What Is an Identity Strategy?

The upcoming deprecation of the third-party cookie is creating all manner of uncertainty, panic, and confusion across the digital advertising ecosystem.

Targeting, measurement, message personalization, A/B testing, and frequency capping are just some of the things that will be upended once it disappears completely.

While the industry breathes a sigh of relief at Google’s extension of the third-party cookie through to 2023, now is not necessarily the time to be stepping off the gas on planning for a cookieless future. Instead, publishers, marketers, and platforms should be using this extra time to fine-tune an identity strategy that meets their unique business goals and requirements and ensures they won’t be left high and dry when the cookie’s gone for good.

Already, more than 80 proposals and solutions have sprung up as potential replacements to identity-based targeting as we know it, all leveraging different methodologies and approaches to the same challenge. This includes more than ten browser-based proposals, over 50 proprietary or shared IDs, and another 20 or so non-ID frameworks, such as contextual for targeting and panel-based approaches for measurement.

The sheer number of proposed solutions almost guarantees that there will be no single winner and that publishers will need to adopt a multi-point approach to meet the needs of their ad partners. Figuring out what that exact approach needs to be will require serious testing and lots of trial and error.  So how should publishers get started on their journey towards the post-cookie reality — and what does a comprehensive identity strategy look like?

1. Understand the Identity Options and Determine Where to Focus

As mentioned above, there is no shortage of proposed solutions contending for mindspace among buyers and sellers who are evaluating identity alternatives, with new ones being released seemingly every week. It’s important for publishers to understand the broad methodologies and data assets that go into these different solutions to assess which ones will be most suitable for their specific needs.

The most common approaches being discussed today can be bucketed into four main categories: alternative IDs; Google’s browser-based privacy sandbox; publisher first-party data; and contextual tools.

Third-party alternative IDs

Alternative identifiers make up the bulk of solutions in-market today, operating across publishers, browsers, and devices to replicate third-party cookie functionality, but relying on some other data asset to accurately and reliably identify the user. These solutions can be split into two broad approaches:

  • Deterministic: These IDs represent direct user matches, often relying on an email address to enable people-based solutions. User email addresses are hashed — a one-way consistent scrambling — which translates them into anonymized IDs, making them privacy compliant, while still able to be targeted. In addition, consent is still needed, which is usually attached to the sign-in process and stated user preferences. The primary challenge with these IDs will be scale, as they rely on publishers and advertisers securing some form of registered authentication from their first-party audiences.

Examples: Unified ID 2.0 (Prebid.org), RampID (LiveRamp)

  • Probabilistic: By modeling a number of user touchpoints, such as screen size, device type, OS, and so on, probabilistic IDs hope to solve the scale issue by approximating identity without relying on actual first-party data being gathered. As a result, this approach can result in some data inconsistency, not to mention difficulty in trying to connect people across different devices. As some of these solutions rely on fingerprinting, which Google and Apple have already said they won’t tolerate, long-term viability could also be a concern.

Examples: ID5, Panorama ID (Lotame)

Google Privacy Sandbox Solutions

The Privacy Sandbox is Google’s proposed framework to “create web technologies that both protect people’s privacy online and give companies and developers the tools to build thriving digital businesses to keep the web open and accessible.” These initiatives have been developed to replace specific functionality that is currently being handled by the third-party cookies (targeting, attribution, etc.).

Since the original announcement, a number of other ad tech players have also contributed their own proposals (eg. Criteo’s SPARROW, MAGNITE’s PARROT, Microsoft’s PARAKEET), looking to strengthen areas where they feel Google didn’t go far enough or cover terrain where Google chose not to go at all.

The most talked-about of these proposals is FLoC (Federated Learning of Cohorts). Designed to address privacy by eliminating the reliance on cookies altogether, it provides a framework for Google’s Chrome browser to facilitate advertising functionality (audience targeting, conversion tracking, etc) through APIs.

It uses the browser to track the content that a viewer is consuming and, with machine learning, sorts users into similar groups or cohorts based on their interests. This will enable media buyers to target these cohorts, which contain sufficiently large numbers of users to maintain anonymity.

There are still many questions around FLoC, including how compliant it is with current privacy laws, and whether its stage of infancy is a key reason for Google extending the deadline on cookie deprecation. Even more recently, Google indicated that they might be changing their approach again, shifting from cohorts to topic-based categorization.

In principle, these Privacy Sandbox proposals represent a new way of interacting with bid requests — and both DSPs and SSPs will need to spend some time refactoring their platforms to ensure support. But because it’s Google, few players (including publishers) have the option of not participating. Keeping ad dollars from the largest ad tech platform out there requires supporting whatever frameworks they do eventually push forward with.

Publisher first-party data

Publishers can use first-party data that they are able to collect on their owned and operated (O&O) properties to segment and share audiences directly with buyers through a private marketplace (PMP) setup, or even a data clean room. This first-party data could rely on first-party cookies (which aren’t going anywhere) or some other deterministic data point (like email address), or even a first-party content taxonomy that’s unique to the publisher.

Unlike the third-party alternative ID approach discussed above, which uses a cross-publisher framework (thereby allowing some level of cross-site frequency capping and measurement), when publishers go at it alone, leveraging their own first-party data in isolation, the buyer will lose out on some of that reporting intelligence, which may be problematic for some — not to mention scale (again).


Having never been reliant on the third-party cookie, contextual tools are certainly having a resurgence these days. Without requiring any user data, contextual solutions instead focus on the content on the page as a proxy for the user (articles about golf shoes are probably being read by golf enthusiasts, for example).

Signals are either passed directly from the publisher or via third-party technologies, which crawl the pages and apply natural-language-processing (NLP) models to extract their syntax and general themes. The usual categories for contextual are: keywords; pre-determined content category (IAB or otherwise); brand safety / sensitive subject prevention; and interests.

2. Ensure Your SSP Has an Identity Strategy

When it comes to replacing the third-party cookie, publishers should assume buyers will be leveraging all the tools in the toolbox to ensure they can continue to spend in digital confidently and without disruption to core campaign KPIs. As such, SSP partners should also be committed to supporting as many solutions as are market viable.

That includes the various identity alternatives — Unified ID, ID5, RampID, et al — as well as the top proposals making up Google’s Privacy Sandbox — FLoC, FLEDGE, and Turtledove. If an SSP partner doesn’t indicate it will be supporting most of these solutions, the publisher risks losing out on advertiser spend.

While several of the alternative IDs are starting to show up in the bidstream, the numbers remain small, and there is little consensus yet as to which players will be left standing in the coming year, or even months. Nonetheless, an SSP partner will need to support multiple IDs. How they choose these vendors, and how quickly they can support them, will have a direct impact on a publisher’s ability to test early and build out a robust yield strategy ahead of 2023.

To get started, publishers should start asking their SSP partners at least some of the questions below:

  • What alternatives are they planning to support? How are they enabling those solutions?
  • How can they help publishers understand which identity solutions make the most sense for their business?
  • What is their process for testing identity solutions? What are the timelines?
  • What tools are available for publishers to test the efficacy of each solution?

While the creation and storage of user IDs have become more the responsibility of publishers, the uncertainty in choosing the right identity solution remains, mainly because publishers lack a precise way to directly attribute identity signals to advertiser spend. As SSPs are at the intersection between demand and supply, publishers need to ask their SSP how they can help provide them with additional information on the identity signals their biggest advertisers are relying on the most.

3. Develop an Identity Testing Strategy

With so many different solutions out there, it is highly unlikely that a single approach will be sufficient. Advertisers, agencies, and platforms will choose their favorites (and they won’t all be the same), and certain IDs may work better (or be required) in certain circumstances for certain types of buyers or campaigns. All this is to say, publishers (and the ad tech partners they rely on for monetization) will need to support almost as many of these first — and third-party ID solutions as their buyers want to use.

But more identity solutions mean more work, more latency, more cost. At some point, a publisher is sure to reach diminishing returns. They need a way to accurately test and measure the efficacy of various ID approaches in driving better campaign performance and better overall yield.

This requires sorting correlation from causation by isolating the impact of individual partners and determining their incremental value in maximizing yield. To do this in a way that doesn’t quickly become too cumbersome, publishers should look for SSP partners who offer built-in A/B testing tools that allow them to seamlessly swap in and out various IDs in a structured way to evaluate how different solutions or combinations of solutions affect key trading metrics, like bid rate, fill rate, and eCPM, across relevant supply dimensions, like geo, device, format, etc.

4. Seek Out New Opportunities

When it comes to coverage of the third-party cookie going away, the focus has largely skewed toward what we’re losing, rather than the potential opportunities being created to fill the vacuum. While many marketers believe that the loss will make digital advertising less measurable and targetable overall, it does present several opportunities that publishers can take advantage of:

  • First-party data is now more important to both buyers and sellers. Publishers can use their deep understanding of their audiences to create new data, audience, and targeting products, available exclusively through them, for preferred buyers.
  • Publishers can get closer to brands by identifying their largest buyers and looking to deepen these relationships with direct deals and agreements. Once identified, publishers can create clean room setups with the brand partners that matter most – dig in deep with them and create always-on privacy-compliant data-sharing/matching arrangements.
  • All the work being done will also help open up revenue opportunities in browsers that were previously being under-monetized because they had already banned the third-party cookie (Firefox, iOS). Publishers should lean into this, and find partners who can get this inventory to make them money again.
  • Publishers can also get closer to their audiences and understand where the value exchange really is to secure their confidence in their product (as evidenced by the willingness of users to hand over their email or telephone number). Knowing more about what they want/love helps the publisher create more content to feed that experience.

Digital’s measurability is what has enabled it to grow as fast as it has — marketers can prove ROI and double down in the areas that work well. And while measurement and attribution as we know them today will be going away with the third-party cookie, they will most assuredly be replaced with something else. Publishers would be wise to make sure they know just what that something else is and that it works for them, well in advance of when the cookie does disappear for good.