Dustin Raney:

Absolutely, Kyle. And the question is how are marketers adapting? So one approach as gaining traction is advertising based on user interest collected by domain basis. The landscape’s also buzzing with new federated advertising IDs like UID 2.0 in the US and telco led initiatives like UT and Europe. These solutions are crafting a new narrative in the advertising world where privacy and performance coexist by leveraging hashed emails or phone numbers. Marketers are trying to target audiences without infringing on privacy and removing data like via clean rooms.

This method offers personalized experiences without the need for cross-domain user profiles. And then there’s contextual advertising where ads are tailored to the content rather than the user’s personal data. But there’s more to the story. So while attending the ICOM conference in Spain this last May, I got to hear from some of the data-driven marketing industry’s most influential and innovative thinkers where there was much debate about the future of addressable advertising and the impact of industry regulation ID deprecation. So the conference crescendos each year into this amazing culinary experience and award ceremony. And little did I know I happened to be sitting right next to the winner of this year’s ICOM Startup Challenge, Mattia Fosci, founder and CEO of Anonymized. Mattia was awarded for his innovative targeting solution that addresses privacy challenges in online advertising by using cross-domain identity tech and anonymized segment IDs to ensure scalability, accuracy, and compliance.

So with that said, I’m super excited to introduce Mattia as today’s guest on Real Talk. So, Mattia, thanks for joining us and congratulations for winning this prestigious award. Can you give us a little snapshot about your background?

Mattia Fosci:

Hi guys. Thanks for having me. So my background is probably different from most people in this industry. I’m definitely not a marketer. I trained as a lawyer. I’ve been operating in completely different industries until a few years ago. I worked as a legal advisor for NGOs and government. I worked in academia, I worked in management consultancy. I’ve just happened to come up with an idea that solves a problem. I’ve been interested in the role of digital data and how it influences people’s perceptions of the world since forever. I think first time I got interested in that, so I reading books was 2008, but then my obsession with this accelerated after Cambridge Analytica.

So finally in 2020 I decided to do something about it and I started Anonymised those… Well, it was called ID Word back then. Horrible name, rebrand this here. And so I just stumbled and I brought a decent understanding of privacy regulation, particularly Europe in a very superficial understanding of marketing, which I’m still trying to top up. I think three years later probably starting to get my head around the whole complexity of AdTech, and marketing, and all that sort of stuff. But I do bring the compliance and privacy side of things to its table.

Kyle Hollaway:

Yeah. That’s fascinating, Mattia, of a background there. Like I said, a majority of our guests have not come from the legal industry, and so it’s great to have a new perspective here on the show. You were talking about anonymized this company that you’ve been building and really that personal data belongs to the consumer and trying to have it remain with them, give us some more insight into what’s driven that philosophy, why do you feel like that’s so important, and how’s that playing out into your company capabilities?

Mattia Fosci:

Thanks, Kyle. I think, well, we are a UK company, UK and European. I actually started it, but just by reading the law and say, “Okay. These are the requirements of the law and I knew vaguely what marketers wanted. How would you build a product that meets all those requirements?” And actually the principle that the data is an asset that belongs to what’s called the data subject of the user is in the law. So from a European perspective, that’s not even a question. It should be there. You look at section three or GDPR, just there’s a number of rights that basically the purpose and the philosophical principle behind that is that I give my data to a publisher for a specific cues and it’s a value exchange in order to consume content, and it’s a free exchange as well.

When that data gets passed to many other entities and I lose control, then GDPR isn’t happen anymore. So we just needed to find a way of extracting value from that data without making it disappear in a million different potential entities and all that sort of stuff. So we took the philosophical principle of doing all the data collection, aggregation, processing, and anonymization on the device, which keeps the data so much closer to the user and keeps them in control.

Dustin Raney:

So, Mattia, when we talk about anonymization or aggregation, is there a certain point that the industry is requiring data to be anonymized? For instance, like cohorts, a lot of times we talk about a one to five ratio, one to 10, does that matter? And is that baked into your technology as it relates to how close you get to a person versus a group of people?

Mattia Fosci:

Yeah. So there’s a technical term for that, which is K-anonymity. So K-anonymity means essentially you lose the connection to the individual when it’s part of a group that’s large enough so that any entity that has access to the group can’t identify the specific individual. That’s the same principle behind Privacy Sandbox for instance. But anonymity is not a requirement. So the issue with anonymity is that you don’t need to use anonymous data for marketing. You can use personal data so long as you have consent, but it’s just so difficult to get consent for specific uses, for so many different companies, et cetera that actually, if you use K-anonymity, it frees up all the marketing use cases because you have this data that’s no longer tied to an individual. It can do anything with it, almost anything, but it’s powerful. But you can keep using personal data of course, so long as the user is in remains and control, knows what’s going on, is okay with that, can change their mind.

Dustin Raney:

So what comes to mind as you’re speaking through that and with K-anonymity and that cohort level aggregation of individuals, how is measurement working in that context, and are we seeing or have you seen that the efficacy of marketing at that scale versus on more of an individualized basis is working?

Mattia Fosci:

So the cohorts always retain a link to the individual. So we’re not talking about probabilistic stuff, we’re just going one level above. So measurement, we just need to think about it slightly differently. But a marketer doesn’t need to know what Mattia Fosci is doing. They need to know that out of a segment of a million people, 200,000. So they add couple of times a number, went through the different touch points, and then ended up on the landing page and eventually converted. It’s a funnel. And when you look at funnel and all those different layers, then a cohort is fine because you go from the targeting group to the converting group and everything in between.

It’s just numbers, it’s just stats. You can build attribution algorithms based on those numbers without necessarily having individual ID of each person. It needs rethinking, but it works. We make it work. It’s possible. And I don’t think it loses any granularity because again, it’s almost like if you use the identity at the end of that process, each identifier needs to be aggregated into a group of converting users at the end of the funnel. So let’s do it without going to the individual in the first place.

Dustin Raney:

Great. So yeah, the culprit of all this, like we mentioned earlier, is the loss of those IDs, what’s driving innovation, what’s driving brands and publishers alike to have to figure out what to do next is deprecation of third party cookies for the most part. So last year you wrote an article talking about how manufactured confusion around cookieless technology is hurting the industry. Can you tell us what you mean by manufactured confusion?

Mattia Fosci:

Yeah. You picked a very combative blog post that I wrote [inaudible 00:11:02]. I think it was somewhat provocative. If I had to write it again, I would be a little bit more dramatic.

Dustin Raney:

I would love that.

Mattia Fosci:

But I do stem with what I wrote last year, I think put yourself in my shoes. I have a legal background, I’m pharmacy nerd, and for me things are black or white. So I then came to this market and I just discovered all these different shades of grays that I wasn’t completely attuned to. So for me, I came in and say, “Well, look…” I used to say, “This is compliant, this is not compliant. It’s based on the law and it’s based on the case law.” And then what I saw is actually a lot of fanciful interpretations of the law. And one of my favorite is when a company has asked a privacy question and then the full answer is it’s complicated.

It’s a bit like when you’re in a relationship and it’s just not working anymore, but you don’t want to say that. It’s just, it’s complicated. So what is personal data? It’s complicated. What is anonymization? It’s complicated? Our hash email’s personal data is complicated and it’s actually not that complicated. Some things are complicated, some things aren’t. So let’s not make it more complicated than it is. I think regulators are, a regulators operate at a higher level. They set principles and they set rules that are generic enough. So it’s then up to us to interpret those rules and implement those rules. And I think what I found is that instead of just embracing the spirit of the law for some time, some companies were trying to lawyer their way out of the regulation, just pushing on certain interpretations that really were in the spirit of the law, and that just created more confusion.

The other thing is when some companies hadn’t really done much substantive work to align themselves with privacy requirements, but then would just slap a GDPR, CCPA compliant statement big on their websites. That’s not true, mate. Why are you saying that? I think that those times are gone. I think people are getting finally more serious about it, but it has created a delay in action, I think, and understanding of what was required by the industry.

Dustin Raney:

And I know we had a chance of sitting in some of the same round tables at ICOM where we got to debate quite heavily some of the new cookieless solutions that are entering the market. One of those being maybe the use of proxies like email addresses and phone numbers. And it seems to be take different paths. At US, we’re heavily geared towards email, trade desk, leading UID 2.0. In Europe, it seems like the telcos what I was cat gathering and seems to be gaining some momentum are leveraging phone number behind their accounts as a proxy. What are your thoughts on leveraging those kind of personal IDs as a proxy for AdTech?

Mattia Fosci:

I’ll start from the good parts. The good part is that they both bypass the browser to an extent. We don’t know what emails, email collection, whether what is private relay or some other thing that Apple and Google are cooking up. It’s possible they block that too. But in principle, this stuff works without permission of a browser, which is good news. You don’t want to be how that ransom by two companies, really. The bad news, in Europe and from a privacy perspective is that swapping a third party cookie for a phone number or an email address doesn’t strike me as a privacy improvement to be honest.

I am not sure how our friends are going to be able to keep selling that in Europe, including UTIC. And I think they’re being careful because it’s not like they have access to the ID, but they generate token, as far as I understand, for companies to use. But there’s always that trade off of how persistent that is, how widespread it is, what is their consent, et cetera. And if they push it too far, I’m afraid they’re going to incur into some privacy advocate IR, which will raise the profile of the initiative, which will attract regulator scrutiny, which will secure off the telco. We’ve seen that before. So let’s see.

Dustin Raney:

So I really appreciate your insights there and also the slightly competitive answer there, our statement there early on that you published in that vein, taking a little controversial slant to things is do you feel like the consumer is actually aligned with these privacy regulations? I feel like we have regulators and we have some very strict expectations being set, regulation being set on managing data and on behalf of the consumer. Does the general population align with that or do you feel like this is government or regulation protected consumer but the consumer doesn’t really know or care?

Mattia Fosci:

Well, it’s a very good question. I don’t have data to say to have definitive conclusion on this, but I’d say consumers’ care to an extent and they care to the extent that they know about this. And the more they know, the more they care. And so is it how much they know, how much they realize the extent that which their data is used. And really in this, the base, our tech, yes, there’s a lot of information about people, but how much data does Google have about us? I just downloaded my entire driving history for the past 10 years and Google knew exactly where I was at every moment in time. So it’s the overuse of that data, it’s the over collection of that data. And when people find out, and it happened to me that I opened my friends or families eyes to excessive data collection, they go, “Oh my God, I didn’t know about that.” And they actually start caring.

Now start caring doesn’t mean that they want to click more for it, not pay for their privacy. Most people don’t want to do that. So in Europe we have two principles of privacy by design and default, which basically means it is the business duty to make sure privacy is baked into their product and services opposed to it’s something a user has to do, something to acquire.

And I think it’s right. I think we have these things in Europe where you can accept cookies with one click and reject it with two clicks and accept rates of 90 plus percent because people don’t want to click twice on every domain. It’s the same principle. You don’t want to make it too difficult for people to protect their privacy. You want to make that a default reality. Sorry if I’m renting too much, guys, just stop me. At the same time, I feel sometimes there’s a bit of airy-fairy thinking by some privacy advocates that just say, advertising is bad. No data should be collected ever, behavioral blah, blah, blah, blah, blah, blah, blah. The open internet does require effective marketing. The open internet doesn’t work in a vacuum, it works in competition too. Social and search. And those guys have plenty of data.

If you remove data from the open internet, you undermine the economic foundation of it. You starve publishers of their revenue, you migrate at budgets to platforms that are already dominate. So we do need to find the solution. And so I think that solution has to be technically different, philosophically different, but data will continue to remain an important part of having a free and open internet.

Dustin Raney:

Yeah. I love that perspective there on the open internet versus more of the walled garden capabilities because like I said, in many ways the walled garden ecosystems already have all the data and consumers have already at least over some period of time given some level of consent to that because they’re interacting with those platforms in a different way versus just on the open internet. And from a regulatory standpoint, finding that ability to watch out for the consumer because they know more than what the consumer knows.

And so being able to manage to that, but also not, as you say, choke out the revenue streams and the ability for the open internet to economically operate, because that’s also in consumer’s best interest. Not to be forced into just one or two vendors, but to actually have competition and a wide variety of sources, whether it’s for information or for product. That’s a great balance that hasn’t really been solved for it seems in that. And so I’m very interested how that plays out.

Mattia Fosci:

And, Kyle, just so that people don’t feel unfairly targeted, regulators are looking also at consent for the walled gardens. Where are we that the data we generate where we type emails on Gmail and watch feeders on YouTube and search stuff on the different domain, et cetera, is all connected into one account. How much do we actually know about the data and how long it’s stored for not much. And do we have a genuine choice?

Kyle Hollaway:

Not really.

Mattia Fosci:

If I want to use that service, I’ve got to give everything. All the data generated to one company. And so in Europe, there already have been some decisions in Germany recently that look into reviewing that and actually asking for specific consent for cross devise and cross context, which means cross service data sharing within the same company. Because otherwise the default is I’m a legal entity, I buy the whole internet, everything is mine, and I can just share data left and right. That’s not better than having different providers necessarily or different websites. This thing of having cross-domain now has become this cross domain is bad. Why is cross domain bad? If it’s consented, if the data’s minimized, et cetera, why is it bad? It’s not in the law. It is nowhere in the law. This is a misinterpretation of the law that is pushed by people who don’t need, or companies that don’t need cross-domain because they can put everything under a single domain.

Kyle Hollaway:

Interesting.

Dustin Raney:

Great point. So to solve this, do you think the end state is some self-sovereign technology that stands above all the open internet, the walled gardens, everything? I am one consumer. I have control of my data. I can monetize myself. Do you believe that technology decentralizes to that point to where literally the consumer has complete control and transparency?

Mattia Fosci:

It’s a process. I think it’s maybe not the monetization angle. I don’t think there’s enough value for it. We did the math, we crunched the numbers, and there are some companies out there that are doing that. And when we looked into our users, should user be able to sell their own data? I think, number one, they’re not going to make enough money from it to really make a difference. Number two, it’s probably going to be what teenagers or people are low income or want to get five bucks a month from their data if that. And then wealthier people don’t really care and protect their privacy. So it’s got really discriminating, and also you end up targeting the people with the least affluent ones. If that’s a dynamic, it just the math didn’t work maybe in the future. I don’t know if it’s going to be self-sovereign, but I think we’ve got these devices in our pockets.

They’re so powerful, they can do a lot of things. Why do we need to send everything to the server? That’s the technological difference that we are advocating. Just do all the stuff on the device and just send aggregate to things to whoever needs to use them.

Dustin Raney:

Hey, just taking a slight different tact here. Going back to some of the regulation and you’re talking about what’s codified in section three, the individual’s rights, the subject access request component of an individual’s right to ask for information back or to have it deleted or such. Do you see in the EU, in particular across your domain, a lot of requests for that? Have consumers really been taking advantage of that particular ability to request, see the data, and potentially even delete the data?

Mattia Fosci:

Off the top of my head, I can tell you how much. It’s called SAR, data subject access requests we’ve received. Because we have the data all in one place and it’s the device, it’s so easy for us. We build basically an interface which is a window into your device that shows this is data we collected and it has two buttons, download it or delete it. So we know how many users we have and we know how many requests we’ve got, and this is outdated number, but we have in excess of a hundred million browsers with data store locally and we’ve received fewer than a thousand requests.

Dustin Raney:

Interesting.

Mattia Fosci:

Okay.

Dustin Raney:

Fewer.

Mattia Fosci:

I think it’s probably less than 500, but you do the math, there’s not many people do it. And we make it easy as well. There’s links from the publisher. It’s not like you have to click a hundred million times to get to whatever page, we make it as easy as it can be. We can make it easier. And I think, if we become more of a household name, if there’s a more direct connection with the user, we expect that number to go up. But it will still be a very small portion of users that do it because most people have no time and no interest and no understanding of this. But the fact that they can do it is important because you will have that. Less than 1% of the population really care. Mattia will take advantage of that and they will work as watchdog for the rest of us. It’s important that they can do it.

Kyle Hollaway:

Yeah, that’s great. Great call out.

Dustin Raney:

Yeah. One of the things that you talked about your technology and certainly don’t want to get underneath a proprietary engine, what makes it work and don’t want to drive down the path cause you to overshare, but you said that the technology works on the browser, the browsers being Google and Apple owned, but you’re able to get around the blocking technology with the way, so your solution is truly cookieless. Is there anything that you can share just from a general perspective on how yours is different than what a cookie would do?

Mattia Fosci:

What I can say is that we create links between local storages of different domains and then we keep the data on the local storage. We aggregate in the local storage and then we anonymize it. And then from there we create segment IDs that are sent to an SSP for activation via deals using key value for targeting. So there’s no individual identifier goes into the big stream. So it doesn’t work in open RTB at the moment until they remove that identity, make the… I hate entity feel optional. We don’t work with that. But yeah, I think being in a browser is risky because, let’s face it, they’re trying to privatize the whole thing. It’s their toy.

And so instead of going around it, because we know we tick all the privacy boxes because we’ve designed this with privacy in mind, we’re going on the offense and we’re speaking to them and we’re speaking to the regulators, we’re saying is this… And the regulators are saying, “By and large, yeah, we like that. We like the principle, we like the tech. Thumbs up.” And now we need to make sure that the browsers don’t discriminate and just say basically my way of using the browser is the only way of using the browser because I can.

Dustin Raney:

Brilliant. And you bring up a great point. Google and Apple, they have an issue to solve as well. And they own the devices. They’re somewhat monolithic, if that’s a word, they could be viewed that way. There’s a lot of antitrust things happening. So having innovative solutions that can come in and solve complex problems that play well with their technology, I think it’s critical to keep the freedom of information in essence going, which is really I feel is what consumers want to maintain access to. That’s the most important thing with what I’m hearing in this conversation. They might not want to monetize themselves, they might not be scalable, but accessing information across the internet and maintaining that access is critical. And I think having an ecosystem where a lot of different players are building things that are protecting the consumer while also providing scale to that access.

Mattia Fosci:

I think it is critical. I think the position that these giants has stated as, “We’re going to do that, don’t worry about it. We’ve got it sorted.” And it’s worrying because you don’t want a monopoly. It’s not just the targeting, it’s mostly the measurement bit that it’s important because they’d be providing the targeting data and then it’ll be marketing their own homework. And does it work for publishers or advertisers? Where is the choice? Clearly they follow demand. So it’s going to work for advertisers first because that’s where budgets come from. And then are the publishers happy? Is data leaking still or audiences if not data? Are CPMs going up or down? There’s no choice. You basically are dependent wholly and entirely on the commercial strategies of two companies. And I don’t think anyone wants that other than those two companies. So I think just establishing fair rules for everybody and clarity is important.

But to be fair to Apple and Google, they’ve had it easier. And I wrote another controversial blog post recently which attracted quite a lot of, not angry but emotional comments, which is that we somehow are making it easier for the browsers to justify anti-competitive measures. But we as an industry but not really engaging with the spirit of the law. So basically by trying to build workarounds, we make their argument that their measures are all done to protect user privacy. So much more compelling. If we had engaged two, three years ago with the actual spirit of the law and we built alternative tech, then they would be in a much different position right now because they wouldn’t be able to claim we are the only ones that deliver privacy.

Dustin Raney:

That’s a great point there. So pulling back up just a little bit and looking broadly across, you are a very frequent speaker at industry conferences. You’ve definitely done a great job of keeping your finger on the pulse of what’s happening specifically in this space. When you’re at the conferences, when you’re speaking on panels or with other groups, what are some of the key pain points that you’re really being discussed? Where’s the discussion gravitating to in those kinds of settings?

Mattia Fosci:

The message people tend to say, we need to test more, we need to have more data, we need to… And then test really don’t happen. People who are invited at conferences are senior strategic people. And then you go down and you speak to the traders and have got no time, honestly. It’s someone else’s problem. And actually the data to understand what works and what doesn’t is still source cards. And that includes the sandbox as well as cookie technologies like mine. I’ve certainly experienced, we’ve experienced a big change in the last six to nine months, and that change is accelerating as the actual deadline inches closer and closer. People are becoming more serious. But for a long time it’s just like this desire to know more without any investment into finding out more.

And what I sometimes see is people complain about targeting, as I said, mostly is the measurement bit that no one, if you don’t know how good the campaign is performing, then how do you convince a brand to spend more? You don’t really have a narrative. But then you’ve got a lot of panels there. Talk about a specific solution. I hope we’ve done this one test under this very narrow set of parameters and circumstances, et cetera, and it worked great.

Okay, cool. Why are we not harmonizing that? Why are we not doing it industry-wide? Why don’t we have standard KPIs? Why don’t we clarify what the goals are and why don’t we agree in what we want to achieve? It’s all so fragmented. So I think the pain points of many is just we are not clear enough to define what we want and we’re not putting enough effort to measure how well we’re getting to where we want to get. And so the pain point is just this, back to the confusion. It’s system. We know a problem is there, we know it’s coming and we’ve got a few things that we are now testing, but we still don’t know how well they work.

Kyle Hollaway:

Do you think that some of that is a byproduct of the fact that because Google has continued up to this point to kick the can down the road that people are just like, “I got my day job and it’s still working the way it has, so I’m going to keep focused there.” And they just haven’t been forced into that inflection point of saying, “I must test or I must do something different.”?

Mattia Fosci:

One million percent. But there’s what 50% of the market that isn’t Google. You want to test? You have enough people to test. You don’t need that. It’s not perceived as a business imperative. It’s not Google’s fault. Obviously I’m not happy that they delayed it personally because quite cookieless. But you can also flip around and say, “We’ve had two more years for this. Why have we not done it? Or why are we only starting now where it’s really very last minute?” And the truth is because sometimes you need leadership and we’ve missed leadership of this up until now.

Dustin Raney:

Unfortunately, we’re starting to reach the end of our time here. But we would like to end with our standard wrap up question. So, Mattia, what has you most excited about the next 12 months?

Mattia Fosci:

Whoa. Next 12 months, I going to be a fun ride I think. I put my 10 bucks on Google, not deprecating in 2024, but beginning of 2025, which doesn’t really change things much. They’re going to live Q4 to us as a goodbye gift. What am I looking forward to? I think there’s going to be a lot of panic buying. There’s going to be a lot of solutions. There are just going to be struggling and that’s not good. And a lot of companies that are going to be doing very quick soul-searching. And there’s going to be this mighty battle between the browsers saying with the guardian of privacy tech going, “Hey, you’re killing us. Come on. Get serious.” And it’s completely unpredictable. But yeah, I think the political fault lines, the legal fault lines, the commercial fault lines just got to come out.

It’s all like one of those Netflix TV series. There’s a buildup nine episode long. And then episode 10 is when everything happens. It’s like, “Whoa.” I think 2024 is episode 10.

Dustin Raney:

Oh, I like it, man. I think you just named this podcast episode 10. Mattai, thank you so much for joining us today. I know Kyle and I both learned a lot. It’s amazing having a legal representation, someone with your knowledge, also your innovative mind and voice in the industry. So thank you for taking the time, and thank you to all our listeners. You can find all of our Real Identity podcast episodes at acxiom.com/realtalk or find us on your favorite podcast platform and we look forward to talking next time. Thank you.

Mattia Fosci:

Thank you.