if so, what their prevalence is in the media they buy. For a global CPG company, these checks will begin within the next few weeks.
“We are targeting either January or February to conduct an audit similar to the one commissioned by Ebiquity,” said the advertiser’s media director, who spoke to Digiday on condition of anonymity due to the sensitive nature of the matter. “If the audit confirms what has already been reported, then we need to think about moving our dollars so that we are no longer exposed to these types of violations. “
Opinions like this raise the question of how much advertisers really stand to lose if they scale back or withdraw their programmatic advertising. Targeting the audience that shows where those dollars are going is essentially a game of probability. Making it work means grabbing ad impressions from hundreds of thousands of websites sent by as many supply-side platforms as deemed necessary. Like everything else in the media, however, there are tradeoffs with this way of advertising. If advertisers have to constantly launch and recast a larger network over tens of thousands to millions of websites to find cookie-based user IDs, there’s a good chance they’ll end up buying tons as well. lower quality inventories during the process.
“It’s a balance for marketers between the reach and respect for consumer data by the publishers they buy from,” said Brian Kane, chief operating officer of Sourcepoint, a company that helps businesses get started. measure the privacy experience of sites. “Some of the world’s largest companies are increasingly realizing that they play a role in the quality of the media ecosystem, so they want to make sure that they do so with a level of assurance that consumers are. respected. “
Add to that list the marketing manager of another global CPG advertiser, who also agreed to speak to Digiday only on condition of anonymity. In fact, they’ve threatened to shut down programmatic advertising altogether if publishers can’t fix the problem. Even if that means pouring more of their money into walled gardens where they have a limited view of what that money actually buys them. This is an option which, at least for this trader, is the least bad. It is also the extreme option, especially if the problem plagues large swathes of the media.
Threatening to stop programmatic spending isn’t a reality for many advertisers, at least not in general. In a world where digital ad spend keeps growing faster than expected and advertisers obsessed with the unproven appeal of audience targeting, the money has to go somewhere. What’s more likely to happen, especially when it comes to ad trackers collecting data from people without their consent on larger sites, is that it leads to behind-the-scenes conversations. In other words, advertisers talk to publishers about what they can do to fix these issues and ultimately get more money for the media.
“The way the program works means that advertisers can’t activate any activity unless a cookie consent chain is in place, so we’re protected to some extent when it comes to whether we are doing the right thing, ”said the marketing manager. “The real issue here is the trust of publishers and the perception that cookies are placed on sites before publishers have obtained their readers’ consent to do so.”
Publishers are at an impasse here. Some marketers believe they view the cookie tracking consent request as an afterthought – something they beg your pardon for not doing, not asking permission to do. Of course, there are publishers who have probably taken this position given the money they have to make. But there are plenty of others who don’t. The problem, however, is that no matter what the publisher’s intention, they don’t always have full control of the cookies on their site. So even if they wanted to make sure that all readers had given their consent to be tracked by the cookies, there are times when that wouldn’t be possible. When a cookie is loaded on a page, it calls a server to then record that the cookie has been served. Sometimes this cookie not only calls the server, it calls other cookies. Essentially, one main cookie could then call on hundreds of other cookies, which becomes difficult for publishers trying to keep track of what is happening on their site.
Why? Mainly because ad tech companies have a higher priority economic incentive, said Tom Triscari, an economist at consultancy Lemonade Projects. They must constantly increase the volume of impressions in every way possible to reduce marginal cost and become more price competitive with Google’s own programmatic marketplace. At the same time, advertisers are putting downward pressure on their fees and commissions through sourcing, putting more pressure on ad technology providers to find other ways to generate revenue. profits.
“It’s the name of the game,” Triscari said. “Keep advancing the belief system targeting audiences 24/7, 365 days a year. When everyone in the sell-side supply chain has a profitable cover in perpetual motion, everyone seems to be working together to keep the ball in the air for as long as possible. Why would anyone expect anything different? “
In some ways, this is a problem of the advertisers’ own making – a problem that is being highlighted. Indeed, Ebiquity’s research is neither the first nor the last of its kind. In fact, Adalytics released a similar report just last month. Like Ebiquity, he found that ad technology vendors are still tracking people across the European Union who haven’t given their permission to do so. This has raised new doubts about the IAB’s so-called transparency and consent framework, which is already in hot water with privacy regulators. The problem is, the TCF is a standardized way for ad technology providers to see if a user has given consent for their data to be shared through cookies. Last November, however, the professional body practically said it didn’t always work as expected. He said he expected the framework to be found in violation of GDPR. It comes after Belgium’s privacy watchdog found that the framework did not comply with GDPR transparency guidelines and processed sensitive data such as political affiliation and sexual orientation without consent. explicit. While the IAB maintains that these loopholes can be closed, the growing body of evidence suggests it will be anything but simple.
“The TCF is inherently flawed and non-compliant,” said Ruben Schreurs, group product manager at Ebiquity. “It’s time to wake up and smell the coffee; take responsibility for protecting the rights of people in a deeply troubled ecosystem.
As overwhelming as the growing evidence of wrongdoing is, marketers are inclined to take everything with a pinch of salt – hence the rush to conduct their own audits. The reason: most often, the data is reported by consent management platforms such as the one commissioned by Ebiquity to do its own analysis. To understand why this is such a big deal, it’s important to understand what CMPs do. Simply put, it is the technical infrastructure that a business uses to collect and store the data that customers have consented to be used and for what. However, not all CMPs are wired the same. Some CMPs may prevent certain scripts from being triggered based on user input. Others are just signal smugglers and don’t stop scripts from firing. The first could theoretically benefit from exhibiting the second. And based on the Ebiquity report, it appears that many CMP installations are grossly misconfigured. Naturally, marketers seem inclined to be trusted, but verify the data that appears.