Browser / Operating System-Linked audiences

What are browser/operating system-linked audiences? 

These audiences are delivered via solutions that allow advertisers to target and measure audiences on a 1:many level within the confines of a contained environment. Rather than identifying users 1:1, they provide access to a group of people who have been grouped and anonymised via Privacy Enhancing Techniques (PETs). A key example in this space is Privacy Sandbox's Topics, while on mobile Apple’s iOS SKAdNetwork is an aggregate linked solution. 

Apple’s App Transparency Framework 

In April 2021, Apple launched the App Tracking Transparency (ATT) framework in its iOS 14.5 update as a proprietary requirement. It requires those offering apps on the App Store to request consent before tracking user activity across other companies' apps and websites.

This change caused significant challenges for advertisers when engaging with consumers within the mobile ecosystem as, without explicit opt-in user consent, advertisers no longer have access to device identifiers on iOS, including the commonly used Identifier for Advertisers (IDFA).

The impact of losing access to these identifiers has been significant across the ecosystem where advertising techniques rely on individual identifiers in order to function; causing challenges with attribution and measurement, as well as common budget management techniques such as frequency capping and ad sequencing.

To address some of these challenges, including attribution, Apple has created certain privacy-friendly approaches that operate within the constraints of ATT. Most notably, this includes SKAdNetwork (SKAN), which is a framework designed to report attribution between ads and app installs without revealing any underlying data regarding an individual. Instead, it provides high-level, aggregated reporting only.

The introduction of ATT has already had a significant impact on advertisers’ ability to reach consumers across iOS. Reports show that there is an average 60-65% opt-out rate among consumers via the ATT prompt, which impacts the ability of apps and mobile platforms to monetise content through the use of targeted advertising. While SKAN has evolved to improve reporting and attribution capabilities, there has been limited success in replicating the targeting capabilities available prior to ATT.

Google’s Privacy Sandbox

In 2019, Google announced its Privacy Sandbox initiative, which seeks to find alternative solutions for advertisers to target and measure campaigns following the deprecation of third-party cookies on the Chrome browser. This was initially established to operate in Chrome, but Google announced in February 2022 that the scheme will be extended to also cover the Android operating system.

The Privacy Sandbox aims to reduce or remove cross-site and cross-app tracking by preventing the identification of individual users, whether based on cookies or other similar techniques (such as device fingerprinting).

To achieve this goal, Google has proposed a number of APIs to replicate the functionality that existing cookie-based targeting and measurement currently provides, but in a more privacy-conscious way.

Here we provide a summary of some of the key advertising API services being developed by Privacy Sandbox, namely: Topics (interest-based targeting), Protected Audiences (remarketing and custom audiences, formerly FLEDGE) and Attribution Reporting (measurement).
 

Topics

The Topics API aims to enable interest-based advertising without relying on third-party cookies or personal identifiers.

The browser will be limited to a pre-defined human-curated list of segments to avoid sensitive data categories. An overview of workflow is as follows:

1. Labelling of content within a website according to the pre-defined segments
2. The browser collects all of the topics associated with the user’s site browsing on their device; on Android the user’s app usage is used to identify the top topics
3. Providing this segment data to an advertiser for targeting purposes without identifying the user

While this approach is more privacy-focused than the use of third-party cookies and will allow advertisers to reach relevant audiences, a noted challenge is that the current taxonomy is limited to 350 topics and so will have less specific targeting capabilities vs cookies.
 

Protected Audiences

The Protected Audiences API allows advertisers to remarket to users or target users based on custom segments and interests. Users are grouped into cohorts based on onsite behavior and all subsequent targeting is done at a cohort level rather than an individual user level. Protected Audiences also includes mechanisms for ensuring user privacy and preventing cross-site tracking, such as only allowing cohorts to be used for a limited time period and limiting the amount of data that can be shared or joined to prevent micro-targeting.

At a high level, the process for targeting using the Protected Audiences API is described as:

1. Users are added to an interest group object in the browser/device by the advertiser or DSP (the interest group owner) based on their criteria
2. On-device bidding by buyers (DSPs or advertisers), based on interest-group metadata
3. On-device ad selection by the seller (SSP or publisher) to determine winning bid

Attribution Reporting

In contrast to the Topics and Protected Audience APIs, which focus on targeting mechanisms, the Attribution Reporting API focuses on recreating ad performance reporting in a post third-party cookie or identifier framework. The API is broadly defined into two complimentary report types that differ in scope and granularity: Event-level reporting and summary reports.

Event-level reporting allows for granular attribution of ad clicks and views with simplified conversion end points. In contrast to existing event level reporting, the Privacy Sandbox event-level reports will introduce ‘noisy’ datasets with a delay to preserve privacy.

Summary reporting provides aggregated user reporting with increased resolution on conversion datasets. While event-level reports at the user level are primarily used for optimisation, anomaly detection and coarse reporting, the summary reports are for more general campaign reporting tasks.

Considerations

The industry’s argument in favour of aggregate linked solutions is that they are more privacy-conscious because they work on a 1:many level rather than identifying people on a 1:1 level. Data will be pseudonymised and grouped so that users can’t be individually identified by advertisers. A potential concern within the industry is that this approach could result in basic targeting - compared to what is currently achievable - that is centred on specific interests.

Summary

• Browser/operating system-linked audiences describe environments where the browser or operating system does the audience linking, as noted above with regard to Privacy Sandbox and SKAN in particular

• This approach relies on the relevant browser or operating system performing user-specific analysis and reporting only the aggregated, non-identifiable result to the advertiser

• This takes various forms, such as on-device machine learning through frameworks such as Privacy Sandbox and Topics API (noted above) to analyse app and web behaviour and create interest-based segments that are presented to advertisers, without any ability to access underlying individual-based identifiers

• As these technologies are on-device by definition, there can be challenges with measurement beyond these siloes. Further, these types of techniques include specific protections to prevent indirect identification of individuals, including preventing the tracking of movement between interest groups or segments, and time-delaying aggregated reporting

• Project Rearc’s support of solutions in this area is its SKAdNetworks List, which maintains a registrar of Advertisers, DSPs and networks that can be utilised by App Publishers for attribution support