Privacy and the Tale of the Slowly Boiling Frog

Are we all going to be frogs in boiling water?

I’m sure you know the fable: if a frog is put suddenly into boiling water, it will jump out. But if the frog is put in tepid water, which is then slowly brought to a boil, the frog won’t perceive the danger and will be cooked to death.

Awful, yes. But I think the frog’s lack of awareness of its impending demise is an interesting metaphor for what we’ve been experiencing for the last few years in digital advertising. 

The gradual increase in privacy regulations coupled with the progressive deprecation of third-party digital IDs are slowly tearing at the foundation that supports $600 billion in digital marketing, media and advertising spend. The question I have as we kick off 2024 is whether Google’s pulling the plug on one percent of Chrome cookies turns up the heat fast enough for all of us to finally jump. 

As of this writing, Google plans to begin its long-awaited deprecation of third-party Chrome cookies this week. With this change, millions of people will become much harder to reach and measure – and this is just the beginning for Chrome users.

Apple was the first to turn up the heat when, in 2020, Intelligent Tracking Protection removed roughly one billion Safari users from the cookie ecosystem. But Chrome has an estimated 3.22 billion users worldwide, with 55% market share in the US and a whopping 74% in Asia. The temperature is clearly going up.

So, what will happen as we begin to feel the heat of these 32 million people becoming invisible? Will this initial jab from Google be shocking enough to cause us to jump? Will we wait for the threat of the remaining 99% to move beyond the status quo? Or are we going to slowly boil to death from our own inaction?

My prediction is that 2024 will start out landing us all deeper in hot water. I am, however, optimistic that our collective realization of the existential threats to digital content and advertising will change our trajectory. In my view, it’s critical we all recognize the dangers and take action.

Let me explain.

Threat #1: Rational decisions based on short-term goals will result in a consolidation of spend with social platforms at the expense of open web publishers.

Rightfully so, advertisers prefer audience-addressability over other forms of ad targeting. They also need measurement. While our industry has done a lot to reinvent online identity, in the short term, these new-gen IDs lack sufficient scale to be a viable targeting and measurement alternative to cookies. For brands seeking addressable reach, there’s no easier way to find targeted audiences at scale than through social platforms. 

But herein lies a serious problem. With fewer third-party cookies, rational brands will logically seek out the walled garden EZ button for addressable reach. The more brands that behave in this predictable fashion, the more we should anticipate three undesirable outcomes:

1. Advertisers will start to experience a supply-and-demand imbalance across the platforms, creating an insidious climb in CPM rates while platforms increase ad loads to meet increasing buyer demand. The increased ad clutter will result in less advertising engagement and recall, which devalues each impression. In other words, brands will pay more for a lot less.
2. The same supply-and-demand imbalance, exacerbated by the reduced targeting precision of open web publishers, will accelerate the slow demise of premium, professionally produced content. We’ll see more publisher consolidation, and I predict that we’ll lose a few venerable news brands since this group is already facing an existential threat from unnecessarily aggressive brand safety tactics.
3. With fewer open web choices, emboldened social platforms will push up ad rates even more, but by then, advertisers will be locked in the walled gardens. Brands will lose leverage and platforms will become even more profitable. The water will be close to boiling at this point.

Threat #2: Privacy regulation will initially restrict, but ultimately benefit social platforms at the expense of professional publishers. Twelve US states have thus far enacted privacy laws, and at least 16 states have introduced additional bills. Along with a handful of global regulations (most famously, the GDPR), they all give individuals the right to choose who gets access to their personal data (a good thing). Data sharing restrictions are a central tenet of every US and global privacy law.

In 2023, we witnessed some notable regulatory action:

• Meta was fined a whopping $1.7 billion (yes, billion with a “b”) in Europe for the unauthorized transfer of consumer data to the US and an assortment of GDPR violations.
• Microsoft was fined $64M for French DPA violations and $20M by the FCC for COPPA violations.
• Amazon was fined $30M from the FTC  for privacy violations related to Ring and Alexa and $25M for COPPA violations.
• Apple was fined $8M from the French DPA for various privacy violations.

The problem here is that none of these fines will cause sufficient pain (even for Meta, who is appealing) to alter the balance of power. In fact, these regulatory actions compelled these companies to further restrict access to personal data within their walls. 

For advertisers that want to reach consumers on Facebook or within Amazon’s retail media network, for example, the only option is to use these platforms’ proprietary targeting tools and their in-house cleanroom technologies. Because their user base is so immense, brands are happy to do so.

This is not the case across the open web. Very few non-platform publishers have enough scale to attract brands to their proprietary cleanrooms. Without the benefit of these privacy-preserving databases, open web publishers don’t have a lot of wiggle room when it comes to personal data accessibility, even for their largest advertising partners.

The status quo sets us up for a slow boil. But 2024 doesn’t have to end that way if we all take notice. Apple’s one billion users didn’t seem to cause us to break a sweat. But Google’s initial 32 million should. We need to take a step away from our usual behaviors to consider how we can protect every consumer’s fundamental human right to privacy while balancing the commercial interests of the $600 billion digital advertising economy. 2024 needs to be a year when advertisers and publishers engage in deliberate large-scale experimentation – far more than we saw in 2023.  How? We’ve got a lot to do, but I suggest starting with these three things:

1. We need to recalibrate our thinking around targeting and measurement from “individuals” to “groups.” With a mindset shift, we can still get the right ad in front of the right person, but without knowing exactly who. For nearly every targeting and measurement use case, deterministic group-level precision is plenty sufficient.
2. We must embrace privacy-preserving technologies that enable open web addressability, but disable personal data sharing between parties. Distributed identifiers that look like cookies, act like cookies and smell like cookies are, well … cookies. And cookies with a new name cannot be the answer. The private future of digital advertising must cease to rely on distributed personal identifiers.
3. We have to recognize that it will be harder, at least initially, to make open web advertising work without ubiquitous third-party cookies and device IDs. No pain, no gain. We need to endure some discomfort – and work hard to overcome it – if our investments in privacy are to generate sustainable returns.

These first three steps will require some patience and perseverance. But we are an inventive bunch, which is why I’m confident we’ll find solid answers that work for advertisers and open web publishers, large and small. I have a number of ideas, and I’ll write about some of them in the coming weeks and months.

For now, there is no doubt we’re hanging out with a frog in what started off as tepid water. It’s getting hotter and hotter. In my view, it’s time to jump. I’m optimistic you’ll jump with me.