Second-Party Data is a Rising Star in an Uncertain Future
Remember that scene in Miracle on 34th Street when Santa Claus, who was on the payroll at Macy's, sent incredulous customers over to other department stores because Macy's had run out of toy fire engines? What followed caught everyone by surprise: "telegrams, messages, telephone calls, the governor's wife, the mayor's wife, thankful parents expressing undying gratitude to Macy's," said a jubilant Mr. Macy. "Never in my entire career have I seen such a tremendous and immediate response to a merchandising policy! We'll be known as the helpful store, the friendly store, the store with a heart. The store that places public service ahead of profits. And, consequently, we'll make more profits than ever before!”
Co-marketing has had its hits and misses over the years, but it’s a great strategy when it works. When you hear about the wonders of second-party data these days, that's the latest embodiment of co-marketing. Think airlines and hotels teaming up to align holiday flights with great hotels at their destination. Or sporting events and pizza. Surf-wear and sunscreen. Brands use co-marketing to find new customers and expand what they know about their own customers. People love it too because it exposes them to new products and adds a sense of shared community to their brand experiences.
Co-marketing as a source of profits and customer loyalty—what’s not to like?
In the spotlight: first, second and third-party
To help codify things in a world where brands are sharing voluminous amounts of customer data with one another, data-minded marketers talk about first-party, second-party, and third-party data. It can get confusing, because someone’s first-party data is someone else’s second-party data, and third-party data is, well, someone else’s first-party data too. That leads to some very blurry lines. A lot has happened in that space over the past couple of years, so a refresher can be helpful:
First-party data is the user-level data you collect about your own customers, across all the channels (online and offline) they use to interact with you. It can be data they volunteer when they register with you and log in to access your products (like their email address, phone number, demographics, or even product preferences), but also data they let you collect so that you may deliver a great customer experience to them. Data like what device they’re using, for instance, what products they've already purchased from you, or what other items they might have browsed without purchasing. It’s often assumed that first-party data is all logged-in, authenticated data, easily attributed to someone with an active profile in your CRM system, but a lot of that data can be anonymous. I can go on eBay and browse endlessly without ever logging in. They will keep track of my browsing history and tie it to a session ID, a device ID, or another identifier.
Second-party data is another company’s first-party data. But it’s not that simple: data partners can be selective about what they share with one another. It can be a subset of customers, or a subset of data points for each customer. It’s likely to be anonymized, or even pseudonymized, to protect it in transit and in storage. It can be held in trust in a data co-op or accessed on a partner’s servers via direct API. And second-party partnerships can be between two brands (like Coca-Cola and Target), between a brand and a publisher (like the New York Times or Vox Media), or between publishers (like Viacom and NBC Universal in OpenAP).
Third-party data doesn’t come from your own CRM or customer data repository (that’s first-party data), or from a partner you have a direct relationship with (that’s second-party data), but from large data aggregators that are able to cover a lot of ground and offer vast audiences to their clients. Most aggregators today use third-party cookies and mobile ad IDs (MAIDs) to capture online behavior, but strictly speaking, they don’t have to use those IDs.
Killing cookies doesn’t automatically save privacy
We often make the mistake of conflating third-party data and third-party cookies. Third-party cookies are on their way out and many marketers are scaling down their use of third-party data as a result. But it’s worth noting that cookies (and MAIDs for mobile usage) are only one of many ways to track a person’s online behavior. Even with cookies out of the picture, third-party data aggregators can use a variety of highly-accurate fingerprinting technologies to do the job—at least for the time being. And they can tap into offline datasets as well, of course. So third-party data aggregators have staying power.
The fundamental question, however, is not whether third-party aggregators can track consumers, but whether third-party data, regardless of the technology used to capture it, is compatible with the spirit of privacy laws around the world.
I’m saying the spirit of the law, not the letter, because privacy regulators have left the door open to interpretation: what does ‘legitimate interest’ really mean in the GDPR, for instance? Most marketers would say that cookie-based programmatic advertising fits the criteria, but consumers (and regulators) might disagree. Over sixty jurisdictions have enacted or proposed consumer privacy regulations around the world in the past couple of years, each with its own set of loopholes.
And then there’s the whole notion of consent. A recent study by Pew Research found that the vast majority of Americans (97%) are aware of online privacy policies, but most don’t realize those policies are binding contracts, and very few (9%) spend any time reading them before opting in. Not surprisingly, 81% of consumers say they have very little or no control over the data that companies collect about them. Just 31% think their consumer experience has improved since GDPR came into force.
These are thorny issues for another post, but they have serious implications for how we consider marketing data today. The negative publicity over third-party cookies (and by extension third-party data) is causing a major shift in marketing from third-party data sources to second-party marketplaces (or data co-ops), where the data is kept a little closer to the vest. At least with second-party data marketplaces, marketers know where the data is coming from and trust that the source complied with all privacy regulations when it collected it.
But consumers don’t know the difference. When they ask a company not to share their personal data, it means "no" across the board, and companies shouldn’t assume that because it’s first-party data to them, it’s alright to share it in a second-party data marketplace. And conversely, when consumers opt-in and allow a company to use their personal data to get the benefit of personalized advertising, they don’t care whether that personalization comes to them through a third-party or a second-party. Again, they may not know the difference—and shouldn’t be expected to.
So what’s all the buzz about second-party data?
Here are a few key attributes of second-party marketplaces that help them stand out from third-party data providers:
Privacy by design: While they’re no more privacy-compliant than third-party providers, in theory, second-party marketplaces are generally more recent, and thus more likely to be designed with privacy considerations at their core. It’s no guarantee, and there are many unscrupulous data exchanges out there, but the top marketplaces understand the stakes and have developed robust obfuscation, encryption, and protection systems to safeguard the customer data in their possession. It’s a start.
Control over data sharing: In second-party data marketplaces, marketers can control not just what data they want to share, but also what that data is used for. You want to link the insights you glean from the data exchange to your individual customers, but do it in a way that doesn't compromise your, or anyone else's, user-level data. Second-party marketplaces are developing technical capabilities (e.g., clean rooms) to make it possible.
Omnichannel measurement: Second-party data marketplaces are also a place where media buyers and sellers come together to devise new ways to measure omnichannel effectiveness and make sense of opportunities across offline channels, walled gardens, and the open web. It’s no small task in the age of Apple, Google, Facebook, and Amazon.
Competitive advantage: Second-party data marketplaces can offer exclusive access to a company’s raw datasets. That's a much-needed reprieve from the (pardon the pun) cookie-cutter audience segments of those other providers. For example, if OTT is in your media mix, you can get invaluable insights from a company like iSpot.tv (and a leg up on the competition) by striking a direct partnership with them, or by accessing their data through reputable providers like OpenAP or the second-party data marketplace powered by Neustar Fabrick. Who wants to target the same 25-54 female segment as everyone else?
Contextual targeting: Finally, second-party data marketplaces can be credited for rejuvenating contextual targeting—from tried-and-true program genre and keyword targeting to more advanced metadata, natural language processing, and computer vision systems today. Although third-party programmatic systems can be repurposed to operate with contextual data rather than cookies, it’s the second-party marketplaces that are now driving the effort forward.
In today’s highly complex marketing ecosystem, there’s no doubt that second-party data should be on every marketer’s radar. It’s an opportunity for you to team up with suitable partners, find new customers and enrich your own data—giving you much greater control and customization over data-driven use cases.
But don’t think for a moment that because those marketplaces can work without cookies or MAIDs, they exonerate you from your privacy obligations. Mutual trust is at the heart of any successful partnership, and the best second-party marketplaces are built on transparency and enhanced privacy protections. Think of second-party data as an extension of your first-party data. If you’re not sure where the data is coming from, ask. And if the answer is evasive, run.
Your brand reputation is on the line.