Linked audiences
Linked audiences relate to strategies where publisher and advertiser audiences can be directly linked using an identifier at a 1:1 level
Learn morePosted on: Wednesday 17 May 2023
We’ve worked with law firm Bird & Bird to create a checklist of questions advertisers and agencies should ask prospective vendors when it comes to selecting cookieless technology
Due to the nature of certain cookieless technology, there is a risk that insights from campaign analytics and tracking will become less specific.
As such, when adopting a cookieless approach to online advertising and tracking, it will be key to consider the following when understanding and assessing risk:
As part of assessing the type of cookieless technology being deployed, and the roles of the parties, you may wish to consider asking the following questions of the vendor.
Be aware of approaches that seem intended to circumvent either regulatory or commercial rules through technological “tricks”. Any benefit from these types of solutions will likely be short-lived, and they come with a significant associated risk that regulators and/or commercial entities responsible for enforcing the respective rules on cookies and the use of identifiers will view the use of these approaches as attempting to deliberately take a non-compliant approach, with associated consequences.
1. What data does the vendor collect from users, both directly and indirectly? And how is this data collected?
2. What on-device technologies are being used by the vendor/publisher?
These questions are important as establishing responses can help to identify technologies which may be marketed as “cookieless” but that actually make use of technologies that, although not strictly third-party cookies, are subject to the same regulatory requirements for consent (by accessing and/or storing information on the user’s device), and equally will not be able to compliantly operate in the new commercial environment of ATT and Privacy Sandbox.
3. What data is exchanged between the advertiser and the vendor/publisher?
In order to establish your role with respect to any personal data exchanged between the demand-side and the relevant vendor/publisher, it is important to identify exactly what data is exchanged between the parties. This will enable an assessment to be undertaken as to the party determining the means and purposes for processing, and hence identifying the data controller(s).
4. Can the advertiser link and/or match audiences directly with vendor/publisher audiences?
5. Can the advertiser directly address single identities?
6. Will the vendor/publisher directly connect identifiers to establish a match between vendor/publisher and advertiser platforms?
All of these questions help to classify the technology based on the categories discussed above.
Remember, if a technology:
You can find out more about each of these technologies via IAB UK here. Understanding the answer to the questions above will help to identify and manage the compliance risk associated with the use of this technology, including understanding your role with regard to any processed data and the controller(s) of the relevant data, and your associated transparency obligations that you may need to reflect within your privacy policy or similar.
7. If so, which identifiers and under which framework (UID2, User-enabled ID tokens etc.)?
Understanding whether an industry-standard framework is being deployed by the relevant cookieless solution is important as it can inform your risk view. You may wish to consider undertaking general assessments of the key identifier frameworks (such as UID2) – subsequent reviews of technologies under those frameworks can then cross-reference to the general risk positions previously identified.
8. What lawful basis (consent or legitimate interests) is the vendor/publisher relying on for processing personal data? If consent, who is responsible for obtaining this consent?
This is important to establish, as it can impact the obligations of each party with regard to their compliance obligations, in particular when considering the responsibilities of each party with regard to establishing lawful basis for processing.
With third-party identifiers becoming increasingly obsolete, what options do advertisers have when it comes to targeting and measuring their online audiences? We explore what’s happened to date and guide you through the strategies available.
Topics
Linked audiences relate to strategies where publisher and advertiser audiences can be directly linked using an identifier at a 1:1 level
Learn moreUnlinked audiences relate to targeting strategies where there is no ability to directly link a publisher's audience to the advertiser’s audience. In this...
Learn moreFind out more about environments where a browser or operating system links a publisher and advertiser data
Learn moreThe Competition & Markets Authority (CMA) has shared Google’s latest quarterly report, updating on its compliance with binding commitments made in...
Learn moreDiscover why digital advertising is effective for reaching your customers and building brands.