Description

Privacy

Reach

Traditional DMP

DMPs using 3rd party cookies and advertising IDs to get omni-channel view of the customer (e.g. BlueKai)

Non-compliant: data is transacted without consent or control by the data subject

Omni-channel reach, both online and offline

Universal ID

New products using deterministic IDs (e.g. hashed emails) to create an identity graph across the ecosystem (e.g. Unified ID 2.0)

Non-compliant: companies can still match personal data using the universal ID, data subject rights are unenforceable and data transfer to non-EU countries cannot be prevented

Cross-domain and cross-device reach using forced authentication; potential for offline matching with authenticated users

1st-party DMP

DMP processing first-party data from the publisher to create segments, also on the edge (e.g. Permutive)

Compliant with caveats: compliance achieved only if  DMPs do not overlay third-party data and if the user ID is not passed on to brands 

Without third-party data, segments can only be created with data from a single domain

Publisher platforms

1st party data platforms owned and controlled by the publisher/group of publishers (e.g. Ozone Project)

Compliant with caveats: compliance possible only if publishers do not pass a user ID to vendors and brands

Without third-party data, segments can only be created with data from a single domain

Data clean rooms

Next-gen data clean rooms connect multiple 1st party data sources without sharing PII (e.g. InfoSum)

Compliant with caveats: data owners need explicit consent each time their data is connected with another company, there must be no way to de-anonymise individuals, no matching can be done with companies outside the EU

Limited reach, one-to-one database matching between companies