How to implement a compliant first-party data foundation
Celina Belotti
Privacy Lead
First-party data and the fall of third-party cookies
First-party data refers to the user-provided and inferred-user data, it includes volunteered user data such as email addresses or telephone numbers, and inferred data such as profit data or lead scoring. This is data that might be collected through online forms, but ultimately is stored on advertisers’ own CRM systems.
Third-party cookies have been one of the backbones of online advertising for a very long time. They enable platforms to serve personalised advertising and match users to specific audiences by connecting their browsers with external servers. Exactly because of their ability to observe users across environments, this often ominous feature has also been made the bogey-man of the advertising industry and taken the blame for years of collective malpractice. Due to their lack of transparency and accountability, many browsers, such as Safari, have had them blocked and Chrome will be removing its support for third-party cookies in the near future.
The reality is that most Ad Serving and Social Media Platforms have gone from relying on cookies to using other identifiers such as Device IDs or IP addresses, although this practice is seldom documented. As an industry, we have lacked the transparency measures that we need in order both ensure business accountability and to protect the users that we interact with – which I should remind you includes you, me and everyone else above the age of 16.
That’s where identity solutions using first-party data came into place. In response to this sort of no-man’s-land identity landscape, most platforms have been calling for advertisers to share their so-called first-party data in order to allow a stable and seemingly privacy-first identifier.
A recent report from Xandr details the variety of alternatives for identities in the post third-party cookie era and a survey between Xandr and IAB shows that 60% of the advertisers are looking at first-party data solutions.
One shouldn’t assume that first-party data is the only alternative available to continue running performance activity, but it is a solution that we need to look closely at.
The limitations of using first-party data
Using first-party data seems like a straightforward alternative. But it is not without its challenges. Actually, without appropriate documentation and transparency, sharing users’ personal email addresses should be seen as more contentious than utilising cookies as identifiers, given that email addresses are people’s personal ID. So as an industry, if first-party data is the solution we are going for, we need to double down on putting platforms under scrutiny in order to safeguard user privacy.
It is also important to note that for most advertisers, existing consent flows may not be comprehensive enough to activate first-party data for digital marketing purposes: Consent needs to be specific and tied to data processing use cases, so the shift to first-party data demands that advertisers redesign their consent foundations from the ground up.
Finally, we also need to bear in mind that even though regulators have not yet caught up to advertisers misusing their email databases, we can assume that this is just a matter of time. The latest interpretation is that provided that email identifiers cannot be unencrypted, their activation is compliant if advertisers have collected adequate consent.
While it may provide more stability in the immediate moment, first-party data is essentially a temporary solution that may not address the underlying issues that led to the demise of third-party cookies. Consider it like a game of whack-a-mole, where you replace one solution with another, only to encounter new challenges and limitations.
Where do I start when it comes to building a first-party data foundation?
That’s a very good question. Consent should be the first step you take in order to get started.
To assess where you stand as it relates to your consent banner, you can also access our external audit here.
How to build a compliant first-party data foundation
To build a sustainable business practice, companies must adopt a more holistic approach to data privacy and security. With that in mind, we believe that advertisers should take the steps to build what we call a Compliant First Party Data Foundation.
The steps you need to take in order to reach the compliant data foundation are what we would call a first-party data strategy and we outline them in the map below:
What are some alternatives to using first-party data in marketing?
We are all in agreement that breaking data silos and leveraging your data potential should be a priority for any advertiser that wants to succeed in the current date and age. However, I would like to share a controversial opinion with you all: Integrating and activating first-party data with digital marketing platforms, distributing it to multiple vendors and creating data lakes is not the only way to have a successful first-party strategy.
Many advertisers out there are miles away from building complex integrations. In many instances, they are not even able to access their BI or CRM data to inform their strategy. So I will defend that the first step in any strategy is to make sure that you have the data you need to make the decisions you need to make.
If you conclude that automated activation of first-party data is not the way forward, these are some of the actions you can take.
Using programmatic strategies to add context to your advertising
Pick publishers that are in sync with your brand and enter partnerships with them, instead of using an open network. These publishers will often allow you to access their data directly for targeting, which is better than using third-party network data.
There are a number of DSPs that are testing new technologies for audience segmentation and in-market audiences. Take a look at how they build their audience networks, maybe they will be using Google’s Topic APIs, or they developed their own method.
There are also contextual partners like GrapeShot which will help you with delivering the right ads in the right context.
Finally, still, in terms of picking the correct partners, you should find a DSP that will allow you to access the publishers that will work for you. Many DSPs have specific niches or access to exclusive inventory.
Using creative strategy to provide insights
In terms of creative, even though you might not be willing to activate your first-party data directly, a mature advertiser will still be able to understand and analyse first-party insights to inform its creative strategy. Make sure that first-party data is available to help you with consumer insights, for example, that will already help you quite a lot.
Finally, a note from our strategists: Most advertisers will be surprised with the results that can be achieved with contextual advertising. There are three Rs to ensure good creative strategy, Reach, Resonance and Relevancy – the right contextual targeting will fulfil all three.
Conclusion
That’s the way the cookie crumbles. It’s just another day in the life of a marketer when we have to adapt to changes, think of new solutions and put together alternative strategies. If there is one takeaway, it’s that regardless of whether you choose to activate your first-party data for digital marketing purposes or not, it is time to consider your data foundations in a holistic way – with privacy top of mind.
Read our marketing ethics consumer report to learn more about how you can keep consumer experiences top of mind in your digital marketing strategy. Or get in touch with us to speak to a specialist regarding implementing a privacy-first approach to first party data usage.
