Identity in AdTech: Unravelling The ID Problem

When advertising moved online from the print world in the late 1990s, the biggest opportunity for advertisers was the ability to reach people on an individual basis. 

They no longer had to rely solely on contextual targeting; advertisers could now create audiences based on interests, behavior, and location and show ads to members of these audiences as they moved around the web. 

This activity has become the backbone of the online advertising industry, but despite the efficiencies brought on by technological advances of both the platforms (DSPs, SSPs, etc.) and processes (RTB) over the past two decades, there is one challenge that has never been fully solved: identity.

The identity problem in AdTech can be summed up in the following three points:

1. Every player in the online advertising industry relies on accurate user identification – publishers need it to earn ad revenue, advertisers and agencies need it to run targeted and relevant ad campaigns, and AdTech vendors need it to sell their tech to publishers, advertisers and agencies.

2. There’s no persistent ID in web browsers, making identification hard to achieve.

To provide some sort of identity match between AdTech platforms, companies use cookie syncing to match each other’s cookies. However, this mechanism will soon become obsolete, as major web browsers have already ceased or are planning to cease support for third-party cookies. This will signal the end of an era in programmatic advertising and give way to alternative ID solutions, such as universal IDs.

But universal IDs are not perfect. They are hard to scale and prone to ethical concerns as they enable detailed user profiling. 

3. The walled gardens of AdTech, i.e. Google, Apple, Meta, and Amazon (GAMA), sit on a treasure trove of deterministic data, which allows them to identify users across the web and different devices accurately. This is a major selling point for advertisers and ad agencies, making it hard for independent AdTech vendors, publishers and media companies to compete with.

Let’s now take a closer look at these points.

1. The Importance of Identifying Users Across Websites and Devices

The ability to identify a person browsing the internet is a critical part of the whole online advertising system for the following reasons: 

1. Monetization for publishers

The more a publisher knows about a visitor, the more ad revenue it will receive from advertisers.

2. Revenue for advertisers

Advertisers want to reach a specific audience, and if a member of that audience accesses a publisher’s site, they will be willing to submit a high bid in hopes their ad will be shown to them.

3. Relevance for users

Although most people are uneasy with ads that follow them around the web, many users will click on or interact with ads if they are relevant to them; for example, an ad for an upcoming Metallica concert at CenturyLink Field would be of great interest to a heavy-metal fan living in Seattle. 

4. Measurement and attribution

One of the most overlooked areas of this identity problem is measurement and attribution. It’s estimated that global digital ad spend in 2027 will reach $870 billion, and without an accurate way to identify users as they move across the internet and devices, it will be hard to track performance and know where to assign budgets. 

Bottom line: The online advertising industry heavily relies on identification.

2. The Problem With Cookies on Desktop Web Browsers

Despite the rise of new digital advertising channels like retail media and CTV, display advertising on web browsers is still a popular channel for advertisers. 

However, it’s hard to accurately identify users across web browsers due to the limitation of cookies; a cookie created by one domain (e.g. an SSP) can’t be read by a different domain (e.g. a DSP).

This means that there’s no common ID for a given user shared across all these different platforms and websites, leading to missed opportunities for both advertisers and publishers. 

The solution has been to perform a process known as cookie syncing. 

Cookie syncing involves matching the cookies between different AdTech platforms to identify a given user.

Here’s an overview of how the cookie-syncing process looks between a DSP and DMP:

While this process may seem to work well in theory, the reality is that it’s a very time-consuming task which greatly increases page-load time, leading to a poor user experience and missed opportunities for publishers and advertisers. 

Also, cookie-match rates between different AdTech platforms are inconsistent. Typically, a 40–60% match rate is considered good, but the more syncing that goes on between platforms, the lower this percentage gets. 

This discrepancy can, among other things, be the result of cookie churn – i.e. cookies lost due to certain user behaviors (such as deleting cookies, blocking third-party tags, or using incognito/private mode) or privacy features in web browsers,  such as Safari’s Intelligent Tracking Prevention (ITP).

The End of Third-Party Cookies and the Rise of Universal IDs

As we mentioned earlier, third-party cookies synced between different platforms have long been used to track user behavior across multiple sites, enabling advertisers and marketers to deliver targeted ads.

However, throughout the years, privacy concerns have grown. Regulations like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have appeared to strengthen user privacy.

The GDPR demands that websites collect explicit user consent before setting any cookies that process personal data. The consent must be informed, freely given, specific, and unambiguous. 

Major web browsers, Safari and Mozilla, also support privacy-friendly movements and limit publishers’ and advertisers’ ability to track users with third-party cookies by blocking them by default. 

Google Chrome is the only major web browser that still supports third-party cookies, but it will end this support in 2025.

What shutting down the support of third-party cookies means for AdTech:

• A limited ability to recognize users across the devices and websites

• Less effective ad campaign measurement and attribution
• Less relevant targeting 
• A less personalized experience for online users

As a consequence, advertisers and marketers have turned towards alternative advertising strategies, such as:

• Contextual advertising: Displaying ads that are contextually relevant to the surrounding content.
• Zero- and first-party data collection: Gathering data directly from customers and prospects to create audiences and making them available to advertisers for targeting.
• Data clean rooms: Secure environments allowing for data collaboration between publishers and advertisers without sharing raw user data.
• Universal IDs (UID): Hashed and encrypted user identifiers created using deterministic data, such as an email address or phone number, that can be securely shared and matched between different companies.

Universal IDs have the potential to address some issues with third-party cookies. 

The Rise of Universal IDs

Although not new, universal IDs are becoming much more common in the business now that we are approaching a future without third-party cookies.

A universal ID is a unique identifier that enables AdTech companies to recognize users across various websites and devices. The IDs are created using deterministic and/or probabilistic data and are often stored in first-party cookies.

Compared to third-party cookies, universal IDs use probabilistic data, deterministic data, or both.

• Probabilistic data examples: IP address, browser type and model, and user-agent string.
• Deterministic data examples: email address, phone number.

Universal IDs can function within a single environment, such as web browsers, or across multiple environments, like web browsers and mobile devices. In the latter case, device graphs are utilized to correlate IDs generated in web browsers with those from other devices, such as mobile IDs in smartphones.

With universal IDs, companies can use the data they collect with user consent and still deliver targeted ads.

IDs in In-App Mobile Advertising

As we outlined above, web browsers use IDs stored in cookies to identify individuals across different websites. This is applicable to web browsers on mobile devices like smartphones and tablets, but when it comes to identifying individual users across different mobile apps, companies use the device’s mobile ID.

When ad requests are sent from native apps on smartphones and tablets, the device ID is passed in the bid request. Unlike web cookies, mobile device IDs aren’t deleted nearly as frequently, meaning they’re more reliable to act as a persistent ID.

Apple and Google have both developed unique device identifiers to facilitate advertising while also grappling with user privacy concerns.

Apple’s Identifier for Advertisers (IDFA) is a random device ID assigned to each Apple device. This ID allows advertisers to track user activity and measure ad performance across apps.

However, with the introduction of iOS 14.5, Apple significantly bolstered user privacy through its App Tracking Transparency (ATT) framework. This framework mandates that third-party apps must obtain explicit user consent before accessing the IDFA and tracking their activity within Apple’s ecosystem.

Similarly, Google created the Google Advertising ID (GAID) in 2014.

GAID functions as a unique identifier for Android devices, enabling advertisers and app developers to analyze ad performance and user interactions, similar to cookies on web browsers. 

To further enhance user privacy, Google is planning to kill GAID and move towards the Privacy Sandbox on Android, a new initiative aimed at maintaining user privacy while still supporting targeted advertising.

Within the complex solution, processes that are powered by the use of GAID will be take over by special APIs:

• The SDK Runtime for sandboxing SDKs
• The Topics API for targeting ads
• The Protected Audiences API (formerly FLEDGE) for audiences and remarketing 
• The Attribution Reporting API for attribution reporting

The bottom line: Third-party cookies will soon stop being used for advertising purposes. Universal IDs are the closest alternative, however, compared to third-party cookies, their scale and reach will be limited.

3. The Walled Gardens

Behind the display ads of the Internet, a war is waging between the walled gardens of the online advertising world (Google, Apple, Meta, Amazon; GAMA) and hundreds of independent AdTech vendors for the lion’s share of advertising budgets. 

The walled gardens of AdTech (GAMA) will capture almost two-thirds of US digital advertising ad spend in 2024.

Other contenders vying for control of advertising budgets are the walled gardens that have emerged in recent years, such as CTV and retail media companies. Owning a vast amount of data gives them an advantage in the battle for ad dollars.

But what does this have to do with identity?

Put simply, if a company is able to accurately identify users across different websites, browsers, and devices, the more targeted the ads can be. When it comes to walled gardens, whose closed-off systems collect huge amounts of detailed user data, their ability to offer advertisers easy access to their target audiences is somewhat unmatched to independent AdTech. 

The bottom line: Independent AdTech companies need to solve the identity issue to be able to compete with the walled gardens and give advertisers and publishers a strong reason to partner with them. 

How Do the ID Solutions Work?

Traditional identity solutions relied heavily on third-party cookies and device IDs, which faced limitations due to privacy concerns and technical inefficiencies.

Modern universal IDs focus on leveraging first-party data and advanced matching techniques to create persistent and privacy-compliant user identifiers that work across multiple platforms and devices. 

Traditional ID Solutions (Pre-Universal IDs)

Advertisers and publishers use third-party cookies for identity. These tiny data files set by websites track user behavior across multiple sites, target ads, and create user profiles.

Privacy concerns and regulations like GDPR led to a decline in their use. Browsers like Safari and Firefox began blocking them, and Google Chrome plans to phase them out by the end of 2024.

To align cookie-based IDs, AdTech platforms used cookie syncing (described in the section The Problem With Cookies on Desktop Web Browsers). However, as we mentioned earlier, the process was inefficient and caused latency problems due to multiple syncs. Also, as cookie syncing relies heavily on third-party cookies, the process will become obsolete when Chrome shuts down support for third-party cookies.

The third solution within the group of pre-universal IDs is mobile ID. These identifiers include Apple’s IDFA and Google’s GAID. 

To enhance user privacy, Apple introduced its ATT framework and Google will likely shut down support for GAID and introduce Privacy Sandbox for Android.

Modern Universal IDs

In response to the impending end of third-party cookies in all major web browsers, AdTech, data and identity companies have created a modern version of the traditional ID solution, known as universal or alternative (alt) IDs. 

These ID solutions utilize probabilistic and deterministic data, such as email addresses, phone numbers, IP addresses, etc., to generate an ID, which can then be used to: 

• Run behavioral and audience-based targeted advertising campaigns
• Create user profiles
• Run retargeted ad campaigns
• Perform measurement and attribution

Despite its vast possibilities, universal IDs have some pitfalls:

• There are many universal IDs vendors, which causes market fragmentation.
• Universal IDs don’t share one common standard. Instead, each vendor uses its own methods of collecting and processing data.
• More traditional digital advertising activities rely on third-party cookies, whereas universal IDs depend on first-party data to generate IDs. The limited availability of first-party data, such as email addresses, means that universal IDs don’t scale as well as IDs stored in third-party cookies. There’s also the risk that the major web browsers will implement more stringent privacy changes to limit or even block the creation of universal IDs. 

The diagram below illustrates how The Trade Desk’s Universal ID 2.0 (UID 2.0) works:

View the full documentation here.

What Does the Future Hold for ID Solutions in AdTech?

As with every new initiative in AdTech, the adoption of one or more of these ID solutions will be key to driving the success of online advertising for everyone.

Over several years from introducing the very first universal ID till now, proposed solutions have been restructured, some discontinued, and new initiatives like the European Universal ID (EUID) have emerged, — all pointing to and emphasizing the complexity of the identification topic.

Some Universal ID projects, like DigiTrust, were phased out as they couldn’t adapt to new privacy norms. 

Meanwhile, Unified ID 2.0 and RampID evolved to better align with the industry’s needs and regulations, emphasizing transparency and user control.

Google’s ongoing peripeteia with third-party cookies highlights the complexity of balancing user privacy with effective advertising. 

As we’ve seen, Google’s plan to eliminate third-party cookies has faced multiple delays, and launching its Privacy Sandbox initiative relies on the UK’s Competition and Markets Authority (CMA) decision.

Through all of this, the direction of identity in AdTech is somewhat clear: first-party data is increasingly valuable and advertisers, publishers and media companies need to follow that trend.