Over-the-top services and streaming platforms have significantly changed the way we consume content, offering a wide array of entertainment and media directly over the internet. With this transformation, a major concern has emerged: transparency on the way that user data is used for Dynamic Ad Insertion. John Maxwell Hobbs reports.

Dynamic Ad Insertion (DAI) refers to the technology that allows advertisers to insert ads into video content in real-time or on a user-by-user basis. Unlike traditional broadcasting where everyone sees the same ad, DAI can tailor advertisements based on the viewer’s demographic, viewing preferences, and even past behaviour. Here’s how it impacts both consumers and the industry:

Daniel Pike 2

Daniel Pike, Covatic

For content providers and advertisers, DAI offers a more efficient use of ad space, potentially increasing ad revenue and allowing for more precise targeting. It also enables advertisers to measure the effectiveness of their ads in real time, adjusting strategies accordingly.

Read more Growth vs Consolidation: Business strategies in the Age of ‘Permacrisis’

For consumers, the main advantage is the relevance of ads. Viewers are more likely to see advertisements that match their interests, potentially enhancing their viewing experience. However, this also raises privacy concerns, as it implies detailed tracking of user behaviour.

Privacy issues

The personalized nature of OTT services means they collect a significant amount of data from users, from viewing habits to personal preferences, and sometimes even location data. This raises several privacy concerns:

Data collection and use: Users are often unaware of the extent of data collection and how it is used. This can include not just what they watch but also when, how often, and on what devices. There’s a growing concern about the lack of transparency in these practices.

Data security: With large volumes of sensitive data being collected, OTT platforms are attractive targets for cyberattacks. Data breaches can expose user information, leading to privacy invasions and potentially financial loss.

Regulation and compliance: Different countries have varying regulations on data privacy (like GDPR in Europe and CCPA in California). OTT platforms operating globally need to navigate these regulations carefully, which can be complex and costly. Failure to comply can result in hefty fines and loss of user trust.

Mitigation and future outlook

To address these concerns, many OTT platforms are implementing stronger data protection measures and offering more transparency and control to users over their data. To address privacy concerns, there’s a shift towards anonymizing data and adhering to GDPR regulations, ensuring that viewer information is protected and that ads can still be relevant without being overly personalized. This approach balances viewer privacy with the benefits of targeted advertising. There’s an acknowledgement of finding a sweet spot in ad personalization that respects viewer privacy while making ads relevant.

An alternate approach

The ad delivery start-up Covatic has taken an approach that provides interest-based audience targeting and provides a high level of privacy and confidence to audience members at the same time.

Read more How to create clearer reporting metrics for ad-supported streaming services

Daniel Pike, the company’s Chief Product Officer, speaks about the initial idea driving the development of its product. “The founding idea was to focus on insights,” he says. “Audience insights, content recommendation, content discovery - mainly for broadcasters. The idea was that a mass broadcaster wouldn’t want to go down the route of requiring audience members to sign in for all of these things, which is what the digital native companies were pushing. And we felt, particularly for public service broadcasters, but also any mass reach organisation, this approach would exclude people. Why would you put a barrier in the way?”

The challenge that the company took on was how to offer a personalised experience without users signing in. “GDPR was coming in at pretty much the same time as the company was being founded,” says Pike. “And that was encouraging us to take a very pure approach to this, as well as to really push it, because it felt as if, ‘since we’re starting now, let’s sort of jump to the logical conclusion of where all this legislation is going to go,’ rather than be scrambling all the time to try to keep up like everyone else. So that meant doing it with no IDs, no tracking, and no personal data at all.”

Innovation and privacy

Pike emphasises the way that Covatic’s anonymous approach can provide both innovation and security. “For example, we can identify through our SDK when someone’s driving,” he says. “We don’t know who the person is, it’s not stalking them or anything like that. When you listen to the radio, the ad request goes out and it will say, ‘this person is currently in a car driving,’ and we’ll have road safety adverts delivered to that person whilst they’re driving. And that’s really powerful.”

To address security concerns, Covatic’s solution keeps all data on the user’s device rather than in the cloud, thus maintaining privacy and security. This approach uses advertising IDs with anonymous codes to target audiences without associating data with identifiable individuals. “If we could see that someone specific is driving right now, you wouldn’t want any organisation to know that,” says Pike. “Especially if someone could access it and realise, ‘if they’re driving, it means they’re not at home.” It’s super secure, everything on the device is protected. It’s encrypted. If you want to delete it, just delete the app and it’s gone forever. If our back end gets hacked or people get access to it, there’s no personal data there. Crucially, the broadcaster or the publisher doesn’t have anything either, so they’re entirely GDPR compliant, and the risk of regulatory change or regulatory challenge to their advertising business has gone because the risk of anything malicious happening is gone. It’s a great future-proof way for them to operate. And we can still deliver some rich understanding of user behaviour. Probably better in some ways than third-party cookies.”

Pike emphasises the company’s commitment to on-device processing and edge computing as a method to ensure data security while still providing effective targeted advertising. “We’ve got this really amazing, previously proven tech that can personalise and understand someone on a device without sending any personal data,” he says. “Because of GDPR, and because of what Apple is doing in terms of privacy, the old ways of working with third-party cookies: taking data and user IDs, bringing it to a back end, processing it, and building up a profile around individuals that are identifiable, just isn’t sustainable.”

The wider industry

The wider industry can take advantage of Covatic’s secure approach by incorporating the technology in their own apps via their SDK. “It can begin to learn about the context in which a user is existing,” says Pike. “It will look at things like consumption, locations, the type of device, and so on. All the rich stuff you can get from a mobile, but it all stays there on the device. And it doesn’t associate it with a named user, or an email address or anything like that - we’re just an advertising ID.”

“And from our platform, the client can set down certain rules,” says Pike. “They can start to build out audiences and say, ‘I want to be able to address people who have certain characteristics.’ A really simple rule might be ‘sports fan.’ That might be defined as someone who’s consumed sports content twice in the last month. You call them ‘sports fans,’ and you send that rule down to all the devices with the app. It’s kind of like a broadcast model. The ones that qualify for the rule store the audience code, and the ones that don’t just ignore it. Then they’ll re-evaluate periodically. And when that ad request comes in, we’re able to put the anonymous code to the ad engine as a key value pair, and the ad engine knows what it means - there’s a sports fan here. Again, there’s no email address, I don’t know who they are, I just know that there’s someone listening to the radio right now and they’re a sports fan. At no point is the data associated with an identifiable individual. And that’s crucial, because under GDPR, that’s the definition of when data goes from being just data to being personal data. If it can’t be associated with an identifiable individual, it’s not under the jurisdiction of GDPR.”

Covatic’s product illustrates a path forward that respects user data while tapping into the potential of addressable advertising, setting a precedent for how companies can navigate the complex terrain of innovation in advertising and data transparency.

Read more Vendor predictions for 2024: AI, CTV, FAST and Niche Sports