The world of digital advertising is experiencing not one but two shakeups. Two key players in the advertising technology space — Apple and Google — are changing how they approach privacy in digital advertising. It could remake the entire industry.

What is happening? 

Apple and Google are reconfiguring the adtech landscape with the advent of Apple's App Tracking Transparency requirements and Google's phasing out support of third-party cookies.

Apple

On April 26, 2021, Apple began requiring applications to ask permission to track users with the latest iOS 14.5 update. The mechanism by which apps may request permission is called the App Tracking Transparency framework. Apps that both collect user data and "[share] it with other companies" to track users "across apps and websites" will need to begin following the ATT framework.

The ATT framework requires apps to "request the user's permission to track them or to access their device's advertising identifier." On Apple's website, an example shows a popup box on a phone that gives two options to a user: Allow the app to track, or "ask app not to track." If the user does not provide consent to track, the app will not be able to view the device's unique advertising identifier and will not be able to track the user using the device's IDFA.

An Apple device comes with a unique IDFA that allows marketers to target ads better. While the IDFA can be reset in a device's settings, the new iOS 14.5 gives "users the choice to block the IDFA identifier at the app level."

Apple defines "tracking" both as sharing user or device data with data brokers and as linking user or device data with data collected by third-party "apps, websites, or offline properties for targeted advertising or advertising measurement purposes." With Apple's ATT framework, the company is pushing the adtech industry from an opt-out model to an opt-in model. Among many other implications, this means consumers are about to get many more notifications than they did before and face many more decision points about how their data is handled. Apps, meanwhile, will likely find it harder to gain consumers' "consent" than under the opt-out model of the past, given individuals' status quo bias.

Google

Google announced it would be phasing out Google Chrome's ability to support third-party cookies. First-party cookies will remain intact. The phase-out of third-party cookies will occur within two years. Google has no plans to replace cookies with another user-level identifier. Cookies had already been crumbling. Both the Firefox and Safari browsers have mechanisms to block third-party cookies and cross-site tracking.

In 2019, Google rolled out the Privacy Sandbox to collaborate with the wider industry to build the system that would take the cookie's place. Google has stated their "web products will be powered by privacy-preserving (application programming interfaces,) which prevent individual tracking."

Why is this happening? 

The general alignment between Google's and Apple's approaches and the synched timing is no accident. Both Apple and Google have issued statements that these changes are driven by consumer demands for privacy and control over their personal information. Google's David Tempkin went even further, suggesting the internet itself was at stake, "If digital advertising doesn't evolve to address the growing concerns people have about their privacy and how their personal identity is being used, we risk the future of the free and open web."

That is certainly a part of the picture.

In the last year, consumer awareness of privacy surged. It is hard to pinpoint the cause. There have been more than enough drivers — COVID-19 contact tracing and vaccine passport discussions, children's time spent in Zoom classrooms, employees' endless virtual meetings and online engagement, privacy initiatives on the ballot, and increased surveillance of our bodies, homes and public spaces via smartphone location tracking, wearable health monitors, smart home appliances, body cameras or closed-circuit TV. Privacy marketing and industry But, consumer demand is far from the only motivator. Apple and Google have both pointed to new legislative EU regulators' guidance stemming from the EU General Data Protection Regulation and ePrivacy Directive ushered in new approaches to cookie banners requiring specific, unambiguous and freely given consent. Cookie notice banners were in, then they were out. Cookie walls became a problem; toggles replaced them. 

The California Privacy Rights Act included cookies in the definition of personal information and raised the possibility that CCPA Regulations mandated business compliance with user-enabled global privacy controls to send such opt-out signals, and California Attorney General Becerra lauded browser-based opt-out tools as an innovative way to send this global signal. The sharing of their personal information for cross-context behavioral advertising. The EU's

Some critics of Apple's and Google's moves have suggested their actions are driven more by self-interest and a desire to gain greater control of the advertising ecosystem. The move away from cookies could force smaller companies with less first-party data into increased reliance on larger platforms and market operators. Still, it is hard to believe that either Apple or Google would make such moves with the aim of increasing their market share at a time when antitrust regulators and the public are scrutinizing their market dominance.

Current response

Apple

Industry is responding to the ATT framework by working to adhere to the framework itself. This requires a lot of work from app developers; for example, if a user selects "Ask App Not To Track" when prompted, the app actually has to be able to not track the user. 

Additionally, to adhere to the ATT framework, apps have to write a short usage-description statement that explains why the company or developer wants to track the user. This explanation sits above the two options to track or not track and appears when a user goes to use the app. Some of these usage-description statements may employ reject apps that use a custom messaging screen pre-opt-in-or-out that "takes advantage of … behaviors to influence choices." Apps that tell users to "select allow when prompted" will be rejected, as will apps that use arrows to direct users to "select allow." 

With the new changes, publishers may need to brace for low opt-in rates. Low opt-in rates could "make advertising less effective" since the ads pushed to an individual consumer would not be personalized based on their behavior. Measurement and evaluation of digital advertising campaigns are expected to be "much less granular and precise" without large amounts of tracking. With a smaller number of people expected to opt-in to tracking, targeted advertising will change, with smaller companies expected to take more of a hit without robust first-party datasets.

Broader implications remain to be seen. There are two big questions at this stage: whether a significant number of apps will be rejected or kicked off the app store for not adhering to the ATT framework and how the industry will shift longer-term to fill any voids resulting from individual response to the framework.

Google 

Google has already begun introducing their proposed alternative to cookies: Federated Learning of Cohorts. FLoC will work by distilling a user's browser activity that would have been tracked using third-party cookies and anonymously slotting that user into a cohort with similar browsing activity. Instead of being targeted as someone who has looked at recipes online with the use of third-party cookies, an advertiser could advertise recipes toward a cohort Google has determined are individuals who seem to all enjoy recipes. So far, millions of Chrome users have been added to a FLoC trial. 

However, FLoC has not been universally welcomed as an alternative to third-party cookies. Many organizations do not like FLoC. A WordPress proposal would treat FLoC like a "security concern," which would effectively block FLoC from the 41% of the web that uses WordPress. Other browsers have been either lukewarm on supporting FLoC or have outright said they will not support it. 

Another alternative is the Unified ID 2.0. UID 2.0 will work by using "consumers' anonymized email addresses … gathered from a user logging into a website or app." The anonymized email will be a "UID 2.0" made up of a "regularly" regenerating identifier of numbers and letters that will inform targeted advertising to that user. The UID 2.0 preserves privacy because it cannot be reverse-engineered back to the email address, and there is "no central storage of the mapping of UID 2.0's to emails." Consumers will be able to change their preferences. Dozens of industry members have signaled support for UID 2.0. Beyond Google's FLoC and UID 2.0, there are Verizon Media and Nielsen have third-party cookie alternatives. Clickagy has introduced 

Going forward

Google and Apple are shaking up the targeted advertising landscape through the ATT framework and the phase-out of the third-party cookies. How the industry will be truly impacted is yet to be seen. The IAPP will follow developments closely. 

Photo by Nicholas Santoianni on Unsplash