“Today, identity is not owned by the consumer,” IAB Tech Lab SVP Jordan Mitchell told ClickZ. They're proposing a new, non-cookie method for consented identity on the web.
With browsers and privacy regulators increasingly unhappy with third-party cookies, the Interactive Advertising Bureau (IAB) Tech Lab made a pitch this week for a new industry-wide initiative to come up with a different, privacy-compliant way for tracking identity on the web.
In a blog post and in a presentation to the W3C, the Tech Lab called on digital marketers to “rethink the cookie [and] embrace a new paradigm of clear privacy setting and consumer controls tied to a standardized identifier.”
The reason, IAB Tech Lab SVP Jordan Mitchell told ClickZ, is that “today, identity is not owned by the consumer.”
Although the call-to-arms lacks some key specifics, it makes a pitch for a new, non-cookie way of consented identity with several key features:
Mitchell said that, while the Tech Lab is “not suggesting a specific tech,” it is envisioning that any system or tech would be simple, could be implemented fairly quickly and contains privacy preferences.
As for whether the user token would operate as a cross-device identity, Mitchell said he didn’t think the browser-makers support cross device identity.
However, while browsers’ buy-in to a token-based identity system is essential, it’s difficult to envision how a global identity would work without a cross-device unification, given the frequent shuffling between devices by users.
It’s also difficult to see how data providers wouldn’t immediately map each device-based token to each other, so that a single individual profile can be built from matching the same log-in across devices or other methods. Additionally, Mitchell said the token could share the device ID or a shared log-in, which would also assist the cross-device match.
While the token is intended to replace the third-party cookie, he added, it’s not meant as a substitute for a log-in. Although, of course, it could well serve that function.
There would also need to some integration with the IAB Tech Lab’s Consent String, issued during an inventory bid request. In fact, it’s possible that a user token could eventually replace the Consent String, which is just catching hold as part of the IAB’s recent Transparency and Consent Framework.
Mitchell pointed to Google-developed AMP mobile pages as a model for the limitations that could be applied across the digital ad system, particularly with the proposed Ad Container. Like AMP, it could place limits, he said, such as limiting the use of JavaScript, the size of files, or the issuing of third-party requests, where ad/data companies call other ad/data companies.
Mitchell pointed out that this new system would likely replace third-party cookies, but it is not intended to affect first-party cookies. But, he agreed, such a new digital ad universe could help first-party cookies, particularly if it diminishes third-party cookies.
First-party cookies are those code snippets used by sites to track the preferences and behavior of their own visitors and customers and, like any cookie, can only be read by the domain that deposited it. Third-party cookies are ones deposited by outside parties, such as ad exchanges, and can be read by those vendors on many sites.
Earlier this year, Mitchell noted, the Tech Lab’s DigiTrust Working Group had been considering two other paths for non-cookie identity: a shared log-in system, and a device identity system for computers, similar to the IDFA ID for IOS-based mobile apps.
He said that the new user token concept could include the device ID concept, but that shared log-ins are a separate concept that would apply to groups of publishers. Additionally, he pointed out that this user token concept is currently only envisioned for the web, not for mobile apps or newer platforms, like smart TVs or connected cars.
