‘There is no precedent to this’: How Criteo plans to adapt to Apple’s IDFA privacy update

Apple’s forthcoming privacy update that will require users to give consent for apps to share their data with third parties — held on its anonymized identifier for advertisers, known as the IDFA — affects any company that owns an app, advertises on apps, or measures the effectiveness of that advertising. Ad retargeting specialist Criteo is bracing itself for the negative impact.

Criteo told investors during its second-quarter earnings call earlier this week that it forecasts a “$3 million headwind” from Apple’s update and the impact of “stricter consent banners in Europe” in the third quarter. The Court of Justice of the European Union ruled last year that websites need to obtain explicit consent from users in order to collect their personal data. 

To call out the potential IDFA impact in the third quarter is significant because Apple’s iOS 14 update is only expected to roll out in mid-September — the last two weeks of that quarter — and it will take a while for all Apple users to adopt the new operating system. Analysts from JMP Securities wrote in a research note earlier this week that the Apple update has the potential to hit Criteo’s revenue by $20 million in the fourth quarter and more than $60 million in 2021.

“It’s very hard for us to extrapolate what [the IDFA changes] will do given that there is no precedent to this,” Criteo CEO Megan Clarken told Digiday.

If consumer opt-in rates are terribly low, or Apple ultimately decides to remove the IDFA altogether, advertisers will choose ad tech partners who have the best access to other forms of audience data, according to Clarken. 

“If there was a worst-case scenario and we are all playing a guessing game … then I think Criteo is in the best spot,” she said. “If you look at the data set we have and the ability even to do contextual stuff, then expand from that to things that are probabilistic and even taking that data and making it deterministic, we have a really powerful position.”

Criteo says it has first-party data integrations with more than 20,000 advertisers and 4,700 publishers. Its ID graph contains data for 2.5 billion users, “of which 98% have persistent identifiers beyond cookies,” Clarken said on the earnings call. That includes data such as hashed email addresses or loyalty card information, which is privacy-protected, Clarken told Digiday.

“If you’re the average [demand-side platform], you probably don’t have anywhere near the level of access to brands’ first-party data,” said Joanna O’Connell, principal analyst at Forrester. “That doesn’t make them immune [to the impact of Apple’s upcoming IDFA changes] — nobody is immune — that’s the reason why there is so much energy around ID infrastructures because we all know that something has got to be done.”

It’s unclear what Apple’s intentions are, but its broad definition of “tracking” in its AppTrackingTransparency (ATT) Framework appears to limit data leakage beyond IDFA, such as sharing email lists, alternative IDs etc.,” said Rocco Strauss, internet equity research analyst at Arete Research, via email.

ID solutions, such as Criteo’s, could be proposed as workarounds that enable user-level targeting, even if users opt out of tracking, he added, but Apple may take steps to block these, as it has with previous workarounds for its Intelligent Tracker Prevention feature in the Safari browser.

“While Apple has no control over publishers’ CRM systems or server-side activity_— and publishers will even more often ask for email addresses to log-in — Apple could (temporarily) block apps when it detects sharing of IDs/email addresses server-side,” Strauss said.

Earlier this year, Criteo began work on what it is calling a “revocable identification system” — a portal where consumers could access their privacy profile and update their preferences for how they can be targeted across web browsers and apps. The idea is that the system will be open source — not owned by Criteo or any other commercial entity — and that it is open to all ad tech vendors, publishers and advertisers. Criteo is aiming for the platform to be ready by the fourth quarter of 2020.

“It gives control back to the consumer, the owner of the ID, and takes it out of the control of the browser or the operating system,” said Clarken, who added that the system had “started to gain traction with the powers that be,” referring to publishers and advertisers but without naming specific companies.

For the second quarter, Criteo reported $180 million in revenue minus traffic acquisitions costs in the second quarter, an 18% dip on last year. Its performance was better than expected as while clients in sectors including travel and brick-and-mortar retail paused or reined in their spending, midmarket and direct-to-consumer companies maintained or increased their activity.

The company attributed a $41 million net negative impact to the coronavirus crisis in the period. Criteo is forecasting third-quarter revenue of between $171 million and $173 million, a 20% to 21% decline from last year’s quarter, which includes a $40 million negative coronavirus impact.


More in Media

YouTube is under fire again, this time over child protection

Adalytics Research asks, ‘Are YouTube advertisers inadvertently harvesting data from millions of children?’

Illustration of a puzzle that spells out the word 'media.'

Media Briefing: Publishers pump up per-subscriber revenue amid ad revenue declines

Publishers’ Q2 earnings reveal digital advertising is still in a tight spot, but digital subscriptions are picking up steam.

Lessons for AI from the ad-tech era: ‘We’re living in a memory-less world’

Experts reflect how the failures of social media and online advertising can help the industry improve the next era of innovation.