Privacy Invasive Data Collection Is Entirely UNnecessary

Marketers seem to assume they cannot live without cookies; more specifically they think they need cookies and device identifiers in order to do digital marketing. At least that’s what they’ve been told by ad tech companies selling services that use cookies and device identifiers. The premise is that the more targeting parameters you buy from them, the more relevant your ads will be. They obviously said that so they can make more money. So shall we explore whether more targeting is actually better?

Background on third-party cookies for cross-site tracking

Let’s first take a step back to understand how all this cookie stuff works and why the last ten years of digital advertising depended on it. When human users use gmail or Facebook, they are logged in, so Google and Facebook know who they are. They probably even provided some basic demographic information when they signed up for those services. But when humans visit other sites, like news sites, etc. they are usually not logged in. So those sites don’t know who they are. Individual sites can set first party cookies in the visitor’s browser so they can tell if the same user came back. But because cookies are associated with a specific domain -- e.g. nytimes.com -- the sites themselves can only read their own cookies, not cookies from other domains.?

How, then, can ad tech companies track non-logged-in users across all the different sites that they visit? Ad tech companies need to put code on many different sites, so they can set what are known as third-party cookies to track users’ movements across different sites. When a third party like doubleclick.net (owned by Google) has code on nytimes.com and on usatoday.com, they can set third party cookies -- i.e. cookies associated with the doubleclick.net domain, not nytimes or usatoday. When a user visits any of the other millions of sites that also have doubleclick.net code installed, doubleclick can read their own cookies to know it’s the same user. This is called cross-site tracking with third party cookies. Individual sites cannot do this with their own first party cookies that are associated with only their domain.

Targeting parameters and audience segments inferred from website visitation patterns

Cross-site tracking became the primary way adtech companies gather data on non-logged-in users across millions of sites. This data is used to infer who the anonymous users are and what they like, supposedly for better ad targeting. Even though this was a valid assumption in the early days of programmatic (algorithm-driven) advertising, experimental evidence shows it is no longer valid. For example, in the most simplistic cases the algorithms might be able to infer a user is male if he visited ESPN, Sports Illustrated, and Playboy. But what would the algorithms infer if the user visited Amazon, Food Network, or Travel & Leisure? What if the user visited Victoria’s Secret? Perhaps it is a woman looking for lingerie for herself, or a man looking for a gift for someone else. So many assumptions have to be made that the accuracy of the inferences of who users are and what they like completely breaks down except in the simplest of cases.?

Academic studies into the accuracy of ad tech targeting have shown just that. When a single parameter - gender - was inferred from website visitation patterns, it was only accurate 42% of the time, which is lower than random (approx. 50%). When just two parameters -- gender, plus age -- were inferred, the accuracy dropped to a low of 13% [See: How Accurate is Adtech Targeting?]. You can surmise that the accuracy of the inferences beyond two parameters is utterly useless. But yet, the entire corpus of digital advertising targeting over the last 10 years has been built on cross-site tracking and targeting parameters inferred from these site visitation data. And advertisers have gobbled it up, paying extra for those targeting parameters and audience segments without questioning how the data was collected, and whether the inferences were accurate.?

Audience segments can also be entirely messed up or made up due to bot activity

On top of the dismal accuracy, some of those audience segments could also have been entirely made up, due to the nefarious activity of bots. Fraudsters know that adtech companies derive audience segments from website visitation patterns. So they instruct their botnets to visit a collection of sites to pretend to be certain audience segments -- for example, bots might visit medical information sites to make themselves appear to be doctors. They might even pretend to be the highest value segments like oncologists, by visiting oncology websites, in order to trick advertisers to pay even higher CPMs thinking they were targeting ads to oncologists. Bot activity is how ad tech companies have audience segments of greater than 100,000 oncologists to sell, when there are only 8,000 actual oncologists in North America. Another famous (and hilarious) example of audience segments gone wrong were the 300 million “auto intenders” in the U.S. when there are only 360 million men, women, and children total. Common sense would have told you something was amiss.?

Furthermore, cookies are associated with specific browsers on specific devices. That means that the cookies in Chrome are different from the cookies in Firefox on the same device used by the same person. Different devices -- e.g. laptop vs smartphone vs PC -- will also have different cookies. So a single person is likely to have dozens of different cookies associated with them, which makes the data even more messy and inaccurate. That means the ad targeting based on those cookies are even more messed up and not accurate. The key here is to realize cookies are not people. And the inferred characteristics about the cookies are so inaccurate because they are derived from the website visitation patterns of not-logged-in users.

Privacy invasive data collection is not compliant with regulations

The data collection by third parties mentioned above was done entirely without the knowledge of consent of the users. When a user visits nytimes.com they assume they are interacting with The New York Times. They are unaware of the hundreds of third party ad tech companies whose code is harvesting data about them without their knowledge or consent. New privacy regulations now require adtech companies to gather specific consent. Even if consent were sought, few to no consumers would give consent to ad tech companies they have never heard of. In the following example (tree graph below), on a single page there are over 3,100 different tracking and ad serving calls made -- Adserver Requests: 1839, Tracking Requests: 1357, Other Requests: 333. Would consumers take the time to give consent to all of these adtech companies? Very unlikely. So most of these companies are collecting data in ways that are not compliant with privacy regulations. The largest of companies have already settled with the U.S. government for privacy violations -- NY Times: Disney and ad-tech firms agree to privacy changes for children’s apps. So you should be more cautious of your compliance risk, as the enforcement of privacy regulations kick into high gear.

PageXray by FouAnalytics

Targeting of ads is not measurably better

The remaining question is whether any of this data collected by ad tech companies actually made ad targeting better, as promised. The short answer is no. Experimental results show that the targeting is not any better and the number of relevant ads that users see remains low to zero [see: How many relevant ads do we see each day?] Everyday experience also reveals that few to no relevant ads are shown to human users; sometimes the targeting is even hilariously wrong. And remember those creepy ads that follow you around the internet? Those are retargeted ads -- ad tech companies tracked what product you looked at, and then the algorithms assume they are being more relevant by continuously showing you ads for that exact product (even if you already bought it). That’s how bad the adtech algorithms are -- bad data in, badly targeted ads out. Despite all that data collected, ad relevance is not better.

That leads to the inevitable conclusion that all the privacy invasive data collection over the last 10 years was not necessary to begin with.?Read that again once more slowly -- the privacy invasive data collection used for ad targeting is completely unnecessary.

Good digital marketing can be done without cookies or microtargeting

So how do we do digital marketing without third party cookies, without non-compliant, privacy-invasive data collection, and inferred targeting parameters and audience segments? Remember good old TV advertising, advertising in magazines and newspapers, radio ads and billboards? Those never relied on cookies and privacy invasive data collection. Those advertising channels worked well for decades before “digital came along.” In some ways, digital can be just as productive -- if ads are shown on mainstream publisher sites, ones that have real human audiences. Having more data and targeting does not mean more relevant ads. But it did mean that advertisers paid for more targeting and adtech companies made more money from it. Keep in mind you don’t need cookies to do better targeting and you don’t need device identifiers to know if you drove more sales. More data just created the illusion of greater measurability and better targeting. From what we have seen above, common sense should tell you it did neither.?Basic targeting -- e.g. a few parameters like demographics -- would suffice, very similar to TV or print. Go figure. All that extra you paid for ad tech targeting made ad tech companies richer and your digital marketing poorer (yeah, both figuratively, and literally).

So What?

Advertisers should seriously assess whether the extra fees they paid for adtech targeting drove any incremental sales. If the answer is “no” or “I don’t know” then why are you still paying for it? Now that you realize that the data collection is non-compliant and privacy invasive and the targeting parameters and audience segments are wildly inaccurate due to being inferred from website visitation patterns, you should realize they won’t make your digital marketing better. In many cases, it makes your marketing worse because your ads are being shown to bots that were pretending to be specific audience segments by deliberately visiting certain websites. By advertising on mainstream publisher sites, you will be showing ads to humans. By using a very small number of basic demographic data for targeting, you will be doing better digital marketing than wasting your money paying for fake or inaccurate targeting parameters and audience segments.?