Naysayers doubted that the European Union’s General Data Protection Regulation (GDPR) and ePrivacy rules, California Consumer Privacy Act (CCPA) and related privacy regulations would have any real impact on the flow of consumer data. But it’s now clear that they will, as European regulators show they will interpret the rules to require meaningful consent to data sharing, will treat cookies as personal identifiers, and will assess significant fines for data breaches. The imminent effective date of CCPA, which rather surprisingly survived without being watered down or preempted by weaker federal regulation, confirms that privacy can not longer be ignored by data collectors. Meanwhile, actions by Google, Microsoft, Apple and other major browser are putting still more barriers in the way of data business as usual.
None of this marks the end of the advertising industry or even of targeted online advertising. Advertising was a big and important business before the Internet existed and would remain one if the Internet went dark tomorrow. Pre-Internet advertising wasn’t as targeted or measurable as today’s display and social ads, but it did work. A total end to distribution of third party personal data would still leave Internet marketers able to target based on context, content, and in-session behaviors. This probably wouldn’t be quite as effective as individual-level targeting, although I don’t recall any studies that prove this. It’s even possible that closer attention to ad targeting methods would reduce fraud enough to more than compensate for the loss of third party data.
In any case, the hunt is on for mass advertising audiences to replace audiences based on third party personal data. The recent merger of content-based advertising leaders Taboola and Outbrain was driven in part by the desire for greater scale in content ads (those click-bait teasers that lead you off-site at the bottom of many Web pages). The rebirth of out-of-home advertising (billboards, wall posters, in-store displays, and clever niche products such as elevator and gas pump ads) as a digital channel opens another mass medium. Above all, the various forms of individually targeted TV advertising promise new levels of personalization and tracking in a medium that already has near-universal reach. Other types of video, available through YouTube, Instagram, TikTok, Snapchat, Twitch, and much else, are delivering new mass.
Taken together, these emerging options promise a new Golden Age of Advertising Creativity, as marketers explore their potential and evolve the most effective approaches to each. It’s true that a vastly more fragmented media landscape will be harder for marketers to manage. But it also means that fears of a Google/Facebook duopoly controlling all access to new customers are clearly overblown. Regulatory pressures, changing consumer attitudes, and new competition should further deflate them every day.
What does all this mean for martech in general and Customer Data Platforms in particular? The most directly affected martech systems are Data Management Platforms (DMPs), whose core function is to manage the third party data-based customer profiles that are quickly becoming extinct. Marketers who had hoped the DMP would manage all their customer data had already lost much of their interest when they discovered how limited DMP capabilities really were. Many DMPs have repositioned themselves as CDPs, although not all have the technical capabilities required to meet the RealCDP requirements.*
The implications for CDPs are more positive, although not quite as rosy as sometimes suggested. There’s a common argument, which I frequently make myself, that the loss of third party data makes first party data more important, and that’s good for CDPs because they primarily manage first party data. This is true on some level but shouldn’t be overstated. The third party data that populates DMPs is mostly used for acquisition marketing, while the first party data in CDPs is mostly for marketing to current or former customers. So switching focus from DMP to CDP would leave a significant gap in many acquisition marketing programs.
As we’ve just seen, marketers will plenty of other ways to reach new audiences even after today’s third party data-driven advertising is gone. But there is one way that CDPs can directly support acquisition programs: by making it easier for companies to share first party data with each other, creating what is usually called second party data.
Second party data can refer to any first party data that is directly shared with another company (the second party). The CDP supports this by creating an extract file of first party data that can be sent to the second party. If that’s all that happens, it’s no different from any other extract.
But often second party data is created by comparing the customer lists of both parties and finding shared customers. The trick is often that the two parties don’t want to expose information about customers they don’t share.
One way to achieve this is to send a copy of both customer lists to another company that both firms trust. That company compares the two lists, finds matches, and returns whatever information the parties have agreed to share. Alternatively, a common identifier such as email address might be run through a standard “hashing” algorithm that will yield a unique result for each input but not reveal the actual identity information. Both parties use the same algorithm so that all records with the same identifier yield the same hash code and are identified as a match. Records that don’t match will generate different hash codes which are meaningless to the other party. With this sort of processing, there’s no need for another trusted company to do the matching because customer identifiers are not actually shared. Each party keeps a record of the original identifier and the resulting hash code, so it can tie the codes back to its actual customer records.
Here’s a practical example. Suppose a hotel chain and airline agree to identify loyalty program members on each others’ lists. That is, the airline would learn which of its customers were members of the hotel loyalty program and the hotel would learn which of its customers were members of the airline program. They can do this with the type of matching just described, adding a “partner loyalty member” flag to appropriate customer profiles. The airline could then make a special offer to hotel loyalty members and the hotel could make a special offer to airline program members. Each party could also send acquisition promotions on behalf of its partner to its own customers who are not members of the partner’s loyalty program. So long as each party sends the promotions to its own members, the other party never learns anything about them.
The minimum role of the CDP in this sort of second party sharing is to generate a customer list with the required data. Some CDPs can also find direct matches (acting as the trusted third company) or generate and match the hashed identifiers. CDPs with these added functions are in a position to benefit as the loss of third party data makes second party data sharing more important to acquisition marketing programs.
In sum, privacy regulations won’t kill targeted marketing. They’ll actually lead marketers to expand the methods they use, promoting a healthy diversity and weakening the much-disliked Google/Facebook duopoly. Customer Data Platforms will benefit as first and second party data play larger roles in the marketing mix.