No Lack of Privacy
Since the earliest days of the internet, the rising concerns about privacy have advanced with increasing force. To be sure, Multi Touch Attribution tried to adapt, but while MTA systems provided a sense of security, the models introduced ambiguities that drastically compromised campaign performance. Today, new innovations in measurement — like advanced Marketing Mix Modeling platforms — are part of a privacy-resilient, holistic methodology that incorporates time-tested techniques and already it powerfully exceeds the old user-tracking playbook.
Today’s MMM is now expected to reshape the advertising ecosystem for years to come.
The Rise of Big Data
For two decades Big Data has been doubling in size every 3 to 4 years. Today over 98% of the world’s information is stored digitally. The rise of Big Data has contributed to significant advances just about . . . everywhere. Data enabled technologies to break down traditional barriers within nations, economies, and between individuals. While regulatory bodies struggled to keep up, data science has set new standards of excellence in almost every field. From healthcare and finance to genetics and environmental studies, the ability to analyze electronic information led to groundbreaking discoveries, more effective decision-making, and a deeper understanding of complex phenomena. Data was hyped as the “new oil,” for a reason: its availability transformed commerce. Entirely new infrastructures and marketplaces arose that reorganized global supply chains. The widespread access to user-level data provided even smaller businesses unprecedented access to consumer insights, as consumer behavior rapidly evolved.
As the proliferation of user data mushroomed, a chorus of concerned, vocal citizens and journalists became louder and more present. First in Europe then in the US, legislators around the world contended with harmful externalities that spurred ethical questions about privacy, individual rights, and the potential effects on their societies, when the actions and personal details of their citizens were continuously recorded and meticulously analyzed.
Big Trouble in e-Paradise
At Netscape in 1994, Lou Montulli invented the “magic cookie” for client MCI. The cookie was an elegant solution for a funky problem: MCI didn’t want to be burdened with storing partial transaction states.
Cookies solved the problem by enabling users’ computers to store the transaction data locally. It proved so useful that competitor Microsoft integrated the third party cookie into Internet Explorer after the cookie design was patented. Unfortunately, no one informed the users that their computers were doing any of this. So when a story broke in the Wall Street Journal in 1995, the first user privacy alarms started to ring.
That the alpha and the omega for user privacy is the third-party cookie (next year cookies will be phased out entirely) is more than a coincidence, it’s a testament to the functional durability of Montulli’s invention. The cookie gave birth to the technologies and businesses that, fueled by user data, grew into an entire digital marketing ecosystem. Not only did they disrupt how marketing was executed, online advertising would overtake traditional advertising by 2017.
From the early days, what followed were multiple privacy and security disasters — whether unauthorized collection of personal information, data breaches or widespread identity theft. These events impacted millions and repeatedly grabbed headlines after about 2005. All of this began to erode public trust and soon the writing was on the wall. The more that networked media became embedded in nearly every facet of daily life, the greater the risk to these new forms of exposure. Debates on ethical data usage soon entered every sphere of public discourse.
At the same time, major tech companies became swept up in a fierce, public competition that drew a red line between privacy rights on one side and various ad platforms’ reliance on user-data on the other.
In 2021, Apple upended the entire ad ecosystem with the release of iOS 14.5. Overnight, the iOS update deployed App Tracking Transparency across every iPhone, forcing third-party apps to get user consent before tracking anyone on an Apple device. Widely seen as a shot at Meta and Google, whatever Tim Cook’s intentions were, the new iOS derailed Apple’s rivals but it also dovetails with his strongly held beliefs. For years prior, Cook consistently took a vocal stance on the fundamental importance of privacy protections as a requirement for a prosperous society. He didn’t even relent to FBI demands that Apple unlock a single iPhone. Undoubtedly, Apple’s customers now view security and privacy as an unbreakable brand promise.
Today, for most consumers, losing control of their personal information is no longer worth the convenience or benefits that online platforms have provided, from faster service to new connections (with friends, family, or dating). Far from it. The growing awareness about online privacy has influenced data vigilance. People now take more proactive maintenance of personal information. Aside from voluntary ‘Do Not Track’ adoption, an increasing number of users have also made their desire for privacy clear by declining cookies whenever they are presented with the option.
Today this has cleared the way for Apple’s iOS 17, which disables URL link IDs for both Meta and Google, further diminishing their tracking services for advertisers. Google, for its part, is phasing out third-party cookies entirely by this time next year.
Welcome to the Privacy Era
The legislative measures passed by the U.S. and EU lay the groundwork for data privacy policy for the next century. The General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA), the American Data Privacy Protection Act (ADPPA) and a wave of state data protection laws enshrine privacy rights. The legislation mandates strict data collection and storage rules for businesses, require explicit terms for consent from users, and drastically limit user tracking. For example, the GDPR identified three fundamental privacy rights: the right to explicit consent (data opt-in), the right to be forgotten (data erasure), and the right to data portability (switch data to competitor). These regulatory frameworks mark a significant paradigm shift: now, and for the foreseeable future online privacy will be regarded as a fundamental human right.
While privacy legislation promotes a more ethical approach to data usage, these restrictions compounded existing challenges to online measurement methods that rely on granular user-level data to track customers. The increases in signal loss have dealt repeated body blows to ad platforms and advertisers, many of whom still contend with profound new responsibilities and have been slapped with fines and audits, while racing to provide new solutions to help advertisers engage with their audiences. For businesses across the board, this has forced a reevaluation of long-standing digital marketing strategies.
New Methods for Measurement
The area that is going through the most significant overhaul in recent months is measurement.
Though Multi Touch Attribution (MTA) rose in popularity as a functional, accessible foundation for measurement, now even robust MTA models are inadequate as stand-alone measurement systems. Signal loss has substantially compromised their precision and influence.
MTA works by attributing value to each touch point that leads to a conversion. Now, without enough user-level data, MTA models rely upon rules-based or algorithmic allocations for the unobserved touch points to approximate attributions to a marketing channel for conversions. For example, a customer may see ads on Instagram, Tik Tok, and listened to an ad on a podcast before making a purchase. The MTA model will credit will attribute credit to each channel inaccurately, but might also credit an ad on a different channel that the customer did not encounter. To provide marketers with more than just an approximate or theoretical reference, MTA models must be calibrated (for example, by using conversion lift studies).
Within an active campaign last-click attribution will provide immediate feedback for ad performance, which can be verified by off-site KPIs, but it suffers when being pushed to reveal an overall view of the campaign.
Without reliable data, it’s not possible to evaluate the ROI of campaigns. That uncertainty undermines planning, bidding strategies, and the validation of marketing channels. Attribution can suffice for smaller, digitally native D2C marketers, simply because they run small campaigns. As marketing demands increase, for instance, to UGC, podcasts, and other marketing channels, their contributions to ROI will be out of reach for attribution modeling by itself.
A more thorough measurement solution, like Marketing Mix Modeling is called for because it can capture the effects of cross-channel synergies, real-world marketing channels, and the impact of external factors across the entire “marketing mix.”
Recently, MMM has reemerged as a welcome, privacy-resilient solution for measurement and guidance. This is because MMM doesn’t rely on user-level attribution data. Technology-driven marketing mix models work with aggregate information like advertising expenditure and sales figures. This aligns today’s MMM with the demands of a privacy-first world.
At its core, MMM is a top-down statistical approach that quantifies the impact of marketing activities on target KPIs. What sets MMM apart is its ability to consider not just marketing channels, but also external factors like seasonal trends, economic shifts, and competitive behavior. This provides a holistic view of the marketing environment that enables businesses to understand not just the impact of each dollar spent, but how those expenditures interact with one another, creating cross-channel synergies that generate sales, brand awareness, or whatever the target KPIs may be.
Privacy Timeline
Privacy concerns were first sparked with the invention of the cookie, and next year cookies will be phased out entirely.
1994
The HTTP Cookie is invented at Netscape, and this marks the arrival of the online shopping cart.
At Netscape, Lou Montulli adopts the idea of the “magic cookie” for e-commerce client MCI. MCI did not want to be burdened with storing partial transaction states. Cookies solved the problem by enabling the users’ computers that were conducting the transaction to store the data locally. Cookies were integrated into Internet Explorer in 1995, after they were patented.
Unfortunately, no one told the users that their computers were doing any of this.
1995
Amazon and eBay both launch.
The European Union takes an early position on privacy.
The EU enacts the Data Protection Initiative, which states that personal information should not be processed by online businesses at all, unless it meets conditions of transparency, legitimate purpose, and proportionality.
Internet Explorer Implements Cookies
IE had a marketshare of under 10%.
1996–1997
The Financial Times starts a media outcry in the US.
By 1996, adoption of the cookie started to grow as advertisers discovered how they work. The public was largely unaware of cookies until the Financial Times published an article published that depicted cookies as a back-channel for companies to spy on consumers while they were surfing the internet. In the US, threats to online privacy became a public issue, receiving more media attention and scrutiny.
This lead to two FTC Hearings in the US.
The FTC did not find harm, and decided to not interfere with commerce online.
2000
Google launches AdWords (which became Google Ads).
2001
The Patriot Act
After the shock of 9/11, The Patriot Act lawfully broadened the surveillance powers of the NSA.
2002
The Network Advertising Initiative published a set of principles with the FTC.
NAI-compliant ad networks would provide consumers the choice to opt out of being tracked and targeted by online ads.
2003
Myspace launches.
Myspace collects user data.
User data is collected from their website and their affiliate network to select ads for each visitor through behavioral targeting.
The FTC establishes rules on Spam.
Meanwhile Spam emails attracted the ire of just about everyone, including the FTC, who made it mandatory for commercial email senders to provide opt-outs, state their physical address, and identify ads.
2004
Mark Zuckerberg starts Facebook at Harvard.
Mozilla releases the Firefox browser.
Hacker attacks sharply rise.
These are no longer the prank hackers, but the kind that steal customer payment data. The Payment Card Industry Security Standards Council (PCI) is formed, and immediately releases the first unified security standard.
2006
Wikileaks is founded by Julian Assange.
Wikileaks starts to release material that exposes the inner workings of intelligence services, banks, politicians, and war operations around the world.
2007
Facebook launches the first newsfeed
Facebook is promptly accused of violating user privacy. Facebook then modifies the code to adjust privacy settings accordingly.
Google Acquires Doubleclick.
DoubleClick was already the largest online advertising company. The acquisition included DoubleClick’s ad software, including its relationships with web publishers and advertisers.
2008
Facebook launches Facebook Connect.
Through Facebook Connect, “partnered” websites can access details about users’ Facebook profiles, including their full names, photos, wall posts and friend lists. Companies legally target users with advertisements based on their behavior across several “partnered” websites.
2009
Facebook allows users to make their photos and videos private.
Permission-based email marketing arrives, requiring interested users to opt-in to email marketing.
The results are higher open rates, more interested email recipients, and less spam.
2010
Instagram launches.
A whistleblower turns to Wikileaks. The public concerns over privacy concerns are heightened.
Wikileaks releases Iraq War documents and Afghanistan War documents, provided by Chelsea Manning.
Media
The Wall Street Journal brings widespread attention to privacy concerns related to online tracking.
2011
Mozilla competes with IE on privacy, and Google violates its policies in an effort to grow a social network.
Do Not Track (DNT) is introduced by Mozilla, allowing users to express their preference not to be tracked. Microsoft follows shortly after.
The FTC sanctions Google Buzz.
The FTC finds that Google violates its own privacy policies by uploading Gmail user data into Buzz regardless if someone chose to join the social network. The settlement bans Google from future privacy misrepresentations, requires the company to implement a comprehensive privacy program, and makes regular privacy audits mandatory until 2031.
2012
Google reorganizes its products.
Google consolidates products under Google accounts, and transparently updates its privacy policy.
Facebook acquires Instagram.
All Instagram users must agree by default to allow businesses paying Instagram for access, to provide usernames, likeness, photos (with metadata) so user behavior could inform advertising.
2013
The EU ePrivacy Directive.
The EU ePrivacy Directive requires websites to inform users about the use of cookies and obtain their consent.
Edward Snowden leaks.
Edward Snowden leaks thousands of highly classified documents from the NSA that reveal numerous global surveillance programs, run by the NSA and the Five Eyes intelligence alliance.
2014
Apple’s iCloud is hacked.
Leaked photos allegedly affected celebrities from around the world. Two years later, the leaks were found by Apple to be the result of phishing attacks. In the meantime it caused a massive uproar over iPhone information security.
Sony Pictures Hack
Led to the release of confidential data, destabilizing the company and affecting U.S.-North Korea relations.
2015
Experian is hacked.
15 million people who applied for Experian credit checks have their personal information exposed including their names, addresses, social security, driver’s license and passport numbers.
2016
Private communications take center stage during the US presidential election.
Wikileaks further inflames the Hilary Clinton email controversy, along with multiple other leaks including DNC and Podesta emails.
2017
Apple introduces Intelligent Tracking Prevention (ITP).
Safari 11 significantly limits cross-site tracking by reducing the lifespan of first-party cookies and blocking third-party cookies.
WannaCry Ransomware Attack
Affected institutions globally, including the UK’s NHS, causing widespread disruption.
Equifax breach
Exposed the data of 143 million Americans.
THE ERA OF DATA PRIVACY BEGINS.
2018
General Data Protection Regulation
The EU passes the General Data Protection Regulation (GDPR). The GDPR restricts how any business that comes into contact with an EU citizen can collect, analyze and store their personal data.
California Consumer Privacy Act
California Consumer Privacy Act (CCPA) is introduced. California follows the EU for California citizens by creating the CCPA.
Facebook / Cambridge Analytica and Privacy Scandals
Facebook faces at least 21 privacy scandals. When the Cambridge Analytica controversy breaks, Facebook loses $37B in market capitalization.
Google enforces HTTPS
HTTPS becomes enforced by Google. Websites that do not have an SSL certificate are deprecated in Search.
2019
Apple introduces ITP 2
ITP 2 prevents first-party workarounds by resticting local storage along with third-party cookies.
Google limits third-party cookies.
Google provides an opt-out option for ad tracking cookies.
Mozilla activates Enhanced Tracking Prevention.
Firefox provides by default privacy from the third-party tracking software, through its Enhanced Tracking Protection (ETP) feature that blocks third-party cookies, along with malware protections.
2020
The CCPA goes into effect.
Google Chrome announces the Privacy Sandbox initiative, an effort to develop privacy-preserving alternatives to third-party cookies. Google replaces cookies with five APIs to retrieve data on attribution and conversions. This essentially walls off a third party’s access to private information, but they still receive actionable insights.
Google introduces consent mode.
2021
Apple rolls out iOS 14.5.
The privacy update sends shockwaves through the $300B advertising industry with App Tracking Transparency (ATT) framework, and ends the default sharing of the IDFA. The switch to SKAd Network means limited, delayed, and less granular data. This presents new challenges to targeting and re-targeting, advertising revenue, and install attribution.
Google Chrome to Deprecate Cookies
Google delays its plan to phase out third-party cookies in Chrome, partially as a result of regulatory investigations. Google extends the timeline for its implementation to 2024.
Additional States Pass Laws
Amazon is fined by EU
Amazon is fined for violating the GDPR.
2022
Mozilla strips clickID Facebook, Marketo, Olytics, and HubSpot.
2023
iOS 17 strips tracking link parameters for any customized details.
Instagram is fined by Ireland.
The Irish Data Protection Commission fines Instagram for GDPR violation.
Google Rolls out Privacy Sandbox
Google receives guidance from UK’s Competition and Markets Authority (CMA) in June and begins to enable its new privacy-focused APIs in July.
Google sets goal of phasing out third-party cookies entirely by Q3 2024.
