India has the second largest online population, the rapid Internet access and mobile proliferation is the increasing adoption of digital technologies. The number of people using the internet in India is projected to reach 900 million by 2025 from 692 million in 2022.
In 2022, digital advertising accounted for the largest share (48%) and will surpass traditional TV advertising spending this year in India. In 2023, digital advertising spending in India is expected to grow 32% y-o-y. This could get affected by the current global recession. As per the BBC report, the IMF sees the US, EU and China economies going slow. It expects one-third of the world economy to be in recession. When the economy slows down, one of the first things companies do is slash advertising budgets.
Over the next ten years global digital advertising market size is likely to cross $1 trillion with India’s contribution to it likely to cross $25 billion. While India’s market size comparatively is still nascent, India is best positioned to solve the biggest crisis in digital advertising, namely data privacy. India is a leader in creating public digital good infrastructure and creating frameworks like the Digital Empowerment and Protection Architecture (DEPA) that protect and empower users.
Data Privacy in Digital Advertising
As concerns about data privacy have increased globally, there has been a growing focus on the need for companies to be more transparent about their data collection and usage, and for individuals to have more control over their personal data. ‘My Data and I Control its Usage’ is becoming an important issue in India as well.
The future of digital advertising in India as with the rest of the world is being impacted by the growing importance of data privacy and regulation. Let us delve further into the issues that need to be solved to ensure a user empowered data privacy friendly digital advertising ecosystem.
1. Deprecation of 3rd party cookies
Most browsers have deprecated the use of the 3rd party browser except for Google’s Chrome which is supposed to happen in 2024, after two false alarms in 2022 and 2023. Why does this matter? The entire digital ad ecosystem that exists on the web depends on tracking users using 3rd party cookies- meaning cookies that are dropped by ad tech platforms that enable brands and advertisers to track, target and convert users at scale. To add to this, the use of ad blockers is growing at a fair clip.
2. Alternative ID system should replace the cookie
This is easier said than done. While there will still be a dependence on first-party cookies- cookies dropped by the website that the user visits to be able to personalize content and ads and are generally accepted as necessary cookies- it is hard to build a system that emulates and has the ability to track users as efficiently as cookies.
The cookies are the equivalent of the myth of the pencil to write in space. It was a great idea at the time in 1994, just not privacy friendly. Now, an elaborate ID system that works across the open web, interoperable with walled gardens and a set of fragmented, acceptable proprietary and open source ID solutions has to be created.
3. User consent for data sharing
With rising user awareness about privacy resulting in a sharp increase in opt-outs of data sharing and growing use of ad blockers, internet businesses have no alternative but to stop the surveillance and tracking of users without their consent. Privacy laws have been legislated across the globe including one that is being drafted(and redrafted a couple of times) in India as well, which empowers users and are putting pressure via fines mainly on businesses when failing to comply.
The response by businesses is to provide a link for users to opt-out, which may or may not necessarily mean the businesses actually respect and comply with the user’s request. Users are clearly not enthused by this half-hearted approach, which is reflected in the growing use of ad blockers, alternate email addresses to prevent tracking, etc.
What is necessary is a user consent framework that includes user interfaces that empower users to opt-in or opt-out, share data more selectively and maintain a history of their data sharing. Providing users with financial incentives that operate within guard rails so as to stop any gaming of the system and/or over-consent by users who might be enticed to do so by unscrupulous players.
4. Server-side data sharing and its positive benefits to publishers
The deprecation of the third-party cookie has led to internet businesses having to track users and share the data server side, as against the cookie being dropped client-side or using browsers.
A privacy-protecting data sharing, ensuring it is as minimalistic and anonymous as necessary, could be done via sharing aggregated data, using obfuscated data, and tokenized expiring/rotating IDs in a confidential computing environment. India’s DEPA recommends the use of Trusted Execution Environments (T.E.E) called Confidential Clean Rooms for data sharing.
The power of knowing what data needs to be shared gives publishers and consumer businesses a fair degree of control over the erstwhile Wild West method of collection and abuse by large tech platforms.
5. The Mobile App Ecosystems’ Privacy Models
Google Android opt-out / Apple’s App Tracking Transparency (ATT) affecting advertising conversions and results and the need for interoperable consent management systems
While the World Wide Web requires a whole new way of operating its digital advertising, the mobile app ecosystem has its own problems to solve. These are mainly controlled by large tech giants, Google and Apple. These companies have a huge advantage of knowing everything that happens in the app ecosystem (well, also on the web since they own Chrome and Safari respectively). Apple has introduced its own version of privacy for its users, but providing an opt-in screen asking users whether they would like to be tracked by the businesses owning the apps and their affiliates. There would be very few users who would consent to be tracked, especially if there is nothing in it for them.
It is imperative for these companies to interoperate with other consent management frameworks. If a user has consented to share data with a few brands or businesses, it could be confusing for them when presented with another opt-in screen. The user could, however, opt-out at any time. Forcing a user to opt-in multiple times could be confusing and annoying for the user.
Conclusion: How can India drive the change needed in digital advertising
There are discussions around the world on ideas and thoughts to replace the use of third-party cookies with privacy friendly data sharing and user identification through technological, governance and regulatory frameworks. None come close to seriously solving the problem, yet.
An adaptation of India’s DEPA framework that works across all media, devices and platforms is a great starting point. The greatest advantage of this framework is that it is future proof with an easy addition or change any technological changes that happen along with any regulatory regime globally.
India’s relatively small, but growing digital advertising market is the perfect sandbox for the world to create a framework that empowers users while ensuring effectiveness for advertising backed by a self regulatory mechanism.
BG Mahesh, CEO of Sahamati is working towards data empowerment in the financial sector. All views are personal.
Kiran Gopinath founded Mearca to enable businesses with user empowerment in digital advertising and marketing.