Executive Summary
For many online advertisers and digital marketing professionals, 2022 has been characterised more by preparation than by implementation. With a series of fundamental changes expected to cause industry-wide disruption in 2023–2024, many have used the last 12 months as an opportunity to familiarise themselves with the new digital climate, whilst reexamining and recalibrating their strategic modes of operation.
Privacy will be causing the greatest headaches to most, with prohibitive regulatory and legislative standards looming increasingly large. Naturally, compliance will be a key concern; but so too will finding methods that assist in the collection of consensual and relevant first-party data, while demonstrating to consumers a genuine commitment to privacy.
For advertisers, this means focusing on new strategies for data collection, and greater investment in innovative customer experiences that boost consumer confidence and incentivise the exchange of personal information. With this comes the challenge of successfully collating and interpreting that data, and finding ways to convincingly leverage it—programmatically or otherwise—across a growing list of addressable media channels (a list that includes connected TV, audio streaming, and digital out-of-home).
To tackle these fires effectively and simultaneously, advertisers will need to adopt a holistic approach; one which factors both their internal operations and the external—and unavoidable—elements that will influence their success. The solutions to the privacy puzzle exist, but only to the extent that those applying them understand the broader context of the digital landscape.
So, before we take a look at where we’re going, let’s take a look at where we are and how we got here….
All Roads Lead to Privacy
The EU vs. Big Tech
It’s no secret that the EU favours a tough stance when it comes to protecting citizens’ data. Since its introduction in 2018, the General Data Protection Regulation (GDPR) has become a framework for data protection legislation, with nations across the globe—as well as the US state of California—choosing to implement similar privacy laws.
As a continuation of this privacy campaign, in 2020, the European Court of Justice (ECJ) ruled that the transatlantic flow of user data was illegally exposing its citizens to potential US government surveillance. The reverberations of this monumental ruling continued to be felt by marketers and consumers throughout 2022—most notably in August when Europeans narrowly avoided a full social media blackout.
The 2020 decision by the ECJ was the impetus for a 2022 ruling that has proved a particular nuisance for Google. In January, the Austrian Data Protection Authority ruled that the integration of Google Analytics—which allows for the transatlantic movement of personal data—put site owners in direct violation of the General Data Protection Regulation (GDPR). And, with over 28 million sites using the tool—including 74% of the top 10,000—there have been increased calls for Google to provide clarification on the compliance status of its latest iteration, Google Analytics 4.
Google’s (Anti)Trust Issues
Whilst undoubtedly a cause for concern, GDPR is only one of the obstacles Google faces. The tech giant has spent much of the current decade looking over its shoulder, as antitrust authorities on both sides of the Atlantic scrutinise its market position and advertising practices. 2022 saw the continuation of an EU investigation into the corporation’s advertising practices—specifically, on the restrictions it is alleged to have placed on third-party advertisers and their access to user data.
Prevailing mistrust in Google is already hurting its pockets. In September, the tech giant failed to overturn a £3.5 billion fine imposed by the EU’s competition commission over its anti-competitive bundling of search and Chrome apps on Android mobile devices. Furthermore, reports at the time of writing suggest the US Department of Justice is preparing a lawsuit of its own to challenge Alphabet’s alleged monopoly over digital advertising.
Chrome Without Cookies
A key catalyst for the regulatory attention Google faces came in January 2020, when the company pledged a full retirement of third-party cookies from its Chrome browser. Though welcomed by consumers, the proposals elicited a largely negative response from marketers. A statement issued by the UK’s Competition and Markets Authority effectively summarised industry concerns, noting that the changes “could cause advertising spend to become even more concentrated on Google’s ecosystem at the expense of its competitors”.
Perhaps as a result of its ongoing battles on the privacy front, Google’s steps towards fulfilling this promise have been uncharacteristically erratic. After initially committing to remove Chrome cookies within two years, in July of 2022, the company once again deferred deprecation of the doomed tracking format. As things stand, third-party cookies are set to remain a feature of Chrome until late 2024.
Device-Level Tracking
Data restrictions at the regulatory level have been compounded in recent years by similar constraints implemented at the device level. The most conspicuous example of this is provided by Apple, who have spent recent years carefully cultivating a reputation for on-device privacy and data security—to quote one of its more memorable slogans, “what happens on your iPhone, stays on your iPhone”.
The company made its first major moves in this area with the release of iOS 10 in 2016, and the introduction of Limited Ad Tracking (LAT). When enabled, LAT hides from advertisers the device’s unique IDFA (Identifier for Advertisers), without which they are restricted in their ability to deliver personalised or targeted content, or to follow that user across the web.
Significantly, with the release of iOS 14.5 in April 2021, Apple switched from an opt-out to an opt-in LAT structure. The impact of this has been massive, with research from last year suggesting some 96% of users in the US chose to deny advertisers access to their data. In February 2022, shares in Meta dropped a massive 20%, with the company blaming a weaker-than-expected forecast on iOS privacy changes; Meta’s CFO, Dave Wehner, valued the potential impact “in the order of $10 billion”.
Thankfully for advertisers, Google announced in February a postponement of plans to impose similar restrictions on Android devices. Changes to the AdId (Advertising ID) have been shelved until 2024—potentially to coincide with the scrapping of Chrome cookies—but the company has confirmed that its plans to abandon the technology ultimately remain.
A New Anonymity Standard
Transatlantic Data Privacy Framework
As a stopgap solution to the transatlantic data problem, in March 2022, the European Commission (EC) and the US issued a joint statement introducing the Transatlantic Data Privacy Framework. The framework—which lays out regulatory terms for the transatlantic flow of personal data—was agreed upon in principle by both parties, and allows for the temporary maintenance of the status quo.
However, the document serves only as an agreement in principle, and—as seen by the near-miss summer shutdown of social media—EU member states retain the power to cause problems for Big Tech via ratified legal mechanisms. The hope is that through continued cooperation between the EC and the US, the current framework will be transformed into a binding legal agreement. Negotiations on this new pact are expected to be completed by early 2023.
The Privacy Sandbox
Ostensibly established as a consumer-first way to fill the cookieless void, the Google-led Privacy Sandbox initiative aims to create a new web standard for the access of user information—a standard which replaces the functionality of cross-site tracking, without compromising consumer privacy.
Google is aiming for a full-scale release of the Privacy Sandbox APIs in 2023. After abandoning the highly criticised FLoC in early 2022, the project’s current form focuses on topic categories. In practice, this means the identification of broad user interest categories based on recent web activity. These categories (such as ‘fitness’ or ‘travel’) are stored within the user’s browser for three weeks, during which advertisers can target their creatives without impinging user privacy.
Microsoft is in the process of developing a similar API for its Edge browser, indicating a high likelihood of such methods becoming the standard approach for the delivery of granular first-party data.
Google Analytics 4
The aforementioned ruling by the Austrian Data Protection Authority on the illegality of Google’s Universal Analytics (UA) has forced the company to more forcefully encourage its users to adopt the latest iteration of the platform. Whilst questions remain about its GDPR compliance, Google Analytics 4 (GA4) is expected to address this issue by allowing for information processing at European data centres, thereby bringing it in line with the current Privacy Shield framework. Regardless, the company will be sunsetting UA on July 1, 2023, so site owners will soon have no choice but to accept the updated software.
The differences between UA and GA4 are significant. Notable changes include the removal of key behaviour metrics—with bounce rate, pages/session, and average session duration replaced by more comprehensive engagement numbers—as well as the introduction of machine learning technology that promises to optimise campaign ROI through automated trend detection.
For many advertisers, the most significant consideration is that GA4 removes support for third-party cookies and server-side tagging. This is likely to have serious implications for marketers who rely on these technologies for retargeting and audience modelling. It will also complicate the collection of first-party data, as the less personalised, cohort-based metrics will anonymise on-site behaviour.
First-Party Priority
In 2017, The Economist published an article titled, “The world’s most valuable resource is no longer oil, it’s data”. And, for advertisers looking to secure their position in a privacy-first future, a strategy for collecting consensual first-party consumer data must be a priority.
A report by Gartner recommends brands start thinking about how they can implement compelling touchpoints for data collection throughout the customer journey. This means establishing a strategic plan for appropriate incentivisation at every stage: document downloads, promotional gifts, discount codes, and the like should be deployed with both conversion and collection in mind.
By arming themselves with robust first-party data, businesses will be capable of constructing meaningful perspectives on user behaviour and intent that will ultimately assist in the targeting of fresh, qualified leads. At the same time, with a more intimate understanding of their audiences, they will be better equipped for the development and deployment of engaging personalised content across the sales funnel.
Second-Hand First-Party
Whilst the collection of first-party data is set to rank increasingly high on the priority lists of many advertisers, it’s important to note that the strategy will not be viable for all businesses. As McKinsey points out, for those advertisers that are “disconnected from the retail transaction (such as traditional consumer goods companies and low-consideration goods and services)”, any data collected will be “sparse and likely ineffective”.
In these instances, businesses should look to more innovative and hybridised solutions—solutions which adapt to the restrictions of their industry, their audience, or their budget, but which are nevertheless built with scalability in mind. One potential answer is to lean on an external walled garden ecosystem for first-party data. A growing number of retailers and publishers—including Tesco—are providing access to their first-party data in return for a share of ad spend. This allows for the deployment of people-based marketing at scale, without the need for any on-site integration.
In Summary
The next 18 months will give us our first experiences of life in a post-cookie world. The challenges are real, but so too are the opportunities—particularly for those brands with the vision to see beyond the status quo, and the confidence to take bold steps in a new direction.
Now is the time for businesses to start thinking about how they can proactively collect, store, create, and deploy the data and the materials that they need to survive—and thrive—in a privacy-centric future. Initially, this might involve fighting fires on numerous fronts, necessitating expert management, innovative strategy, and a powerful set of advanced tools and software solutions.
The Bank Trend Report 2023
The following report aims to provide advertisers with a foundation for tackling the trends that are likely to shape the digital advertising industry over the coming year.
It will examine some of the fundamental changes that are expected to take place, and consider the knock-on effect of these changes on various areas, including ad targeting, measurement, and attribution. It will also outline some of the tools which we think have the potential tol help businesses of all sizes as they navigate this new environment.
Sound good? Then let’s get started….
