Customer data platforms (CDPs) have had a meteoric rise in the technology hype cycle.

Promising a 360-degree view of the customer across all touchpoints, CDPs promised enterprises a place where all information about customers and their interaction with brands would be kept in individual profiles, rather than all the silos that exist today. CDPs have suggested that data management platforms (DMPs) will soon be encompassed by the CDP, whereby paid media data and owned media data will be completely connected. 

Brands have also long dreamed about knowing more about their customers and building out these profiles with each interaction. However, post Cambridge Analytica scandal, these brands have woken up from that dream — there will always need to be a separation between data customers have given them and data customers have given publishers.

Customers willingly provide their data to publishers and brands directly. With brands, customer data often comes in the form of email addresses, phone numbers, names, billing addresses and transactions. With publishers, customer data can come in the form of expressed or stated topical interests, login information, contact information and billing information. Customers know they are handing this info over to the other party and expect it to be used in their relationship with that specific party. The average consumer, however, does not expect to go to a website and have someone else beside the publisher profiling them in terms of their personal attributes and interests for targeting to be used elsewhere.

surveillance image

So CDPs may have previously thought it would be trivial to encompass the DMP by adding cookies and device ID tracking for advertising, but they are now realizing it is less of a technical challenge than a business model challenge. The CDP gets paid to actively collect information on a consumer and put it into one profile while a publisher actively wants to prevent this both for the consumer sake and for its own. Once an advertiser can identify a consumer from one publisher, tied to user attributes only made known through that ad purchase, such as a specific targeting parameter like contextual interest, the advertiser could try to find that same user elsewhere for less, using the other personal information already collected and amassing a bigger profile without compensating the publisher or consumer.

This issue has long been known in the ad tech industry as “data leakage,” but may be new to CDPs who are used to using only marketing-controlled channels where permission is more explicit.

Many publishers were combating data leakage before the Cambridge Analytica scandal. For example, Google’s DoubleClick Ad Exchange long blocked DMPs from running their pixels with Google ad buys. Other publishers have put contracts in place to at least theoretically stop this risk. Now with GDPR, the publisher is liable for any data collection happening on its pages, so they are further incentivized to ensure this data collection of personal attributes really isn’t happening.

Facebook’s situation with Cambridge Analytica has made this issue impossible to ignore now for CDPs. Contracts have been shown to be a loose protection against bad actors who have heavy incentives to cheat. Once the data gets out there, it is out there and the originator, like Facebook, has little way to know how it’s being used after it is collected.

Consequently, CDPs will be shut out because of their very promise to store all the customer data into one revealed personally identifiable ID. DMPs themselves will evolve as they figure out their role in data management without data collection on the publisher inventory. Data will increasingly be shared server-to-server where the sender is in control of what the receiver gets, rather than the free-for-all of years past.

If brands are to get granular consumer ad exposure data from publishers on a user level, they will have to get it without the audience demographic and interest data from the publisher. This prevents that very data leakage of the only valuable commodity the publishers own. It still connects conversion to exposure, reveals true frequency and allows for deeper analysis, but with your own data only. This transparency for brands provides them what they really want to know, but keeps them from identifying users and their characteristics with data they don’t already own.

Ad tracking, consequently, will continue to be a separate operation from customer data management, as it historically had been and must remain if we’re to protect everyone’s main interest — consumer’s privacy, publisher’s monetization and advertiser’s transparency.

Further reading: