It’s open season on advertising techniques that rely too heavily on personal user data.

Tighter data protection regulations and the privacy agendas of the browsers are putting pressure on certain kinds of ad-targeting techniques while others — like contextual targeting — are being rejuvenated.



Google and Apple are instituting data privacy steps that are sending ripples across the advertising ecosystem. Here’s a look at some of the ad-targeting techniques that appear to be on the wane, and others that have already been reined in:

Cross-device tracking

Cross-device tracking, also referred to as device graphs, were hot a few years ago. It was a way to link an individual to all the devices they use, from smartphone to connected TV, to home laptop, work desktop and tablet. Instead of counting each device as the behavior of a different person, a device graph counts them as one, eliminating duplication. Nowadays the method has fallen off the radar for agencies as a direct result of GDPR. The number of cross-device vendors operating across Europe has taken a nosedive, according to some agency executives. Last year, cross-device vendor Drawbridge exited Europe entirely citing GDPR for the core reason it couldn’t scale, and since then it as all but entirely dismantled. No doubt there are some still fighting to survive, many of the smaller vendors have either quietly disappeared or been bought (like Tapad) and absorbed into wider businesses, according to ad executives.



Fingerprinting tech

Granted device fingerprinting has had a recent windfall due to the number of ad tech players deploying it as a workaround to Apple’s anti-tracking blockages. But last week, Google pretty much declared open war on the method, which it released a series of blogs calling for developers to come forward with ideas on how to ensure sustainable ad technologies that are data-privacy friendly and law compliant. Google has always made its position well known on fingerprinting, but its latest communication on the technique described it as “opaque” and a non-transparent way of using user data without their knowledge or permission — a no-no under GDPR as well as other pending data protection laws. When you add that to the fact Apple is also trying to curtail the technique with another round of tighter tracking restrictions for Safari, it will be incredibly tough for this kind of technique to survive.

DoubleClick IDs

Attribution modeling has taken a massive hit thanks to the pivot to privacy. The biggest blow was when Google pulled its DoubleClick IDs product which agencies relied on for cross-device attribution across the web. Google cited its obligations to meet GDPR compliance as its reason for dropping the product and is still working on a beta version of Data Ads Hub, which is designed to fill in some of those holes left by the removal of IDs but without the user-privacy red flags. But agencies have said there is no like-for-like replacement to DoubleClick IDs, and that, in fact, they have had to totally redefine attribution strategies, scrapping a lot of previous models used in order to figure out how to still get high performance and track which channels are most effective in order to inform media allocation.

Location data-targeting

There has been a lot of talk about location data and how to ensure it is GDPR compliant. The Internet Advertising Bureau and IAB Tech Lab recently added a layer into their attempt to standardize GDPR compliance — the Transparency and Consent framework. In the reworked version, location data targeting has been assigned a specific “feature,” meaning that advertisers and publishers must ensure location vendors are disclosed if being used on certain campaigns. Further, the user must understand for what reason their location is being tracked and agree to it for the purposes of ad targeting. Their consent must be explicit and informed. In the run-up to the arrival of GDPR, location-targeting suppliers were already starting to wane in numbers because the way many location companies build profiles is to pluck data from the bid requests. That’s now being clamped down on harder by U.K. data protection authority the Information Commissioner’s Office.

Real-time bidding

Using personal data within bid requests will be tough without explicit consent. In reality, the likelihood of people agreeing to have sensitive data such as their sexual orientation or political beliefs intentionally used for the purposes of targeted ads, are slim. If advertisers want to use that kind of information for targeting programmatic ads on the open exchange, they’ll have to get explicit and informed consent from users to do so. So the type of data within RTB is going to change. The ICO has been clear that it expects to see changes on how this kind of data is currently being exploited within bid requests, along with other information like device IDs, cookie IDs, and location data. So using personally identifiable data like that via RTB will likely die out, presuming the ICO can effectively police it.