BREAKING DOWN THE BASICS: A SPOTLIGHT ON FEDERATED IDENTITY MANAGEMENT
Published on June 10, 2020
On October 27 1994, the world’s first banner ads went live. One ad is often regarded as the very “first”, purchased by telecommunications giant AT&T and placed on hotwired.com, the online precursor to WIRED Magazine.
“Have you ever clicked your mouse right here? You will” occupies a special place in the annals of the internet’s history, having tapped into the natural, human inclination to explore the unknown. Back then, banner ads were certainly a novelty and the irony of the message today is especially piercing, when today’s banner ads see a paltry click-through rate of 0.05 percent.
Why does this matter? Well, within a rapidly crowding landscape of brands, independent content creators, marketers, and platform providers, retaining a significant share of consumer attention is hard to come by. With ad blockers easily weeding out the most invasive of advertisements, marketers can only really leverage one thing: personalisation.
Take natively-placed Instagram advertisements based on your previous likes—your digital footprints play a key role in enabling personalisation. Every swipe, click, tap, and scan creates a digital profile of your habits, indicating your preferences as part of a wider audience profile. When refined by geolocation and basic demographic information, personalisation can effectively tap into human wants and needs, resulting in highly effective targeted marketing messages.
Identity management: the risks and rewards
With over half of the world’s population online, marketers need to comb through an abundance of data in order to identify the right audiences for each brand for a given campaign. The process of engaging with these data points is known as identity management. This refers to the process of procuring, storing, processing, and analysing customer data, and is what enables personalisation, along with the process of targeting and attribution.
As an essential part of the modern-day digital advertising industry, the foundation of effective personalisation rests on proper identity management. While it’s certainly no new phenomenon, the entire chain of processes from the point of collection to the moment of application has come under fire in recent years.
The rise of far more stringent data protection frameworks has greatly shaped the evolution of the digital advertising industry in recent years, be it the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Protection Act (CCPA). Resulting in a re-evaluation of identity management practices, greater emphasis on obtaining consent, providing transparency, anonymising and securing data have been woven into today’s regulations. This has forced organisations to quickly scramble and revise their practices. In fact, over a year on since the implementation of GDPR, the UK’s privacy watchdog, the Information Commissioner’s Office, found that adtech players were still unnecessarily holding onto and processing sensitive data without receiving explicit user consent.
Meanwhile, the very infrastructure of the internet itself is gradually moving towards reflecting the same stance as today’s regulatory agenda. Earlier this year, Google made the decision to phase out third-party cookies on its Chrome browser by 2022, leaving advertisers and publishers at a loss. After all, third-party cookies are essential to tracking users and their online browsing habits.
Chrome isn’t the first to say goodbye to third-party cookies with competing browsers Safari and Firefox having implemented blocking mechanisms in the past few years. With the three providers accounting for over 80 percent of browser market share worldwide, the implications will certainly be far-reaching. According to IAB’s report on The Socioeconomic Impact of Internet Tracking, if tracking data were to be lost today, it’s estimated that publisher ad revenues and associated employment would fall by an average of 50 percent.
The aspiration of “re-architecting the internet to make it privacy-preserving by default” is certainly a move in the right direction, given that only 10 percent of consumers believe they have complete control of their personal information. With 92 percent of consumers stating that companies must be more proactive about data protections, cultivating trust is paramount and it’s clear that marketers will need to adapt and evolve.
So, what now?
Today, only 30 percent of marketers themselves are “completely satisfied with their ability to balance personalisation with privacy”. With existing infrastructures clearly inadequate to meet consumer demands, we can look to promising technologies in areas of machine learning and cryptography to provide a sustainable, long-term alternative that prioritises privacy-by-design and first-party data. We describe this model as the Federated Identity Management, which rests on three core technologies.
Distributed Ledger can help to ensure that all authorised, participating stakeholders can access a database that provides an end-to-end historical record of how identities and audience profiles are being used. In addition, participants must arrive at a collective consensus to implement any changes, assuring the provenance of the data being stored on-chain.
To assuage privacy concerns, Differential Privacy allows for a privacy-compliant model of data collection and sharing. “Statistical noise” is inserted into an original data set at the collection stage to mask individual data points, so you can deduce patterns about the data set but not about the points themselves. Think of it as being able to describe the forest, but not the individual trees.
Federated Learning enables a decentralised model of data aggregation that ensures that personal data always remains in local storage—never leaving the user’s device. Once user consent is received, an algorithmic model is sent to and trained directly on their device and only sends back pertinent data summaries. When coupled with Differential Privacy, this adds another layer of security while simultaneously increasing operational efficiency.
To learn more about these technologies in detail, head over to our Beginner’s Guide to Differential Privacy and Federated Learning.
What’s happening today?
Cognisant that these far-reaching changes to the internet’s very infrastructure will have widespread implications across the board, Google has been working on its Privacy Sandbox initiative since 2019 in order to assemble improvement proposals with application programming interfaces (APIs). These proposals address various areas of the digital advertising industry that have historically relied on cross-site tracking and other practices by leveraging technologies such as federated learning. While these are likely to undergo multiple rounds of revisions over the coming months and in the years ahead, it’s certainly a promising step forward.
In fact, Google has partnered with the World Wide Web Consortium (W3C), the international standards body for the internet, gesturing toward the potential that the standards proposed are likely to impact the entire ecosystem beyond Google Chrome.
The ethics of personalisation
According to PwC’s metrics of consumer industry trust, social media platforms, tech companies, and advertising agencies are “less trusted” than firms in other sectors and will need to rise to the challenge of being “proactive” about ensuring and maintaining consumer trust. For context, marketing and advertising was the lowest ranked out of 26 industries with only a mere 3 percent of consumers citing the sector as trustworthy.
With identity management as the bedrock for the future of personalised advertising, it’s evident that future-forward solutions need to espouse the following principles:
- In moving away from third-party data sources, high-fidelity, deterministic first-party data from both brands and publishers alike must be the foundation of identity creation.
- In light of regulatory headwinds, identity management solutions must be built with data compliance in mind. This means that there needs to be solid capabilities for data anonymisation or pseudonymisation, anonymised storage, as well as assurances of data provenance.
- To ensure that brands, publishers, and consumers interact fairly, authentic value discovery must take place. This means that we should see more business models where individuals are rewarded for the data they consent to sharing.
- To go beyond point solutions, identity management platforms must be scalable. This means that they should be holistic and able to address multiple industry use cases; open to consortium-based governance, which allows for a wider body of publishers and brands to participate, and also interoperable across different platforms and browsers, in order to set a common industry standard.
As an industry, we are at a tipping point that’s been a long time coming. Responsible for fostering engagement between brands and their consumers, as marketers, we need to do better and at Aqilliz, we’re here to help. With Federated Identity Management, we can hope to see a model of personalisation that is not only more cost-effective and targeted, but ultimately, compliant. While personalisation today is more necessary than “nice to have” within a crowding media landscape, it cannot be approached with short-term view as a means to an end, it must be done with ethical considerations in mind. After all, marketers would do well to remember that the customer always comes first.
For a more detailed understanding of the technology and the underlying regulatory and industry headwinds shaping the identity management landscape, read our Insights paper.