TrustArc Blog

Privacy Risk Summit Preview: Cross Device Tracking

May 17, 2016

Privacy Risk Summit 2016

A topic on the tips of advertisers’ and marketers’ tongues these days is “cross-device tracking,” a unique method of digital advertising that is viewed within the data, analytics and marketing spaces as a game-changer. TRUSTe’s Privacy Risk Summit (Wednesday, June 8th in San Francisco) will feature a panel of industry-leaders devoted to the latest on this subject. In advance of the Summit, Darren Abernethy, Privacy Solutions Manager at TRUSTe offers a brief introduction to cross-device tracking methodologies and some of the cutting edge privacy issues upon which they touch.

What Is Cross-Device Tracking?

 Cross-device tracking is the umbrella term for different techniques used to serve target ads to an individual user on a user’s multiple devices so that messages can be better tailored to the right individual at the right moment. The ads and promotions served to the user across devices, channels and platforms are more effective (i.e., more likely to be engaged with or lead to conversions) because they are informed by that user’s previous interactions on all of the devices, not merely the device or browser currently in use. Cross-device tracking also allows for better “attribution” or the ability to understand purchases, behavior and intent.

How does this work in practice?

As one oversimplified example, a unique user could browse for a particular book on her mobile phone during breakfast, later at the office on her work laptop put a copy of the book into an online retailer’s shopping cart but not purchase it, and then back at home that evening she may receive an advertisement on her personal desktop computer’s browser for other books by that author or even a discount promo code at the retailer’s site where she almost made the afternoon purchase.

This type of connecting the dots to identify and reach a single user across devices is accomplished through two primary methods.

Deterministic and Probabilistic Linking

The first method is deterministic linking (DL), whereby a user self-identifies to a service, such as by logging in, which directly confirms that the multiple devices in use belongs to the same user. Accordingly, if a user logs onto a particular social media site on a smart watch, tablet, mobile app or computer web browser, then any user data collected (clicks, likes, visits, 1st party cookie data, and data from 3rd party websites on which the social media service has widgets/portals) becomes part of that user’s broader “profile,” and can be used to target ads to that user on any device or platform.

The second method is probabilistic linking (PL), whereby statistical modeling, algorithms and/or predictive pattern recognition is applied to a variety of digital technical parameters to infer links between devices. Firms in the PL space often partner with online publishers or ad exchanges and monitor ad request traits such as IP address, device type, geolocation, time of day usage patterns, and installed browser fonts, then correlate that information with other data sources and use proprietary processing to build device graphs that, over time and in the aggregate, can link multiple device, cookie, and mobile IDs to a common user, who is assigned an anonymous identifier.

Privacy Considerations with Cross-Device Tracking

The use of cross-device tracking is a response to consumers’ more fragmented options for accessing the Internet now compared to two decades ago, as well as the inherent limitations of delicate, mobile-deficient and browser-specific cookies traditionally utilized in online behavioral advertising. But does this new means of crossing data streams to gain a holistic view of a consumer along the entire path to purchase give rise to issues for privacy-conscious consumers and businesses?

For instance, can these techniques lead to the collection of unnecessary or superfluous data, at odds with the generally recognized privacy principle of data minimization? Can they lead to the possible triggering of unintended legal regimes, or erroneous inferences that lead to bad ad spend? Should different privacy approaches be utilized for DL versus PL? Is it technically feasible for the industries involved to build an omnibus opt-out mechanism that can be honored across all devices and platforms?

For insights and analyses of these issues and more, including benefits for businesses and consumers and current self-regulatory approaches, be sure to check out our exciting panel at next month’s TRUSTe Privacy Risk Summit. The panel will include perspectives from the brand/advertiser, technology development and product design, go-to-market strategy and of course, privacy and legal challenges. The panel will be moderated by Andy Dale, Senior Counsel at DataXu an advertising technology company engaging in cross-device campaigns. In Andy’s words: “cross-device technology is really about understanding the customer journey and this technology is powerful but needs to be harnessed and utilized within a privacy framework which allows users an ability to understand the practice and make meaningful, choices”.