The New Identity Paradigm

Identity

Fool’s gold? A new paradigm is emerging in place of the crumbling cookie. New rules dictate how personal data is collected and shared.

Legacy technologies like third-party cookies are disappearing, and regulations are reshaping how we collect and use consumer data. To thrive, marketers must rethink their strategies around identity—the capability that enables personalised targeting, effective measurement, and more across different channels.

This article explores the evolving role of identity in marketing and advertising, and how changes to privacy regulations are creating a new identity paradigm in a less open internet. Marketers who successfully adapt to this privacy shift will foster stronger customer trust and build resilient data-driven strategies that not only set them apart from competitors, but also position them for success in the age of AI.

To skip directly to specific sections, please use the following links:

Estimated reading time: 18 minutes

IDENTITY IS CRUCIAL TO MARKETING SUCCESS

Modern digital marketing is fundamentally rooted in user identity, which comprises a mix of persistent and transient identifiers–such as email addresses, mobile device IDs, and of course, cookies. 

These identifiers are used to remember the contents of a user’s shopping cart, send email promos, serve ads and more–enabling key marketing use cases from targeting to measurement and personalisation.

Marketing and advertising platforms, from Salesforce to Meta, use identifiers to create comprehensive user profiles, generate insights that define marketing strategy, optimise campaigns in real-time, and enable brand lift studies and a/b experiments.

Whether marketers target an entire category or specific customer segments, identifiers are key to finding the most relevant audiences. The result is more relevant marketing, increased brand preference, less marketing dollar wastage, and improved business performance.

A definition from IAB: Identifiers or IDs are data values that are persistent and consistent across contexts, and can be used to resolve the identity of a household, device or user. A useful identifier is unique, persistent across multiple transactions, and consistent when used by different parties.

Identity as a common currency

When identity is interoperable, user data can be transmitted across different platforms, channels and technologies. This interconnectivity allows marketers to create a more comprehensive customer view, and deliver relevant experiences across various touchpoints. 

This interoperability arguably ushered in marketing’s data-driven era. Entirely new software and services emerged to help manage and maximise the value of customer data. Advertising impressions are ~70% more valuable when an identifier is present. Many digital marketing capabilities were made possible. A few examples include:

Reach and frequency – Count and optimise ad exposures across unique identifiers or individuals

Cross-channel targeting – Profile potential and existing customers to target across channels

Relevant messaging – Serve relevant ads and messages to customer categories or specific segments

Multi-touch attribution – Calculate the contribution of each channel along the customers’ paths to conversion

Brand lift or A/B experiments – Compare the effect of a marketing or advertising treatment between two or more sets of customers or users

To illustrate how identifier interoperability enables these use cases, let’s examine the following two examples in detail.

Targeting relevant audiences in paid ads

Publishers, content networks, social media platforms, and retail media collect a diverse range of customer data. When made available, brands are able to use this data to identify relevant audiences for their marketing campaigns.

In this example, Unilever used Foodpanda’s customer data to target relevant retail audiences in Taiwan. They also used their own customer data to identify and target users with similar traits:

The retail data and measurement solution enabled Unilever to target foodpanda's customers and measure sales impact via The Trade Desk's platform. The company was able to more precisely target key audiences on the open internet using transactional signals from foodpanda, including past purchasers of fresh produce, past purchasers of packaged goods, and active foodpanda subscribers. Other targeting strategies included using Unilever's first-party data to create a lookalike audience on the Trade Desk's platform to target consumers similar to its existing customers.

Personalising messages across owned channels

Customers respond to different communication channels differently. Different events, from seasonality to specific behavioural triggers, become opportunities to create experiences across the customer lifecycle.

However, each channel often requires a different identifier (SMS, email, in-app notification, etc.). The ability for brands to tie these different identifiers to a single customer is what enables multi-channel communications.

In Figure A, a birthday offer is being planned in Salesforce. Different messages are prepared across channels, each requiring a different identifier to deliver personalised messages. Furthermore, reminders are sent to customers who haven’t yet redeemed the offer.

Figure A – Salesforce user journeys

THE PRIVACY SHIFT

Regulation often lags innovation. While the interoperability of identifiers was a boon for digital marketing, it posed huge risks to consumer privacy. The lack of safeguards and the ability to respect user preferences meant that personal data was easily exposed and exploited by bad actors.

The most culturally significant exploit occurred in 2018, when Cambridge Analytica harvested the personal data of 87 million Facebook users without consent, and used it to profile voters and personalise messaging in order to influence US election outcomes.

The incident set off an accelerated shift towards greater privacy across the internet. New privacy laws such as GDPR and CCPA emerged, emphasising or mandating explicit and informed consent, expanded consumer rights, and transparency in data collection and processing.

In APAC, the EU has also recognised Japan, South Korea and New Zealand as countries that provide equivalent standards to the GDPR. Meanwhile, Australia, India and Singapore have incorporated similar standards, with the former two making major updates in 2024.

Web browsers and mobile operating systems have also risen to the call. Many of them now limit third party identifiers by default and provide more robust consent and privacy management tools to users globally.

This has led to significantly greater control over personal data for consumers. However,  the volume and interoperability of advertising identifiers, such as third party cookies and mobile device IDs, is drastically falling. The impact can be summarised as follows:

Removal of third-party identifiers – Major browsers are phasing out third-party cookies, making it difficult to track users across websites.

Reduced cookie lifespans – Browsers are reducing the lifespan of cookies, including first-party cookies in some cases, which impacts persistent tracking.

Redaction of fingerprinting signals – Many platforms are restricting IP addresses, user agents, other device information (e.g., screen size, resolution operating system) used for device fingerprinting.

More user controls – Users now have increased control over how their data is collected and used thanks to consent banners, privacy settings, and opt-out controls.

The third-party cookie will crumble from user opt-outs

When given the choice to opt out, almost all users are expected to. Over 70% of iOS users have already opted out of in-app tracking, and 90% are expected to do when Chrome provides the same opportunity. Android remains as the last major platform without a clear plan for user opt-outs. Figure B below illustrates the current state of third-party identifier opt-in.

an internet without third-party identifiers

Figure B – Platform market shares and their expected volume of available third-party identifiers

Third-party cookies

Third-party cookies are small text files containing a unique string of characters that tracking companies place in a user’s browser. This occurs when users visit websites with embedded content or ads from other domains, click on advertisements, interact with social media plugins, or use third-party services like chat support and customer review tools. When users visit other websites containing tracking code from the same companies, these cookies allow said companies to recognise and follow their online journey.

As third party cookies continue to crumble, they become less reliable for targeting, optimising and measuring across advertising channels. With owned channels, personalisation and A/B testing will similarly be impacted if users choose to opt-out of sharing their personal data.

Preference for personalised ads

Despite higher levels of privacy awareness, 81% of Gen Zs and 57% of millennials still prefer personalised ads. Studies show that relevant advertising can boost brand perception and click intent. In our own experience we often were able to deliver stronger incremental brand impact with well-crafted and relevant ad experiences.

The industry has grappled with a “cookieless future” for years. The good news is that its innovations are bearing fruit. Third-party identifiers are being replaced by privacy-centric identifiers. Privacy-enhancing technologies (PETs) are allowing marketers and publishers to securely share and collaborate with their first-party data. Identity interoperability is being restored. In the following sections, we explore this new paradigm and how marketers can prepare for it.

New world, new identity paradigm

Today’s internet cannot contain both high privacy standards and a fully interoperable identity layer. The original ideals of the internet – open standards and free information exchange – are now tempered, fragmented even, by the global shift towards privacy.

In response, the marketing and advertising industry has been reinventing itself, reconfiguring business models and technologies to construct a more durable, privacy-centric, yet still interoperable identity layer for the internet. To take advantage of this, a privacy-first identity strategy is now essential.

Everything is an ad network

Coined by Eric Seufert, “Everything is an Ad Network” highlights the trend of companies leveraging first-party data to offer proprietary audience targeting across its advertising inventory. It follows that any company with a substantial audience can boost ad profit margins by offering scalable and unique targeting signals. However, not every publisher will command the same audience moat.

Ari Paparo illustrates this divide in his latest The Internet Advertising Map, which describes the splintering of the open internet into walled gardens, native content aggregators, and the premium logged-in internet (Figure C).

Figure C – Ari’s Internet Advertising Map

Aggregators such as social media, forums and search networks are found in the Walled Gardens and Native Content internet quadrants. They accrue authenticated users through network effects and a mix of diverse and often user-generated content that in turn, enriches the signals available for ad targeting.

Vertical leaders across music, video, and retail collect deeper, though often narrower behavioural signals from their audiences. Similarly, advertisers can gain access to authenticated users within these Logged-In Internet environments as more companies (e.g., Netflix, Spotify) adopt ad-supported subscription tiers. 

Finally, the end goal for publishers in The Open Internet quadrant is to monetise audiences at higher margins. This is achieved by improving content quality or the scale of their reach. By creating an audience moat (i.e. an authenticated user base with rich targeting signals) they become more resilient to the aggregation effects of search, social platforms and AI answer engines.

Authenticated users

A logged-in user is intrinsically more valuable for personalisation and ad monetisation. These users become authenticated by providing personal information and durable identifiers such as first-party cookies and/or emails. In comparison, third-party cookies or device IDs are anonymous, tied only to browsers or devices, and increasingly transient (short-lived) due to privacy restrictions.

We summarise each quadrant’s audience moats through the lens of the marketer below (Figure D):

Figure D – Audience ID’s by internet quadrant

The rise of first-party data

Marketers are similarly racing to anchor their identity strategy in first-party data. A well-established first-party data strategy provides marketers with the confidence to connect with customers across both paid and owned channels in a privacy-conscious way. As third-party signals dwindle, the advantages of first-party data become more apparent.

Direct and consent-basedUnlike third-party data, first-party data is collected directly from customer interactions (ie. website visits, app usage,  newsletter sign-ups) and grounded in user consent. This explicit agreement makes it more trustworthy and transparent.

Resilient data foundation – First-party data is not subject to the vulnerabilities of third-party identifiers, which are easily blocked by browsers and restricted by mobile operating systems. As such, they offer a stable foundation that brands can rely on for accurate targeting and measurement.

AI and machine learning fuel – First-party data helps modern algorithms parse signal from noise. From agentic chatbots to real-time bidding in paid media, it provides essential business context and customer behaviour signals required to personalise messages and improve performance.

Deep insights and relevant messaging – First-party data creates a more nuanced understanding of customer preferences and behaviours, allowing marketers to craft tailored strategies and leverage predictive analytics for growth and loyalty.

Cross-channel integration – With the rise of PETs, first-party identifiers can be seamlessly used across mediums (more on this later). This allows marketers to draw insights and target authenticated audiences across owned platforms, walled gardens and the logged-in internet.

Strength in (email) numbers

The email address has emerged as the preferred choice of first-party identifier for many businesses.

For marketers, emails establish a durable, resilient and cross-device foundation superior to anonymous first-party cookies or device IDs. For publishers (as previously discussed), emails act as a persistent identifier that enables richer product experiences and durable targeting signals which prop up advertising margins.

Over the past three years, the average number of logins per user has increased by 70%, reaching an average of 225 accounts per person in 2024. Email identifiers may soon outnumber third-party cookies, especially as Chrome–with its 65% browser market share–introduces more explicit opt-out options for the latter. The identity fabric of the internet will change beneath our clicks.

PRIVACY ENHANCING TECHNOLOGIES (PETs) ARE MAKING IDENTITY INTEROPERABLE AGAIN

In a privacy-conscious digital landscape, PETs are emerging as a key enabler for unlocking the potential of first-party data in a secure way.

What they are and how they're used

PETs use techniques like encryption, anonymisation, pseudonymisation, aggregation, zero-knowledge proofs, and more to address privacy challenges while allowing data to be securely utilised for marketing purposes.

For marketers, PETs make it possible to collaborate with data they do not own, enabling secure data sharing, enrichment and activation without compromising privacy. As such, marketers can securely share and/or enrich their first-party data with external attributes for enhanced insights, targeting and measurement. 

Practical applications of PETs have emerged across the advertising ecosystem:

Target existing customersTarget your brand’s existing customers across paid media without exposing sensitive information. Ex: Google Ads’s confidential matching feature uses hardware-based secure environments called trusted execution environments (TEEs) to encrypt and securely match advertiser-uploaded emails with users across Google’s ad inventory.

Target retail media users – Target users based on retail transactions. Ex: The Trade Desk allows advertisers to leverage Foodpanda customer data to reach relevant audiences without exposing their personally identifiable information.

Cross-channel attribution and optimisationMeasure the value of ads across multiple channels and use the results to inform real-time bidding. Ex: Analytics platforms redistribute conversion credit across multiple advertising channels, then share that fractional conversion data for campaign optimisation on Meta. All of this is done without revealing any personal information.

PETs renew the interoperability in advertising, by allowing different parties to securely and compliantly share authenticated data outside their own siloed environments. As the scale of consented first-party data reaches “critical mass”, what follows then, is the ability for marketers, publishers and data partners to collaborate and activate on data they do not directly own while preserving the privacy of end consumers. 

Figure E – ID interoperability and PETs

How do PETs show up in the marketing technology ecosystem?

PETs are being embedded into existing marketing technologies, enhancing the privacy and security of established advertising software features, such as offline data matching and data targeting through DSPs.

Some solutions, such as Google’s PAIR or Unified ID 2.0, use privacy-preserving identifiers to  represent individuals, devices or households. Others, such as the Privacy Sandbox or Seller-Defined Audiences, aggregate users into groups or cohorts based on shared characteristics or behaviours, and enable use cases without individual identifiers.

Furthermore, PETs have given rise to a new class of marketing technology–the data clean room. Walled garden data clean rooms, like Google’s Ads Data Hub, allow marketers to match their first-party data with Google’s ads data for deeper, more flexible analysis. Meanwhile, platform agnostic providers  such as Optable and Snowflake allow multiple parties to share data and collaborate across different cloud environments. We discuss data clean rooms, how they work, and their use cases in more detail here

Despite their potential, PETs are not foolproof as certain methods may be insufficient in protecting consumer privacy. For instance, the FTC has warned that hashing or encrypting identifiers does not guarantee user anonymity. As the adoption of PETs grow, it is essential to evaluate whether they truly prevent bad actors from uniquely identifying or targeting users.

FTC – No, hashing still doesn’t make your data anonymous

NEW WORLD, new rules, new tools

New rules are redefining the playing field.

While more complex, marketers and publishers now have safer, privacy-compliant means to traverse a fragmented, privacy-first world, and maximise the value of their data assets. Imprecise, transient third-party cookies are being replaced with authenticated, durable first-party identifiers. More modelling will be done to aggregate known users or extrapolate insights across anonymous users. The unrestricted sharing of personal data is also giving way to more secure, PET-mediated data collaboration.

We explore how these changes are redefining the identity landscape below in Figure F.

how privacy is changing marketing

Figure F – Identity landscape pre and post privacy shift

A privacy-first marketing stack is business critical

Consumers rank clarity and transparency regarding how their personal data is used as top priority for building brand trust. Companies that invest in privacy see significant benefits, including customer trust and loyalty, improved operational efficiency, and more innovation, with up to 1.6x return on investment. 

More than a regulatory requirement, privacy is now a customer expectation and a business imperative that marketers must embrace.

Adopting a privacy-by-design approach–where privacy policies are embedded into every layer of the marketing stack, from data collection and resolution to collaboration and measurement –allows marketers to uphold customer trust and transparency while confidently orchestrating data for their campaign.

In the following table (Figure G), we introduce key marketing technologies that support this approach. Some, like consent management platforms, are now compulsory for managing user privacy. Others, such as customer data platforms and universal identifiers, are becoming essential for activating consistent customer experiences across fragmented environments. We summarise their roles and how they’re evolving to meet modern privacy needs.

data tools before after

Figure G – Platform and tools pre and post privacy shift

NON-IDENTITY DEPENDENT SOLUTIONS

In parallel, several alternative solutions have risen in profile. While the identity industry reconfigures itself around privacy, these alternatives don’t require personal data to work. Derived from the analog marketing world–contextual targeting, econometric models, customer surveys and more–these methods are now being revitalised for the modern, digital age. Novel signals, advanced machine learning and automation make them more efficient and effective than before.

Attention signals – What began with viewability (or the opportunity to see an ad),  has become an array of attention signals spanning time in-view, sound on, ad size, eye-tracking, and more. Together, they measure available user attention, and help advertisers prioritise prominent ad placements and meaningful reach/frequency in a cluttered, attention-deficient world.

Contextual targetingLarge language models significantly improve the ability to analyse context, intent, sentiment in both text and image-based content. Marketers can now create highly-relevant ads for highly-specific contexts and serve them in real-time across the internet.

Geo experiments – Essential for understanding incrementality, these experiments use randomised controlled trials to identify sales that wouldn’t have happened otherwise. Unlike A/B tests that require identifiers for segmentation, geo-based experiments split markets geographically into control and exposed regions. The latter enables market-level insights, which complement the granular optimisations at the creative and page-levels from the former.

Marketing mix models (MMMs) – MMMs aggregate campaign data, online and offline sales,, as well as other variables like seasonality and pricing, to identify incremental drivers of sales. They are increasingly used to provide a more holistic view of marketing impact without relying on user-level data. MMMs are often combined with experiments and attribution to form measurement frameworks that support both strategic planning and daily decision-making.

Synthetic data – AI-generated synthetic data creates realistic but artificial datasets based on real customers. These digital personas can inform customer research, creative and chatbot testing, marketing planning, and more. Although still in early stages, synthetic data offer a cheaper, faster, and increasingly accurate alternative to traditional research.

However, none of these solutions can solve all marketer needs in isolation. For example, MMMs are not ideal for real-time ad optimisation, attention signals lack conversion or reach and frequency signals, and synthetic data isn’t directly addressable in media. Their limitations often stem from the absence of customer data. On the other hand, while identity-based solutions offer user-level precision, they are ineffective unless marketers are able to acquire or access consented personal data at a meaningful scale.

If you believe a single solution can solve everything ala The Lisan al-Gaib

Yet, when taken as a whole, the marketer’s toolkit is now more versatile and powerful than before. They offer new, improved ways to reach audiences, optimise in real-time and measure business impact across both performance and brand objectives. The right combination of solutions will further amplify their strengths and minimise individual limitations. Identity-dependent or otherwise, marketers who are adept at leveraging the right solutions will be able to confidently solve a more diverse set of challenges in the new privacy-first landscape.

Embrace the shift: how marketers can thrive in a privacy-first world

Unfettered access to pseudo-deterministic data is now giving way to user consent and authenticity. The identity fabric of the internet is being renewed. A new balance between user privacy, personalised marketing and ad monetisation is being established. This is bringing a sea change, not only to how companies should approach personal data, but also to how digital marketing fundamentally works.

identity in ads and art

Impressionism, Cubism, and the shift towards privacy

To thrive in this evolving identity landscape, marketers must act with purpose. More than just compliance, it calls for a proactive embrace of new strategies, methods, and tools that not only protect privacy, but also deliver truly impactful marketing. 

A solid first-party data foundation will be essential for navigating both privacy and AI-driven changes. By infusing privacy throughout the tech stack, marketers can confidently maximise the value of this data, fueling stronger insights, targeting, optimisation and measurement. Meanwhile, non-identity dependent solutions and an incrementality-based measurement framework will fill in the gaps and provide for a more resilient and comprehensive strategy. 

Key actions for marketers

1. Establish a sound customer data strategy

A robust first-party data strategy is the bedrock for this new era. It is not only essential for understanding and engaging customers, but also foundational for navigating today’s fragmented landscape. Furthermore, with AI and machine learning embedded across the marketing ecosystem, customer and business data will be key differentiators, providing  critical context for training and tailoring algorithms to your needs. This foundation also ensures resilience and flexibility, allowing your marketing capabilities to evolve alongside ongoing shifts in AI and privacy. 

Furthermore, with AI and machine learning embedded across the marketing ecosystem, customer and business data will be key differentiators, providing  critical context for training and tailoring algorithms to your needs. This foundation also ensures resilience and flexibility, allowing your marketing capabilities to evolve alongside ongoing shifts in AI and privacy. 

2. Ensure your marketing stack is privacy-ready

Many consent management platforms (CMPs) and tag management tools have been found to fall short of true compliance due to improper implementation, such as the miscategorisation of tracking tags, or allowing the tags to fire despite user opt-outs.

Marketers and their organisations must actively ensure user consent is respected across all layers of the marketing stack – from data capture to activation. This approach allows marketers to confidently use customer data platforms and analytics tools for customer data activation while safeguarding user privacy. 

3. Scale first-party data with privacy-preserving solutions

Explore how PETs can expand audience and measurement reach while maintaining privacy. Universal IDs can enable targeting across fragmented environments using consented identifiers, while data clean rooms allow secure data collaboration with partners for enriched audience insights, targeting, and measurement. Additionally, embedded PET-based industry protocols like PAIR extend the reach of first-party data to programmatic ad buys beyond owned channels. These solutions maximise the impact of consented data, allowing marketers to reach broader audiences, find lookalikes, and improve insights and attribution – all while prioritising privacy.

4. Leverage identity-alternatives

Incorporate methods like contextual targeting, attention signals, marketing mix modelling (MMM), and experiments – solutions that are resilient to identity deprecation or fragmentation. Contextual and attention signals are good starting points for mid-level marketers, while MMMs and geo experiments add depth as capabilities grow. When combined with identity-based solutions, marketers are able to address different aspects of targeting, insights and measurement, enhancing reach, relevance and effectiveness.

5. Prioritise measurement

Despite advances, over 65% of marketers still rely on last-click attribution to measure and optimise campaigns. This results in marketing decisions that are based on biassed, inaccurate data heavily dependent on third-party cookies. By aligning measurement to incrementality, marketers can act on insights that reflect actual business outcomes. This is more crucial than ever, as traditional attribution methods are being constrained by blackbox methodologies from platforms that rely increasingly on probabilistic models. A structured approach to experiments, fortified attribution models, and MMMs (for larger advertisers) is now necessary for a holistic assessment of marketing strategy and day-to-day decision making.

Share this

Stay up to date with our latest content.

Sign up for our email list to receive new posts and videos straight in your inbox.

Follow Skeleton Key

Related content

Everything you wanted to know about Identity Graphs (but were afraid to ask)

The Context of Personalised Advertising

Scroll to Top