Universal ID's are not a solution for cookieless advertising
Last week, the IAB Tech Lab announced the launch of Project Rearc. A new initiative to “harmonize privacy, personalization, and community” in the advertising ecosystem. Initial reactions to this announcement have not been that favourable.
Industry leaders seem concerned that Rearc’s position would see third-party cookies replaced by a deterministic, individual-level, persistent identifier, such as a hashed email address. A similar proposition to the numerous Universal ID solutions we’ve seen entering the market recently.
Following this announcement, I took to LinkedIn to voice my opinion on Project Rearc and, more generally, Universal IDs. My thesis was a simple one, not only will Universal IDs not happen, they shouldn’t be allowed to happen.
The response to this post has been overwhelmingly positive, with many of my industry peers reaching out to share their support for this position. In this blog post, I’ll dive further into why Universal IDs are not the solution we need.
The pitfalls of a Universal ID?
Broadly speaking, all Universal IDs must work in a similar way. They are designed to take various unique identifiers (phone number, email address, mobile ID) and build a central identity ‘spine’. With the spine in place, they are then able to assign each individual with a unique identifier held in the spine, a single unique value - the Universal ID.
Let’s consider what we’re really suggesting here with Universal IDs: giving everyone on the planet one unique identifier, and then enabling one company with the power to hold that central identity graph.
So let’s dive a little deeper, why is providing a single company with all that data and power not good?
Reputational and privacy risks
Data privacy awareness among consumers has never been higher. Consumers have been burnt by companies sharing their customer data with third parties to power advertising. Imagine therefore how consumers will react when they inevitably learn that their favourite brand or publisher has been sharing their personal data with a third-party, who has been selling that data on.
The reputational damage that such a scandal could inflict, would surely outweigh any commercial benefit to the brand or publisher?
And it’s not just consumer backlash that brands and publishers should be mindful of. Regulators have taken a dim view of Universal IDs still requiring the sharing of consent between multiple third-parties (aka daisy-chaining). A practice that has been specifically highlighted by the ICO as non-compliant with GDPR.
Own your own identity
Over the last few years, we have seen a move to businesses wanting to ‘own their own identity’ - a move I fully agree with. But how can each party within the advertising ecosystem own their identity, while also enabling cross-site advertising which is so vital to a free web?
The solution to the identity conundrum is a relatively simple one, distributed technology. A distributed (aka ‘federated’) approach enables each company to own and control their identity data, flexibly and nimbly joining identities with their partners of choice.
A distributed identity model is a solution that enables each party to retain full control of their identity data while making it available to power the advertising ecosystem. Each data owner puts their identity (login data) in their own controlled instance, for InfoSum we call these Bunkers. Each is unique and isolated, with only the data owner able to access it. These isolated instances can then be connected through a federated architecture that matches the unique identifiers within the individual data sets, without sharing or exposing the data.
This connectivity creates a unified audience that can be analysed and activated against, with all the benefits of a single identity spine, without any of the risks detailed above. No raw personal data has been transferred, and therefore commercial and reputational risks are limited.
Reinventing identity for a privacy-first advertising era
The advertising industry has an opportunity to change the way we’ve looked at identity and data. By putting consumer privacy first, and protecting both commercial value and brand reputation, businesses can thrive in this new world.
There is no need for a single universal ID, instead, we have the opportunity to reinvent the industry infrastructure where no one party owns the identity space, and each company owns its own identity.