Companies now spend over $100bn on digital advertising in the US alone and not surprisingly, they want to know whether or not that money is being spent well. Unfortunately, despite the fact that digital channels are theoretically the most trackable, attribution remains a significant challenge for many marketers.

Even more unfortunately, attribution is likely to become more complicated as a result of the growing push to reign in the practices of tech companies vis-à-vis data and privacy. The reason for this is simple: attribution essentially requires that consumers be identified individually and tracked as they journey across the web and real world, and strong privacy protections essentially demand the opposite unless there’s clear consent otherwise.

For years, the digital ad ecosystem was largely unregulated, so dominant tech companies like Google and Facebook, adtech firms and marketers had great flexibility to use the data they collected from consumers as they saw fit with little risk.

But that is changing.

The GDPR has changed the game in Europe, and there are calls for similar rules in other key markets, including the biggest of all — the US. On January 1, 2020, the California Consumer Privacy Act (CCPA), which is similar to the GDPR in its aims, will go into effect, affecting by one estimate over 500,000 US companies. Many believe it’s only a matter of time before US regulators adopt GDPR-like rules at a federal level and already, a number of privacy and data laws are working their way through Congress.

A marketer’s guide to the California Consumer Privacy Act (CCPA)

Laws like the GDPR and CCPA, as well as scandals that have put a spotlight on how much data big tech companies collect and use, have forced tech companies to get proactive because they know that the Wild Wild West days are coming to an end. For example, Facebook CEO Mark Zuckerberg has explicitly invited regulation that would establish rules of the road for his company. In the meantime, both Facebook and Google are already making changes.

Among them: the former removed targeting options based on data from partners such as Acxiom and Experian and at its developer conference earlier this month, Google unveiled a number of new privacy tools that aim to make it easier for users to see what data the search giant has collected from them and give users better control over its use.

While transparency and control are certainly good for consumers, they could complicate matters for marketers.

As Mediapost’s Joe Mandese recently observed, executives from Google and Facebook, speaking on a panel this month at the I-COM Global Summit in Spain, were fairly non-committal about attribution.

Google senior product manager Alec Bernston directly noted the conflicts between the needs of consumers and marketers and said that Google was “inventing new privacy tech.”

Facebook’s director of advertising research Daniel Slotwiner pointed out that Facebook does have an attribution program and that it’s “managed to enable the data in a privacy-safe way.”

More black boxes

If these statements seem somewhat vague, it’s because they are.

But developments such as Google Chrome’s just-announced cross-site cookie and fingerprinting crackdown suggest big tech companies are going to meet marketers’ demands for attribution going forward by offering them more black boxes and less raw data. In other words, marketers will likely have to buy into end-to-end solutions that are controlled by the tech companies and whose inner workings are largely a mystery. Where necessary, the tech companies will almost certainly allow thirdparty verification partners to perform audits, but at the end of the day marketers will still find themselves having to trust since they won’t be able to verify for themselves.

This arrangement is problematic for two big reasons.

First, big tech firms are not infallible — a huge problem when literally billions of dollars of ad spending decisions could be influenced by the information they provide to marketers. Case in point: Facebook has already suffered a number of embarrassing problems with its analytics tech that some analysts suggest induced publishers to over-invest in video and resulted in lawsuits.

Finally, marketers could find that their use of tech companies’ attribution solutions is used to create greater lock-in. After all, if marketers find it difficult or impossible to do attribution without using big tech firms’ attribution solutions, it could even give them an incentive to direct more of their spend to these giants.

This said, big tech’s black boxes aren’t the biggest threat to attribution. While black boxes are not ideal, there are also developments that could largely block attribution altogether.

For example, Apple, which doesn’t have a huge ad business to protect, just announced that it will adopt a technology called Privacy Preserving Ad Click Attribution in its Safari browser, which is the default browser for the iPhone. Based on privacy-centric principles such as the notion that “users should not be uniquely identified across websites for the purposes of ad click attribution”, Apple says attribution will still be possible with one big exception: when users are in Private Browsing mode.

Apple’s move might not be the death of attribution but things seem to be moving in that direction and one thing is clear: marketers struggling with attribution today are likely to find that their struggles will only grow in the near future.

For more information about Econsultancy’s research, training and best practice solutions contact us on americas@econsultancy.com