(Originally published in iMediaConnection, December 2010) by Eric Picard
When the concept of cookies was introduced into web browsers, the idea was simple and designed to allow for some permanence in the relationship between a person and a website beyond a single session. Cookies would allow someone to visit a site, return to the site, and have his or her user ID already populated into the browser. It also would allow the website itself to create a persistent relationship with a person who visits the site across multiple visits.
These browser cookies were left fairly open and flexible, and were not just limited to the sites that people were visiting. They enabled broad collection of browsing information by any entity that had rights to place images or content onto any site, even from different domains than the person was visiting. This broad capability is what enabled the creation of third-party tracking as a business. And it is extremely useful to companies that market online to consumers. Various ad serving companies enabled this capability (anonymizing the person’s browser such that no personally identifiable information would be passed to the advertiser, just a unique number representing the person) for advertisers, which then were able to understand broad consumer behavior in new ways. And the anonymous nature of these cookies made everyone involved feel justified and comfortable using the technology in this extended way.
More recently, the online advertising industry has gone through a series of revolutions that are fundamentally changing the way these tracking cookies operate. This change has the potential to radically improve the utility of advertising to companies that market online due to the advent of advertising exchanges like the Google-owned DoubleClick ad exchange, the Yahoo-owned Right Media exchange, or the AppNexus exchange, which recently closed $50 million in funding from various sources including Microsoft.
An entire ecosystem of companies has grown up around these exchanges. On the side of publishers, there are the supply-side platforms (SSPs) like Pubmatic, Rubicon, AdMeld, and others. On the side of the advertisers and agencies, there are the demand-side platforms (DSPs) such as Invite Media (owned by Google), MediaMath, Turn, DataXu, Triggit, and others. And all of these providers look for as much data as possible to be injected into the ad impression stream so that an appropriate valuation of the impression can be made. The publishers and SSPs push some data into the chain from what they’ve collected. The advertisers come to the table with what they’ve collected. And the exchanges enable third-party data companies to inject data as well. At the end of the day, the battle has become about who has the best data that nobody else has in order for someone to get an edge and either make more or pay less money than competitors. This space is loosely referred to as the “real-time bidding” space, even though RTB is only part of the story and not always used.
Let’s investigate how the ecosystem for data companies works today, and let’s really ask ourselves if there is an issue here. Over the past few years, third-party data companies like AudienceScience, Tacoda (bought by AOL), BlueKai, eXelate, Bizo, and others have found that they can create business arrangements with various websites to enable tracking of behavior, which can then be sold to one of the companies in the RTB space. A good example of this kind of relationship would be a travel website that enables a data company to cookie any user that is searching for travel arrangements and collect the dates and destinations of those travel plans. Or an automotive website that lets a data company track which models of car a person is shopping for. Once the data is available to advertisers and ad agencies, either through a publisher, an SSP, an exchange, or a DSP, the advertiser can bid on impressions specifically based on the audience characteristics suggested by their browsing behavior.
All of these companies go to varying lengths to ensure that no personally identifiable information is exposed when they trade this information over, and nothing I’ve said above sounds overly concerning — especially when you think about the messaging that this is anonymous. And some companies in this space have gone to great lengths to ensure that there is at least a potential consumer upside. BlueKai comes to mind immediately with its BlueKai registry, which enables consumers to see what data are collected about them, edit their profile, and then select a charity to which a portion of the proceeds from their tracking can be assigned.
Very few people outside our industry are aware of all the “cookie matching” that goes on. This process essentially lets two different data providers compare cookies and match the intersection of the audience members between those cookies. This is typically done through a third-party service like Acxiom or Experian, which don’t allow the two parties to match the users in such a way that they can accidentally match personally identifiable information to a profile. A scenario would be an advertiser that has a list of cookies of its customers, which could compare those cookies to a data provider’s list of cookies that show their customers’ other profile attributes from surfing across various websites. Then the advertiser can bid differently on its own customers when it sees them. Given that the cost of acquiring a customer is far higher than retaining a customer, this is good business in many ways. But is it good in general?
It does beg the question about whether you should have to go and opt-out of this in the first place. I’ve had dozens of conversations with people about this, and not one of them was happy about being tracked this way. Some were resigned and disappointed, some were creeped out, and others were downright angry. When people start saying things like, “What gives them the right?” I get a bit concerned that legislation can’t be too far behind.