Digital privacy continues to be among the most important medium-term trends in digital advertising. Technical and browser-based restrictions, and regulatory changes, sit at the center of this discussion. Both of these areas saw material evolution this past week.
The top two browsers by a meaningful measure are Chrome (63%) and Safari (15%). Firefox is the third, and has less than 5% share. As a result, the privacy stances of Chrome and Safari are, by and large, what matters. They have taken markedly different stances, though still with an overall increased privacy disposition.
Google released a study this week showing that when all else is held constant, monetization drops 52% when there aren't cookies. In turn, the company is moving in a direction that would preserve programmatic monetization at roughly its current level while adding certain privacy features. This includes, announcing this week, a "privacy sandbox" aimed at limiting the amount of personal information that is exposed while creating some targetability (e.g. creating less deterministic ways of identifying users, but which still allow some less-granular targeting). Similarly, Google this week released for comment a number of potential UX options for discussing privacy with users at the browser level. These are all preliminary steps in a direction that may create more control over privacy while allowing publishers to continue to monetize.
On the other end of the spectrum, Safari this week posted its official tracking prevention policy. While it was broadly understood that Safari wanted to block tracking, this codified their position. The document states "WebKit will do its best to prevent all ... cross-site tracking" without exceptions. It acknowledges that "unintended impacts" can include "funding websites using targeted or personalized advertising" as well as "measuring the effectiveness of advertising." Safari has implemented a broad privacy hammer regardless of the impact, and doesn't seem particularly interested in the downstream impacts beyond acknowledging they exist.
From a regulatory perspective, as previously discussed, the IAB's previous Transparency and Consent Framework (TCF) was increasingly believed to be incompatible with the way GDPR was going to be enforced. As a result, the IAB has been iterating on a revised framework. The second version was announced this week — and Google is going to be joining. The revised TCF includes standardized messaging templates for consumers as well as significantly more granularity to communicate user privacy preferences. Unlike Apple, the entities enforcing the GDPR are sympathetic to the considerations of publisher monetization. It remains to be seen if the new TCF complies sufficiently with the spirit of the GDPR that it will be allowed, but it does at least appear to be an effort moving in the right direction.
All of this is to say that privacy is among the most actively changing areas in the digital advertising ecosystem. Further, nobody knows where in particular the move towards privacy will net out. It's clear that the "anything goes" attitude will be increasingly untenable, but the final amount of user data that is tolerated and how it will be used broadly across the industry is unknown. As a company, the place to be is building a company that does not rely directly on user data and instead focuses on the best way to monetize in a world where consumers have choices about which content they consume, where and how.