A closer look at third-party cookie matching
Posted on Wednesday 07 September 2022 | Valbona Gjini - Marketing Director, ID5 Technology Ltd
How sustainable is cookie matching in today’s privacy-first, user-centric, crowded digital advertising industry?
Cookie matching has been, in the past 10 years, the method used by the industry to enable the sharing of user-level information in the advertising value chain. However, it’s no longer sustainable in today’s privacy-first, user-centric, crowded digital advertising industry and, after Google’s recent announcement, we can definitely say that cookie matching is soon to become obsolete. But how did we get to this point?
With the fast expansion of the internet, digital advertising investments have grown rapidly, and with them the number of ad tech vendors helping publishers to monetise their inventory and dropping cookies on their pages. Today publishers’ websites are overpopulated with dozens of advertising and tracking pixels. Multiple cookie synchronisations take place every time a user lands on a website or moves from one page to another.
Cookie matching creates a number of issues that have become hard to ignore. A recent study, commissioned by ID5 and conducted by RedBud, analysed a subset of 20,000 scans of 68 top news and magazine website in the UK, Germany and France in order to assess the scale of the problem.
“The biggest privacy vulnerabilities we see across our clients’ websites stem from cookie syncing pixels and other third parties triggered via redirects,” says Chloe Grutchfield, Co-founder at RedBud. Redbud found that 81% of the 68 websites scanned had vendors identified as potentially representing privacy risks for various reasons. Some of those vendors have servers in countries that don't provide the same level of data protection as those in the EEA. Others have privacy policies that reference the 1998 Data Protection Act principles rather than the GDPR principles.
The issues highlighted by the study are not limited to privacy compliance: cookie syncing redirects, as well as third party tags embedded in creatives, can cause data leakage. RedBud identified 26 different companies involved in the monetisation of behavioural data across the websites scanned. Some of those vendors have no direct relationship with the publishers. “Non-GDPR compliant vendors, sometimes 3-4 steps removed from the actual publisher, are dropping cookies on EU users, whilst providing no value or demand to those same publishers,” added Chloe Grutchfield.
Third-party redirects have an impact on page and ad performance too. The average combined loading time of third-party redirects is 19 seconds, which creates latency before ads are displayed and the web page becomes fully interactive.
“Identifying users is mandatory for digital advertising to work, so it is a key concern for publishers. Until now, publishers have had to deploy imperfect solutions to do that, relying on platforms matching cookies with each other, which has many negative side effects as the Redbud study clearly illustrates”, said ID5’s CEO, Mathieu Roche.
Today there are several initiatives providing shared identity solutions that are more efficient, privacy-compliant and effective even in environments where third party cookies are blocked. The need for such solutions is likely to grow in the next couple of years, whilst the industry prepares for a third-party cookie-less world.
Until a few days ago the creation and adoption of a standardised way of identifying users was considered a positive development for the industry but it wasn’t a priority for many businesses. Today it’s a must.
“The Google Chrome team’s announcement and the upcoming privacy regulations give publishers the opportunity to come out stronger from the transition away from third-party cookies. Media owners should lead the redesign of the system and improve identification capabilities to maintain a healthy ad-supported business model” concludes Roche.