Hashed Emails – Not the Solution for the Post-cookie World
Data privacy laws and browser changes triggered tectonic shifts in the digital advertising industry. An increasing number of brands, agencies and publishers are now modifying their media planner playbooks to omit traditional targeting and measuring tools that have failed to overcome mounting scrutiny. As a result, the entire open internet is searching for a durable set of solutions that can replace third-party cookies, IP addresses and mobile ad identifiers.
Some corners of the industry have turned to transacting directly on hashed emails as an alternative to cookies and device IDs. While this can be a shortcut to getting publishers and marketers started matching their datasets, the technique is lacking for a number of mission-critical reasons – it only works on direct deals, it is not security safe, it doesn’t give the publisher full control, and it’s not person-based. The industry needs interoperable identity that works across channels, buying mechanisms, and puts the publisher in control, while maximizing reach for the marketer and ensuring the privacy of the consumer.
Hashed Emails – What???
Email hashing involves the use of cryptography to encode email addresses into a random string of characters – also known as a hash – to represent emails. Hashed emails are persistent – using basic email hashing techniques, the same email will always correspond to the same hash.
Digital marketers and publishers have long leveraged email hashing to help conceal their audience’s personally identifiable information (PII). However, many marketers and publishers still use hashed emails to leverage consumer identity for digital marketing purposes.
While hashed emails still adds to baseline security and privacy,and there are other types of hashing tools and processes that can further enhance security here, hashed emails should be considered as an early step towards secure digital marketing – and certainly not as a persistent identifier for the ecosystem to transact upon.
Top AIThority Story|: llegal Robocallers, Beware! Anti-Robocall Litigation Task Force is Here
Security and Privacy Concerns
Hashing emails may stop accidental data breaches, but when it comes to bad actors looking to trace information back to individuals, the solution proves to be woefully inept as a standalone. It’s relatively easy for bad actors to exploit past data breaches of emails and hashes to reverse-engineer hashed emails. With so many datasets from wide-reaching data breaches readily available on the web, bad actors are easily able to take advantage of these existing data breaches to unlock all unsecured data that companies tied to hashed emails, including consumers’ known identity.
Solutions for advertising based on identity must support a higher standard of data security – not just from a technical perspective, but from an obvious regulatory perspective as well. As regulators continue to run down universal identifiers, transacting on hashed emails is a clear contradiction of the spirit of current privacy regulations – which usually bodes poorly once the letter of the law catches up.
Using Decades-Old Tools That the Market Has Surpassed
Perhaps most importantly, using hashed emails for digital marketing inhibits campaign ROI – and as a standalone, generally fails to achieve whatever marketing outcome publishers and marketers intend.
Using hashed emails as an identifier only works if consumers are using their emails. However, in today’s ecosystem, marketers must engage consumers across devices, within households and across environments, and consumers may be using different identifiers in many of these channels. When marketers and publishers seek to scale a campaign using hashed emails alone, and then prove their efforts drove results, they’re likely to find that hashed emails lead to inefficient match rates, and a limited ability to prove campaign ROI.
This lack of scale alone should give the industry pause. If the open web is to survive the post-cookie era, it needs to back replacement solutions that can unify data across all browsers and channels.
Moving forward with Hashed Emails
Fundamentally, hashed emails fall short as a serious standard for identity in the programmatic bid-stream, measurement, attribution and other forms of cross-company collaboration. Advertisers and publishers alike would be wise to understand that new privacy rules are on a collision course with hashed emails – not to mention the lower functionalities of transacting upon them.
Fortunately, there are newer tools available in the market that anonymize user data and eliminate the privacy risks associated with hashed emails. It’s time for the industry to move on to other replacement options.