‍

The writing has been on the wall for so long that the paint is almost coming off, yet nobody is ready. We still see traders using cookie-based DSP settings in cookieless campaigns, agencies scrambling to retrain attribution models, publishers shocked that hashed email solutions have no scale, and ad tech repackaging fingerprinting as a future-proof solution. Some leading advertisers and publishers are getting ahead of the curve, but solutions are yet to be widely adopted.  

‍

Why hasn’t the market found a sustainable solution yet? Some will say that lateness is standard operating procedure, some will blame ‘regulatory confusion’ and some other Google tactics. But for me, the industry’s problem is its refusal to give up interoperability. 

‍

Interoperability is a privacy nightmare 

‍

Interoperability, or the ability of computer systems or software to exchange and make use of information, is what makes the open internet function.¹ But programmatic advertising has applied interoperability to personal data, using online identifiers like third-party cookies, IP addresses, fingerprints and alternative IDs to share information about actions that individuals take online and create detailed consumer profiles.²

‍

Herein lies programmatic advertising’s original privacy sin. To be compliant, the collection and processing of personal data must meet three tests:

‍

• Consent: it must be based on the freely given, specific, informed and unambiguous consent of the data subject.
• Transparency: it must follow the principles of lawfulness, transparency, purpose limitation, data minimisation, storage limitation, integrity and confidentiality, and accountability.
• Control: it must respect the data subject’s data rights, particularly the right of access, the right to rectification, the right to erasure, the right to restrict processing, and the right to data portability. 

‍

Programmatic advertising fails all of these tests because it treats personal data as a liquid commodity, collected from hundreds of sources, accessed by thousands of companies across the globe, easily stored, copied and sold, and stitched together by data brokers with potentially harmful consequences for individuals. In these conditions, consent is no longer freely given, specific, informed and unambiguous. The principles of lawfulness, transparency, purpose limitation, data minimisation, storage limitation, integrity and confidentiality, and accountability cannot be monitored. And data rights become completely unenforceable. As the ICO stated, once data is out of the hands of one party, that party has no way to guarantee that the data will remain subject to appropriate protection and controls. 

‍

Interoperability enables anti-competitive moves

‍

The industry’s insistence on interoperability allows big tech to unironically position itself as the guardians of privacy. Because they do not share data with third parties, walled gardens can more easily meet the consent, transparency and control tests. Compared to programmatic advertising’s obscenely poor privacy performance, big tech looks better even if it collects infinitely more personal data than any other company or government on the planet and is routinely caught in breach of privacy law.  

‍

By extension, interoperability also justifies big tech’s aggressive crack down on tracking and its unambiguous attempts to wipe out an entire industry. A discriminatory measure under competition law becomes a lawful and necessary measure under privacy law, creating a conflict of norms that regulators are struggling to reconcile. Insisting that cookie alternatives must be interoperable is a self-defeating argument that only fuels this regulatory conflict and gets the market closer to obliteration. 

‍

The sooner the industry accepts that personal data cannot be interoperable, the sooner it will steer away from the precipice. Advertising works just as well without interoperable data because, let’s be honest, it has never really worked particularly well with it. Marketing channels will be more fragmented but reach and performance needn’t suffer. There is just about time to find, test and scale privacy-enhancing technologies that can help the industry transition away from cookies and IDs. Failure to do so will strengthen digital monopolies and challenge the financial sustainability of the internet. But this industry has proven time and again that when push comes to shove, it can turn things around and quickly embrace new solutions. Let the mad rush begin.   

‍

1. Interoperability is the principle underpinning standards like the Hypertext Transmission Protocol (HTTP) and the Simple Mail Transfer Protocol (SMTP), for instance.
2. In Europe, personal data is any information that relates to an identified or identifiable living individual. It includes pieces of information that, collected together, can lead to the identification of a particular person, as well as de-identified, encrypted or pseudonymised data that can be used to re-identify a person.