The Privacy-First Ad Technologies to Replace Third-Party Cookies

Ryan Siddle

Managing Director

October 19, 2023 · 29 min read

Legal & ComplianceResearch

Sentiment for business leaders about replacing third-party cookies is negative - 71% of them expect the end of third-party cookies will hurt their businesses.  

As reported by the Reuters Institute at the University of Oxford, multiple Leading practitioners are concerned that the deprecation of third-party cookies will limit advertising functionalities and performance tracking.

“Without third-party cookies] performance advertising or conversion tracking is not going to be possible.”

Without viable alternatives that provide similar functionalities, advertisers feel that they are losing visibility and control to run ads, losing functionalities such as audience segmentation and cross-site tracking.  

“When we think of the term ‘unique visitors’, a lot of that data that relies on the Google platforms is going to change. You won’t be able to target repeat visitors because you won’t know who they are. A lot of browsers are going to look the same, and therefore you won’t be able to understand what is and what isn’t ‘unique’. […] There’s likely to be no or limited attribution on spend or [attributable] return on investment.”

This article presents the existing and proposed technologies that can replace third-party cookies for privacy-first alternatives while keeping most of the functionalities and user experience intact.  

We delve into a variety of existing and upcoming technologies, exploring how they can be harnessed to maintain critical advertising functions such as audience segmentation, cross-site tracking, and conversion tracking. As such, businesses will be able to confidently prepare for a world without third-party cookies, ensuring continued growth in the face of this significant industry transformation. 

Practitioners will learn tangible information about these technologies that will enable them to assess the core functionalities and determine whether the solutions are suitable for their businesses. 

Glossary of Terms

• Publisher/seller - A company or individual that owns and operates a website, app, or other digital platform where content is created and shared with users. Publishers generate revenue by selling ad inventory (ad spaces) on their platforms to advertisers. 
• Advertiser - A company, brand, or individual that purchases ad inventory from publishers to display their promotional messages to a target audience.  
• Ad Exchange - A digital marketplace that enables advertisers, publishers, and ad networks to buy and sell ad inventory in real-time, often using an auction-based pricing model.  
• Ad Network - An intermediary platform that aggregates ad inventory from multiple publishers and sells it to advertisers.  
• Ad Inventory - The total amount of ad space available for sale on a publisher's digital platform (e.g., website, app, video player). Ad inventory can be in various formats, such as display ads, video ads, native ads, or sponsored content. 
• Supply-Side Platform (SSP)- A software platform that enables publishers to manage, sell, and optimise their available ad inventory to multiple demand partners. 
• Demand-Side Platform (DSP) - A software platform that allows advertisers, agencies, and ad networks to manage, purchase, and optimise digital advertising inventory from multiple ad exchanges and SSPs through a single interface. 
• Real-Time Bidding (RTB) - A programmatic advertising technology that enables the buying and selling of individual ad impressions in real-time auctions, usually taking place within milliseconds as a web page loads. 
• Private Marketplace (PMP) - A type of programmatic advertising where an invitation-only marketplace is created by a publisher or group of publishers, allowing select advertisers to bid on their premium ad inventory. 
• Data Management Platform (DMP) - A technology platform that collects, stores, and analyses data from various sources, allowing advertisers and publishers to create audience segments and optimise their targeting strategies. 

Businesses Overrely on Third-Party Cookies 

The deprecation of third-party cookies is not a new idea. Firefox and Safari started blocking them since 2019 and 2020 respectively. The 2024 timeframe is dictated by the deprecation of third-party cookies in Google Chrome, which currently holds 77% of the web browser market share, so it singlehandedly determines the direction of the industry. As part of this, Google has also been working on the Privacy Sandbox, which defines a set of standards for replacing third-party cookies. 

GDPR has had a strong influence on pushing browsers toward third-party cookie deprecation. Under the regulation, browsers can still use them with explicit user consent. But rather than edging on the lines drawn by regulators, Google and other browsers are leaping forward and depreciating third-party cookies altogether. However, this can only be done by offering the market viable alternatives.  

A comprehensive 2023 study from Adobe shows that across the UK, 70% of marketing and customer experience leaders still rely heavily on third-party cookies, and 41% of leaders are spending at least half of their marketing budgets on cookie-based activations – and 59% plan to increase spending on cookie-dependent activations in 2023. 

84% of leaders at cookie-dependent companies say that at least 30% of their potential market is in environments where third-party cookies don’t work, such as social media platforms and Apple devices. 

71% of leaders expect the end of third-party cookies will hurt their businesses. Out of these: 10% said it will “devastate” their businesses, 21% anticipate significant harm, and 39% predict a moderate negative impact. 

Why are businesses still relying on third-party cookies? Despite privacy concerns, third-party cookies have been the go-to technology for digital advertising companies as several value-adding functionalities are hard to replicate with other technologies. Some of these functionalities include: 

• Cross-site user tracking - Third-party cookies enable the tracking of users across multiple websites. This helps build user profiles, which can be used for targeted advertising, analytics, and personalisation. Although other techniques like fingerprinting or local storage can be used for similar purposes, they have limitations in terms of accuracy, user privacy, and compliance with regulations. 
• Frequency capping - Without cookies, tracking and controlling ad exposure is more difficult, potentially leading to a negative user experience and reduced ad efficiency. 
• Attribution and conversion tracking - Third-party cookies help advertisers attribute user actions (like clicks or purchases) to specific ads and campaigns. This helps them measure the effectiveness of their advertising efforts and optimise their strategies accordingly. Other solutions like first-party cookies, pixel tracking, or server-to-server tracking can be used, but they often require more effort to implement and can face limitations in cross-domain tracking. 
• Audience segmentation and targeting – Third-party cookies enable advertisers to segment and target users based on their browsing behaviour, demographics, and interests. While first-party data can be used for targeting, it may not provide the same depth and breadth of information as third-party cookies, especially when it comes to cross-site user profiling. 
• Remarketing/retargeting - Advertisers use third-party cookies to serve ads to users who have previously visited their websites, increasing the chances of conversion. Although alternative solutions like first-party cookies, local storage, or server-side user identification can be used for retargeting, they may not offer the same level of reach and accuracy. 
• Ad relevance and personalisation - Third-party cookies help deliver more relevant and personalised ads to users, improving user experience and ad performance. While contextual targeting and first-party data can be used to personalise ads, they may not achieve the same level of precision and customisation as third-party cookies. 

These functionalities have become the industry standard. Pulling the rug from under third-party cookies will leave a whole gap in the advertising industry. As such, a number of vendors have developed solutions that aim to replicate a similar level of functionalities. 

In the following chapter, we will highlight the latest efforts by developers and standardising bodies to keep as much of the flexibility and visibility of third-party cookies for privacy-first alternatives. 

Privacy-First Alternatives for Serving Advertisements 

Large organisations in the web development space are working with the community, regulators and standardising bodies to re-create third-party cookie functionalities using privacy-first technologies. We explore several of these key developments, which aim to recreate similar capabilities for digital advertisers using a combination of user consent, human-curated advertising interests, modern data architectures, and machine learning. 

Contextual Targeting  

Contextual targeting is an advertising method that selects and serves ads based on the content and context of a web page, rather than relying on individual user data. By analysing page elements such as keywords, topics, and metadata, contextual targeting can deliver relevant ads that match the interests of users visiting the page, without the need for tracking cookies or personally identifiable information (PII). 

Unlike behavioural targeting, which uses third-party cookies to track user behaviour across multiple websites and serve personalised ads based on browsing history, contextual targeting focuses on the context of the web page itself. This approach ensures a higher level of privacy compliance, as it does not require user-level tracking or data collection. 

To maximise the effectiveness of contextual targeting, businesses should optimise their website content and metadata to ensure that it accurately reflects the topics and keywords relevant to their target audience. These can include the following: 

1. Natural language processing techniques to analyse the text and content of a web page, extracting relevant keywords, phrases, and topics to inform ad targeting decisions. 
2. Semantic analysis techniques to understand the meaning and context of the content, enabling more accurate ad placement and reducing the risk of inappropriate or irrelevant ads. 

Contextual targeting may not deliver the same level of personalisation as behavioural targeting, as it relies solely on the context of the web page rather than individual user data. Implementing contextual targeting can be more complex and resource-intensive than relying on third-party cookies, requiring advanced technology and expertise in natural language processing (NLP), semantic analysis, and machine learning. 

Here are two examples of serving ads using contextual targeting: 

• A user visits a popular hiking blog to read an article about the best trails in a national park. The blog provides detailed information about each trail, such as the level of difficulty, scenic views, and required gear for a successful hike. As the user reads the article, a contextual targeting system analyses the content and identifies keywords and topics related to hiking, outdoor activities, and gear. Based on this analysis, the system serves an ad from an outdoor gear retailer promoting a sale on hiking boots, backpacks, and trekking poles. The ad is relevant to the user's interests and the content of the page, increasing the likelihood of user engagement and a potential sale. 
• A user searches for a healthy, vegetarian dinner recipe and lands on a website featuring an extensive collection of vegetarian and vegan recipes. The user clicks on a recipe for a vegetable stir-fry that includes instructions on how to prepare the dish using a wok. While the user is browsing the recipe, a contextual targeting system scans the page content, picking up on keywords and phrases such as "vegetarian," "healthy cooking," and "wok." Based on this analysis, the system serves an ad for a high-quality, non-stick wok from a reputable kitchen appliance brand, along with a limited-time discount code. The ad is contextually relevant to the user's interest in cooking and the recipe they are viewing, making it more likely that the user will consider purchasing the promoted product. 

Privacy Sandbox  

The Privacy Sandbox is an initiative led by Google to create web standards for websites to access user information without compromising privacy. Its core purpose is to facilitate online advertising without third-party cookies. The Privacy Sandbox proposals are under ongoing development, with components at various completion stages.  The proposals are based on input from developers, publishers, marketers, and regulators via forums like the W3C.  

Privacy Sandbox APIs are scheduled to be launched and generally available in Chrome by Q3 2023. As developers adopt these APIs, Google will begin phasing out third-party cookies in Chrome in the second half of 2024.  

The technologies developed by the Privacy Sandbox cover all AdTech areas impacted by the cookie phase-out. These include: 

• Targeting and interest-based ad selection- achieved via Topics API 
• Retargeting – achieved via Protected Audience API 
• Measurement - achieved via Attributes 

Topics API  

Topics are recognisable categories that the browser infers based on visited pages. With Topics, the visited sites visited are no longer shared across the web, as they might have been with third-party cookies. A topic in the Topics API is a subject a user is interested in as evidenced by the websites they visit. 

Topics are a signal to help AdTech platforms select relevant ads. Unlike third-party cookies, this information is shared without revealing further information about the user themself or the user's browsing activity. The Topics API allows third parties, such as ad tech platforms, to observe and then access topics of interest to a user. For example, the API might suggest the topic "Fiber & Textile Arts" for a user who visits a relevant website. 

The topics taxonomy is constructed to support interest-based advertising and keep users safe and protect their privacy.  The initial taxonomy for the web version of Topics includes around 350 topics across categories such as "Arts & Entertainment," "Home & Garden," and "Travel & Transportation."  

Topics are inferred by Chrome, using a classifier model that maps site hostnames to topics. Topics are manually curated for 10,000 top domains, and this curation is used to train the website classifier algorithm.  

The API infers topics for a site from a classifier model that maps website hostnames to zero or more topics. Only sites that include code that calls the Topics API are included in the browsing history eligible for topic frequency calculations, and API callers only receive topics they've observed. In other words, sites are not eligible for topic frequency calculations without the site or an embedded service calling the API. 

The top five topics are selected based on frequency. That is, the browser selects the five topics that appeared most frequently in a user's browsing history for a given week. The list of topics used by the Topics API is public, human-curated, human-readable, and designed to avoid sensitive categories.  

A Topics API caller is the entity that observes and requests topics. Typically, this caller is a third party (such as an ad tech) who uses the topics returned by this method to help select relevant ads. The browser determines the caller from the origin of the request. If Site A requests topics from their code in an iframe hosted on Site B, the browser determines the caller is Site A.  

How the API decides which callers see which topics 

API callers only receive topics they've recently observed, and the topics for a user are refreshed once each epoch. That means the API provides a rolling window in which a given caller may receive certain topics. 

At the end of the epoch, the Topics API generates the browser's top topics for the week. 

• adtech1.example is now eligible to receive the "Fitness" and "Crafts" topics, since it observed them on yoga.example and also on knitting.example. 
• adtech1.example is not eligible to receive the "Travel & Transportation" topic for this user as it is not present on any sites the user visited recently that are associated with that topic. 
• adtech2.example has seen the "Fitness" and "Travel & Transportation" topics, but has not seen the "Crafts" topic. 

The user visited diy-clothing.example, which has the "Fashion & Style" topic, but there were no calls to the Topics API on that site. At this point, this means the "Fashion & Style" topic would not be returned by the API for any caller. 

Protected Audience API (previously known as FLEDGE) 

The Protected Audience API is a Privacy Sandbox proposal to serve remarketing and custom audience use cases, designed so third parties cannot track user browsing behaviour across sites.   

As a user moves across the web, the sites of advertisers that were visited can inform the user’s browser that they would like a chance to show the user ads in the future. They can also directly share information with the user’s browser including the specific ads they'd like to show and how much they'd be willing to pay to show the user an ad. Then, when the user visits a website with ad space, an algorithm in the user’s browser helps inform what ad might appear. The API enables on-device auctions by the browser, to choose relevant ads from websites the user has previously visited. 

Understanding user interests can enable more relevant ads than simply choosing ads based on site content (contextual targeting) or by using information that the user provided to the site on which the ad appears (first-party data targeting). 

The Protected Audience API experiment aims to move the web platform closer to a state where the user's browser, on their device—not the advertiser or ad tech platforms—holds information about what that person is interested in. 

The Protected Audience API uses interest groups to enable sites to display ads that are relevant to their users. For example, when a user visits a website that wants to advertise its products, an interest group owner (such as a demand side platform or DSP working for the site) can ask the user's browser to add membership for the interest group. The group owner (in this example, the DSP) does this by calling a JavaScript function. If the call is successful, the browser records: 

• The name of the interest group: for example, 'custom-bikes'. 
• The owner of the interest group: for example, 'https://dsp.example'. 
• Interest group configuration information to enable the browser to access bidding code, ad code, and realtime data, if the group's owner is invited to bid in an online ad auction. This information can be updated later by the interest group owner. 

Later, when the user visits a site that sells ad space, the ad space seller (most likely the site's SSP, or the site itself) can use Protected Audience API to run an ad auction to select the most appropriate ads to display to the user. The seller calls a function which provides a list of interest group owners who are invited to bid. 

Bidding code is retrieved from the URL provided in the configuration information for the interest group. This code is passed data about the interest group and information from the seller, along with contextual data about the page and from the browser. 

When the browser calls the function to run the ad auction, each buyer's code generates a bid with the help of real-time data provided by their Protected Audience API Key/Value service. Then, the seller receives these bids as well as seller-owned real-time data and scores each bid. The bid with the highest score wins the auction. 

The winning ad is displayed in a fenced frame. The ad creative's URL is specified in the bid, and the origin must match one in the list provided by the interest group's configuration. 

Attribution Reporting API 

The Attribution Reporting API enables measures ad conversions in a privacy-preserving way, without third-party cookies. The API enables advertisers and ad tech providers to measure conversions in the following cases: 

• Ad clicks and views. 
• Ads in a third-party iframe, such as ads on a publisher site that uses a third-party ad tech provider. 
• Ads in a first-party context, such as ads on a social network or a search engine results page, or a publisher serving their own ads. 

The Attribution Reporting API gives access to different types of insights via two types of reports that can be sent to an advertiser or a third-party ad tech provider. These two types of reports can be used simultaneously and are complementary. 

Event-level reports associate a particular ad click or view (on the ad side) with data on the conversion side. To preserve user privacy by preventing the joining of user identity across sites, conversion-side data is very limited, and the data is noised (meaning that for a small percentage of cases, random data is sent instead of real reports). Entry-level reports are suited for: 

• Optimisation - These reports can be used to optimise for ad placement, since a unique ID for the ad side can be made available in the reports. Event-level reports can provide training data for machine learning models. 
• Coarse reporting - where very little information is needed about the conversion. The current limitation is 3 bits of conversion data for clicks ⏤ this means a conversion can be assigned one of eight categories ⏤ and 1 bit for views. Encoding of granular conversion-side data, such as a specific price or conversion time is not supported in event-level reports. 
• Fraud detection - The data in some reports can be useful for ad fraud detection and analysis, by allowing users to understand patterns that can be used to identify spammy or invalid activity. 

Summary reports are not tied to a specific event on the ad side. These reports provide richer, higher-fidelity conversion data than event-level reports. Summary reports offer more detailed conversion data and more flexibility for joining click/view data and conversion data. Summary reports are best suited for reporting use cases. These reports provide details on metrics such as return on investment. 

Project Rearc  

Project Rearc is a global initiative led by the Interactive Advertising Bureau (IAB) and its subsidiaries, which aims to develop privacy-preserving alternatives for user tracking and targeting without third-party cookies. It was launched in 2020 in response to the deprecation of third-party cookies and other identifiers.  

The project is a call for stakeholders across the digital supply chain to ‘re-architect’ digital advertising and build systems and standards that preserve addressability with consumer privacy and security. This taskforce brings together over 800 business, policy and technology specialists from across the world, from 487 companies, who represent various components of the digital supply chain. 

Under Project Rearc, IAB has created guidelines and frameworks that enable businesses to deliver targeted ads, measure campaign performance, and attribute conversions without relying on third-party cookies or compromising user privacy. Out of these, a notable example is Seler-Defined Audiences (SDA). 

Seller-Defined Audiences 

SDA is the first addressability specification incubated within Project Rearc after initially being proposed to the industry in March 2021. The SDA specification allows publishers, data management platforms (DMPs) and data providers to scale first-party data responsibly and reliably without data leakage or reliance on deprecated IDs and/or new, untested technologies.  

It leverages Prebid infrastructure – the open-source header bidding solution – which provides out-of-the-box scale and speed to market across Prebid’s install base.   

SDA works as follows: publishers or their data partners determine audience attributes based on user interactions on their properties, map similar groups of users to broad, standardised taxonomy attribute descriptions, document audience characteristics/metadata via a standardised transparency schema, then relay taxonomy IDs within OpenRTB to inform downstream signalling by buyers.  

SDA allows individual publishers to develop and scale anonymised first-party data sets instead of relying on external systems that aggregate and normalise audience data points across publisher domains.  

Buyers also benefit from SDA in several ways. Notably, SDA streamlines private marketplace-like implementations by removing the need for manual deal-ID creation. It can also more efficiently train DSP machine learning systems – via the rich set of DTS metadata available via API – to learn over time which cohorts generate the best marketing outcomes and optimise and reward publishers accordingly.  

Key benefits include: 

• Can be used for inventory across all browsers, apps, and OTT/CTV environments 
• Does not rely on cookies/mobile IDs; or new, untested browser technology 
• Protects against publisher data leakage 
• Replicates private marketplace-like performance without having to rely on manual deal-ID creation 
• Already broadly adopted and integrated across Prebid.org install base 
• De-commoditises publisher data and facilitates competition based on underlying quality components 

Unified ID 2.0  

Unified ID 2.0 is a framework that enables deterministic identity for advertising opportunities on the open internet for many participants across the advertising ecosystem. The UID2 framework enables logged-in experiences from publisher websites, and mobile apps to monetise through programmatic workflows. Built as an open-source, standalone solution with its own unique namespace, the framework offers the user transparency and privacy controls designed to meet local market requirements. 

It works as follows: when a user visits a publisher’s website for the first time, it is asked to consent to their personally identifiable information being used. The publisher must be transparent about the proposed value exchange—for example, PII in exchange for access to content. Once the user agrees, they must sign in using their email address. It is at this point that the user can modify their privacy settings. 

The publisher/app developer sends the PII and privacy settings to a Unified ID 2.0 (UID2) operator.  The operator hashes and salts the information using an encryption key from the UID2 administrator. The publisher will then receive the encrypted information as a UID2 token, which it will share with its SSP.  

The SSP sends the token in the bid stream data for use during real-time bidding (RTB), while an ad exchange or data provider shares the token with a demand-side platforms (DSP). The token is also stored on the user’s browser as a first-party cookie. No PII is shared in the bid stream. 

Once the DSP receives a bid request with a UID2 token, it will decrypt it to uncover the raw UID2 so that it can place a bid. The DSP will use decryption keys from the UID2 administrator. 

Key elements of the UID2 framework infrastructure consist of UID2 Identifier Types, Components, and Participants. 

UID2 Identifier Types 

• Raw UID2 - An unencrypted alphanumeric identifier created through the UID2 APIs or SDKs with the user's verifiable personal data, such as a hashed or unhashed email address or a phone number, as input. 
• UID2 Token (Advertising Token) - An encrypted form of a raw UID2. UID2 tokens are generated from hashed or unhashed email addresses or phone numbers that are converted to raw UID2s and then encrypted to ensure protection in the bid stream. UID2 tokens are designed to be used by publishers or publisher service providers. Supply-side platforms (SSPs) pass UID2 tokens in the bid stream and DSPs decrypt them at bid request time. 

Components 

The UID2 framework consists of the following components, all of which are currently managed by The Trade Desk. 

• Core Service - A centralised service that manages access to salts, encryption keys, and other relevant data in the UID2 ecosystem. 
• Operator Service - A service that enables the management and storage of encryption keys and salts from the UID2 Core Service, hashing of users' personal data, encryption of raw UID2s, and decryption of UID2 tokens.  
• Opt-Out Service - A global service that manages and stores user opt-out requests and disseminates them to publishers, operator service instances, and DSPs. 
• Transparency and Control Portal - A user-facing website, https://transparentadvertising.org, that allows consumers to opt out of UID2 at any time. 

Participants 

These are the key participants and their roles in the UID2 workflows. 

• Core Administrator - An organisation (currently, The Trade Desk) that manages the UID2 Core Service and other components. For example, it distributes encryption keys and salts to UID2 operators and sends user opt-out requests to operators and DSPs. 
• Operators - Organisations that run the Operator Service (via the UID2 APIs). Operators receive and store encryption keys and salts from the UID2 Core Service, salt and hash personal data to return UID2 tokens, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys. 
• DSPs - DSPs integrate with the UID2 system to receive UID2s from advertisers (as first-party data) and third-party data providers (as third-party data) and leverage them to inform bidding on UID2s in the bid stream. 
• Data Providers - Organisations that collect user data and push it to DSPs—for example, advertisers, identity graph providers, and third-party data providers. 
• Advertisers - Organisations that buy impressions across a range of publisher sites and use DSPs to decide which ad impressions to purchase and how much to bid on them. 
• Publishers - Organisations that propagate UID2 tokens to the bid stream via SSPs—for example, identity providers, publishers, and SSO providers. Publishers can choose to work with an SSO provider or an independent ID provider that is interoperable with UID2. Independent ID providers can handle the UID2 integration on behalf of publishers. 
• Consumers - Users who engage with publishers or their identity providers. Consumers can opt out of UID2 in the Transparency and Control Portal. 

Authenticated Traffic Solution  

The Authenticated Traffic Solution (ATS) is a privacy-first, PII-authentication solution that improves programmatic addressability across the open web. ATS provides a persistent people-based identifier throughout the programmatic supply chain, starting at the inventory source. 

The ATS API and associated client-side JavaScript libraries provide publishers and supply-side partners with the ability to safely resolve PII touchpoints to encrypted, pseudonymous Identity Envelopes for subsequent activations by Server-Side Platforms (SSPs) and exchanges. Identity resolution is processed in secure, server-to-server environments. 

LiveRamp, a leading data connectivity platform, has developed the Authenticated Traffic Solution (ATS) to help businesses maintain addressable advertising in a privacy-centric manner.  

Authenticated Traffic Solution (ATS) is a privacy-first advertising solution developed by LiveRamp that enables advertisers and publishers to deliver targeted ads, measure campaign performance, and attribute conversions without relying on third-party cookies. By leveraging first-party data and user-consented identity information, ATS provides a privacy-compliant alternative for addressable advertising. 

ATS works by: 

1. Identity resolution: ATS uses LiveRamp's IdentityLink, a deterministic identity resolution technology that connects first-party data from publishers and advertisers to create a pseudonymous, privacy-safe identifier for each user. 
2. User consent: ATS requires users to provide explicit consent for the use of their identity information, ensuring compliance with privacy regulations such as GDPR and CCPA. 
3. Data onboarding and activation: LiveRamp's platform securely connects and activates first-party data across the advertising ecosystem, enabling targeted ad delivery, measurement, and attribution. 

LiveRamp's Authenticated Traffic Solution offers a privacy-first approach to support use cases such as: 

• Addressability and targeting - ATS enables advertisers to maintain addressable advertising by connecting first-party data and user-consented identity information across the advertising ecosystem. This allows businesses to deliver personalised ads, measure campaign performance, and attribute conversions, even in the absence of third-party cookies. 
• User experience and transparency - Requiring user consent for the use of identity information promotes transparency and trust between consumers, publishers, and advertisers. This not only ensures compliance with privacy regulations but also contributes to an improved user experience, as users have greater control over their personal data. 
• Increased publisher revenue - ATS can help publishers increase their revenue by offering advertisers a privacy-centric solution for addressable advertising. By leveraging first-party data and user-consented identity information, publishers can provide a valuable advertising inventory that complies with privacy regulations and delivers personalised ads to users. 

A Forrester Total Economic Impact™ (TEI) study, commissioned by LiveRamp, found advertisers who use LiveRamp’s ATS can achieve 343% ROI over three years with payback within only six months of initial investment. 

LiveRamp's Authenticated Traffic Solution presents a viable alternative for businesses navigating the post-cookie digital advertising landscape. By leveraging user-consented identity information and first-party data, ATS enables advertisers and publishers to maintain addressable advertising in a privacy-compliant manner. Adopting privacy-centric solutions like ATS will be essential for businesses seeking to maintain effective advertising strategies while respecting user privacy and adhering to evolving regulations. 

Data Clean Rooms 

A data clean room is a secure environment that allows multiple companies to bring data together for joint analysis under defined guidelines and restrictions. 

Data clean rooms enable businesses to securely share and analyse data with partners and third-party vendors without exposing raw data or violating user privacy. This allows cross-platform attribution and audience overlap, without relying on third-party cookies. Data Clean rooms are offered by vendors such as Google, Facebook, and Adobe. 

A data clean room provides aggregated and anonymised user information to protect user privacy, while providing advertisers with non-personally identifiable information to target a specific demographic and for audience measurement. 

Data Clean Rooms can either take a monolithic or distributed approach. Monolithic data clean rooms have all data stored in a single physical location, limiting how the data can be shared. Distributed data clean rooms are cloud-based solutions and eliminate the need to move data from one location to another. This allows each partner to control its own data while enabling governed analytics with other partners, or even with multiple other partners, simultaneously. 

The content provider, which holds first-person user information, uploads data to the data clean room. That data comes from different systems, including ecommerce, logging and customer relationship management. The user data is encrypted on its route from the provider to the data clean room, where it's anonymised and aggregated into user and demographic groups. The transmitted data remains encrypted, making it impossible for anyone in the data clean room to access PII. 

Approved partners and advertisers are granted access to the anonymised data by the content provider. Approved providers can access data as a continuous data feed or in the data clean room platform. The protected data can be used by partners and advertisers for data analytics for audience measurement and engagement. 

• Trend data - gaining visibility into trends across groups of users, demographic and industry segments. 
• User segmentation - advertisers and marketers can build customised audience groups for better user segmentation. 
• Data analytics - to analyse aggregated data to better understand user behaviour and activity. 

Among the major data clean room providers are large networks, including Google and Facebook. A key challenge with those providers is that they can be limited to only providing aggregated user information for their own platforms, an approach known as a walled garden approach. With the single platform approach, it's generally not possible to combine data from one data clean room platform with another. 

As an example, NBCUniversal leverages Snowflake to power their Audience Insights Hub, which is a cross-cloud data clean room environment that allows data interoperability between NBCUniversal and its advertising ecosystem partners.  

Going Privacy-First with Merj 

Specialising in data engineering and marketing data, Merj can help your business smoothly transition to a privacy-first technology stack by the time third-party cookies will be deprecating, minimising disruption to your business and identifying improvement opportunities. 

Our team of developers and researchers can complement your development and marketing teams with deep knowledge on products and technologies.  

We can help you build or rebuild a range of value-adding services on top of new privacy-first advertising technologies, including: 

• Reimagining and redeveloping webpage personalisation in a cookieless environment 
• Detecting vulnerabilities in new advertising platforms such as data leaks 
• Compliant data collection, processing and storage 
• Analytics, reporting and visualisation of multiple data sources 
• Supply chain legislation compliance 

To find out how Merj can help your business navigate the transition to a cookieless future, contact us today.