Weekly Roundup: IAB Tech Lab’s Plan to Replace Cookies, Complaint Against Google, and More.

IAB Tech Lab Weighs in to Solve Cookie Problems

It is apparent that any browser has to block third-party cookies sooner or later. As we rely on cookies to assess the effectiveness of online ads, the whole industry is struggling to come up with a privacy-safe standard. 

At the end of last month, we’ve discussed Google’s attempt to create a cookieless web advertising. While the specifics are far from complete, Google’s standard hinted that browsers will have to generate an id that identifies not the user, but the group (or cohort) the user has been part of. 

Last week, IAB Tech Lab, the industry’s consortium proposed a new digital token to run targeted ads in a cookieless era. Let’s get into the specifics.

– User Token:

If you’ve heard about cookie syncing, you know that multiple ad tech vendors generate their own cookie ids to recognize a user and serve personalized ads. To put it simply, a user will have hundreds of ids (proportional to the number of companies) and there’s no consistent and easy way to broadcast users’ consents to all of them. 

In fact, today’s consent management platforms drew criticism from privacy advocates and data regulators – mainly because of the complexities involved in getting informed and legitimate consent from the user. 

IAB’s Lab argues a unique token – controlled solely by the end-user – can be accessed and used to serve ads. The token has the user’s privacy setting and preferences. At this point, browsers seem to play a vital role in helping the users to set preferences and create tokens. But the proposal is yet to detail the background. 

“We’re calling for a centralized mechanism so that you can convey your preferences and all parties…can respect those preferences”

– Jordan Mitchell, Senior Vice President of Membership and Operations at IAB Tech Lab.

 – Approved Vendors:

The proposal restricts the token access to only the “good actors” – those who’ve demonstrated their compliance with users’ preferences. So, users can be assured that their preferences are respected. 

– Standardized Container for Ad Delivery:

Besides, Tech Lab suggests having a standardized container (for ads) that can limit the execution of client-side code to prevent privacy and performance. 

Takeaway:

As you could see, the proposal is to develop a framework, not the framework itself. Though it looks like a win-win for consumers and technology providers, it still has a lot of unanswered questions.

“Just as we have standardized telephone numbers and addresses, to which we as consumers may attach our preferences, we need a neutral, standardized online identifier to which we attach our privacy preferences.”

Especially, with the browsers controlling the tokens (technically), Google – yet again – stands to gain an advantage over the rest. That being said, it’s too soon to have a conclusion. We’ll keep you posted. 

Brave: Google’s GDPR Workaround Leaks Personal Data

Google has been rescheduling its integration with IAB’s Transparency and Consent Framework for over a year. Why? 

Google cited that the framework may not be compliant with GDPR. In other words, the company wouldn’t like to trigger yet another probe on its advertising wing – from the data regulators. But the latest research by Brave claims that Google’s consent architecture leaks personal data to unauthorized third-parties.

Push Pages:

As per the research, Google is creating push pages – iframe pages – that fires whenever a user visits a web page containing Google’s ad products. Push pages are then used to allow Google partners to sync cookies. The whole process is part of Google’s Cookie Match Assist feature, which is designed to allow participating ad exchanges to match a Google User ID with their cookies. 

As AdExchanger reports, using iframes to match cookies isn’t new. 

Where things went wrong, then?

Johnny Ryan, Brave’s Chief Privacy Officer claims that Google’s so-called push pages enable other parties to create their own iframe pages. Once any exchange, for instance, OpenX creates its own “URL redirect (push page)”, it can call its own data partners to sync Google’s ID data. In essence, Google wouldn’t able to control what other partners can/can’t do with the data.

Now, comes the important question. What kind of data is being transferred here? Iframes aren’t transferring any cookie data, just the time and location. But as Google’s push pages are appended by almost 2000 characters unique to each user (“identifier”), third-parties can identify users with the help of other cookies supplied by Google.

Besides, companies accessing Google’s Push Page can cross-reference the profiles of the user with each other – as Google supplies the same identifier to all the parties. 

Takeaway:

While it sounds like a usual cookie syncing process, Brave proposes that Google has been violating GDPR law as it leaks personal data to unauthorized parties via its push pages. What did Google say? 

“We do not serve personalized ads or send bid requests to bidders without user consent”.

The findings here adds up to the compliant against RTB in general. It is referred as “the new evidence” in Brave’s blogpost.  

Impact of Google’s First-price Auction on Header Bidding Partners

Everyone in the industry agrees that the shift to the first-price auction will have a positive impact on publishers’ ad revenues and over a period of time, the lift tends to saturate as DSPs would get better at predicting the clearing price (thanks to bid shading and optimization algorithms). 

Google announced its ad server (now called, Google Ad Manager) will be running a unified first-price auction soon. And, last week, Jason Bigler, Director of Product Management at Google, shared the test results of Google’s first-price auction in a blog post.  

Here are the highlights:

– As expected, the first-price auction helped header bidding partners to win more impressions. And, Google buyers didn’t see any significant change in the won impressions. 

“In addition, we found evidence that first price auctions have created a more competitive market, resulting in third parties (Demand Side Platforms and Ad Networks outside of Google) and indirect line items (like those from Header Bidding implementations) winning an increased share of impressions.”

Why?

Google has no last look advantage anymore, as it is a true unified auction. 

– Bid Data Transfer File:

Google will also start providing full bid landscape data through the Bid Data Transfer file. With this data transfer file, the publisher can understand the range of bids, the number of bids received across dimensions like ad unit and buyer. It can help you to evaluate the value of your inventory and tweak your programmatic offerings accordingly. Note that you can’t tie it to the users as you won’t be able to join this file with any other Ad Manager data transfer files. 

– Buyers, on the other hand, will get to know the minimum price to win an auction after the auction closes. This, in turn, helps them to win more impressions in the subsequent auctions. 

MRC Finalizes 100% Video Ad Viewability Standard

It’s been more than a year since we mentioned the MRC’s call for research on 100% ad viewability standard and duration weighing. Last week, MRC released its final version of its ‘Cross-platform Audience Measurement Standard’ and it is ready to hit the shed.

We’ll give you a quick overview:

– The most important takeaway from the standard is the threshold for video ad viewability. Now, the minimum threshold has been increased to 100% of pixels in-view for at least two seconds from 50% of the pixels in view. This is regardless of the environment in question – whether it is a digital video or linear TV. 

– Measurement providers are now required to dedupe impressions, filter for both sophisticated and invalid traffic and need to report on the state of audio (on or off while playing) if they’re able to. 

– The duration weighing standard isn’t coming to practice until 2021. The consortium acknowledged that it isn’t enough to have the same duration weighing number for all the video ads. For instance, a 6-sec video ad that has been viewed for 3-sec can’t have the same impact as the 60-sec video ad viewed for the 3-sec. So, buyers demanded flexibility, when it comes to duration weighing. 

Moments that matter

“A key feature being added to Xandr Monetize is the ability for publishers to sell OTT inventory programmatically via header bidding. Buyers will be able to compete for OTT video ads and outbid direct buyers for the first time,” from Xandr Monetize Replaces The AppNexus SSP And Adds OTT Header Bidding, AdExchanger. 

“UK desktop ad viewability has hit a fresh high according to the latest Integral Ad Science Media Quality Report, which showed that desktop viewability reached 70.9% over the first half – a rise of 7.5% year-on-year,” from UK desktop ad viewability now exceeds 70%, The Drum.

“Media partners know that attribution is fundamentally a correlation game, not a causality game. And they have become skilled at rigging it,” from Lower Ad Fraud Will Be Achieved Once Increased Incrementality Takes Place, AdWeek.

“Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default” from Firefox 69 is out: Flash squeezed out, tracking protection on by default, ZDNet.