What has happened?
Google has announced that it will restrict contextual content category information passed to programmatic exchanges in bid requests from February 2020.
Contextual content categories refer to Google’s classification of the content on a specific webpage or app where an advert may be displayed; for example news, sport, business. This data provides advertisers with the ability to target users based on the type of content they are currently reading or exclude more sensitive content from their targeting strategy e.g. alcohol or mature content. Due to the information passed over in the auction process there is a possibility of external companies connecting these contextual data points to provide a view of users based on different content they have read.
What does this mean for Google?
Google states that this update will “safeguard user privacy” by reducing the opportunity for external companies to build user profiles based around sensitive category signals and create individual identifiers; a component of fingerprinting methodologies. Fingerprinting refers to the collection of a range of data signals from multiple bid requests that can be combined to create persistent unique identifiers without access to cookies.
This provides an insight into potential future privacy updates that may continue to limit the bid request data that is shared with competitor DSPs. While content categories are being limited in their Ad-Exchange information, DV360 bid manager is likely to have the same categorisation ability as previous and will still be able to activate content category targeting. In this way, Google is nudging advertisers even further into the Google ecosystem.
What is the real impact?
Within a bid request a significant amount of data is still passed from exchanges; typically including page URL, location & IP address data, device data, and other data signals collected on the user and webpage (e.g. time zone, language, audience segmentation). This data provides advertisers with information on whether a user and environment is relevant to them and how much to bid for the ad space in their buying platform.
Typically, 3rd party contextual targeting companies (e.g. Peer39 & Oracle’s Grapeshot) will use the URL passed through in a bid request to match with their own contextual classifications. Using a page-crawler these companies scrape information from webpages to establish content, keywords and page sentiment to create a database that incoming bid requests are compared to. Without restricting or truncating the bid request URL, Google are not significantly impacting industry contextual targeting capabilities as most DSPs will not use the Google defined content categories for targeting strategies.
Google stated they have made these changes after engagement with data protection authorities which could signal evolving attitudes of authorities towards contextual data signals. Until now most privacy updates have focused on reducing user tracking by restricting 3rd party cookies across browsers. This shift could indicate an upcoming crackdown on fingerprinting data signals that provide information in a bid request that can allow user tracking without a user’s permission. An ICO (Information Commissioner’s Office) report into AdTech & RTB highlighted that thousands of organisations are processing billions of bid requests with little consideration of data protection law or transfer of personal data. If regulation was introduced restricting information supplied in bid requests this could have a very large impact on the programmatic industry.
Ad-Verification partners utilise similar signals to identify fraudulent activity through suspicious patterns of data signals. In pre-bid technology this information is predominantly taken from the bid request and referenced against historical insights meaning any reduction of data could reduce pre-bid blocking capabilities. If user-ID data and contextual data is restricted in programmatic exchanges this could benefit ad-fraudsters as tracking and blocking capabilities would be diminished.
Is privacy a priority for Google?
The main takeaway is Google taking steps to enhance user privacy and comply with data protection regulation; however, the reality is this has limited impact on user privacy or targeting capabilities. Google’s shrewd navigation of privacy measures reduces the level of data they provide to competitors across the landscape, without driving a genuine change on user privacy.
Meanwhile Google are facing investigations into data regulation across their business and have been fined over data compliance:
- Google were fined $170m in September by the Federal Trade Commission for harvesting data across YouTube of children under the age of 13 without their parent’s consent.
- A recent FT investigation found 78% of top UK health sites were applying cookies or trackers before receiving legal consent and data was transmitted to Google and other third party companies; breaching GDPR regulation.
- Irish data protection commission opened an investigation into Google’s authorised buyers process after Brave submitted a complaint regarding Google’s sharing of unique identifiers within the programmatic auction process. Google’s authorised buyer’s system sits across 8.4million websites and has been accused of sharing intimate data with thousands of companies every day that allow personal identifiers in a non-GDPR compliant manner.
Key Takeouts - Will this make a difference?
Google’s update reduces information provided within a bid request; however this will have a lower impact on contextual targeting or brand safety unless full URL information is removed due to 3rd party categorisation methodologies. It may reduce fingerprinting strategies of external companies – although it is uncertain how prevalent this is and is already illegal under GDPR regulation. Any reduction in the sharing of this data could impact the granularity or scale of targeting strategies. For brands looking to deliver ads in highly targeted contexts, direct publisher deals or PMPs would help deliver these in a more compliant way to ensure sensitive data is not shared across exchanges.
- What could be next?
This move could indicate more focus on information provided within bid requests on programmatic auctions by regulatory bodies. Contextual data that provides companies with the opportunity to profile users could be reduced to prevent non-GDPR complaint targeting methods. Specifically, URL information that is used by contextual and verification companies to classify page content is core to many programmatic processes and could be at risk if regulation was tightened.
- How should advertisers react?
This update shouldn’t have any significant short-term impacts; however, it is advisable to review contextual targeting strategies to ensure the latest capabilities are being deployed. Content categories are sometimes a blunt targeting tool with a large range of content falling into broad categories (e.g. News). New technology is allowing for more sophistication to include such as sentiment within targeting to best place ads in positive content (e.g. Uplifting News) which could be tested to drive better engagement with users. Tracking industry developments in this area and following any regulatory updates is key for advertisers to execute clever and compliant targeting online.