Measurement IO

Privacy and Measurement I/O

By Rachel Galvin, ThinkMedium Client Advisor

The advertising industry is coalescing around privacy and data protection while navigating ongoing fragmentation. Maximizing efficiency and effectiveness – for example, for return on ad spend – is more crucial than ever and requires “accurate, comprehensive measurement, analysis tools, and practices”. However, privacy-related regulations and platform policies can diminish efficiency and effectiveness, while also upending the existing measurement solutions used to evaluate them.

Adapting to the new ecosystem requires a robust measurement strategy to set up your business for near- and long-term success. By employing the most durable measurement strategies today, you’re better positioned to thoughtfully assess and adopt emerging solutions and technologies that can complement or even replace your existing portfolio on the road ahead.

The first step in developing a forward-looking measurement strategy is to consider the benefits and privacy risks of existing and available measurement solutions. From there, you can determine which practices (if any) you need to evolve and identify where you may need to explore alternative, innovative solutions in the near future.

Evaluating Existing Solutions

So, how do you get started? Begin with a high-level investigation to identify and triage the biggest areas of concerns among your existing solutions portfolio. Ultimately, you’re aiming for a balance between privacy and utility – that is, solutions that comply with regulatory and platform policies while simultaneously providing valuable, actionable insights for decisioning. Of course, utility may include various additional elements, such as scalability or cost, depending on your business. In some cases, privacy and utility are at odds, as the value generated from ads and measurement have relied on granular consumer data, which can be antithetical to privacy. As such, the ideal tradeoffs between privacy and utility are variable for each business based on its own unique goals, priorities, and risk tolerance. 

Given the inherent subjectiveness of utility, we will instead focus on compliance, offering a simple framework for assessing whether your current solutions are in line with general privacy policies and regulatory trends. We leave it to you to define utility and your ideal balance, but caution that the less you prioritize privacy today, the more likely urgent and possibly significant changes will be needed in the near future. 

Criteria and Considerations

There is no one-size-fits-all evaluation for measurement solutions. Even within a class of solution – for example, brand lift – the underlying methodologies vary greatly, which in turn affects privacy compliance. Therefore, we recommend breaking down the methodology behind your selected solution and considering the privacy implications of needed input and intended output. We share general rules of thumb – for example, the biggest areas of concerns for current privacy policies revolve around consumer-related data, data granularity, and data collaboration – but again, urge you to use available resources to assess these elements more fully once you have a directional understanding of the risk.

Output: We start with outputs, as they determine which solutions and methodologies should be employed for measurement. Similarly, reexamining what you’re trying to achieve with measurement generally can narrow exploration of alternative strategies if needed. Here you want to ask several key questions:

  • What decision(s) am I trying to inform? How do I plan to use this output?”
    • For example, do I continue spending on this or that publisher? Can I pare down linear TV, “traditional digital”, or OOH? How should I adjust future ad delivery or automation based on these insights?
  • Which output feature is the highest priority (e.g., precision, granularity, scale)?
    • There are tradeoffs for prioritizing one element over another (e.g., granularity versus scale), but how you plan to use output can help determine which feature is most important.
    • The good news is that most features are nice to have, not critical. For example, a directional finding indicating Publisher A performs better than Publisher B may lead to the same decision as more precise output.
  • Will output be shared with anyone? At what level of granularity?

The first two considerations will dictate what input is needed and will be governed by privacy policies indirectly, whereas the last is subject to privacy policies directly.

Input: Based on the above responses, the remaining considerations include:

  • Which solution are you using and what is the (rough) methodology?
    • Even a high-level understanding of methodology can surface privacy durability concerns. For instance, employing multi-touch attribution, which implies visibility of users across devices and media channels, is counter to aspects of regulations and platform policies
    • Ensure you have enough context and detail to evaluate the specific variant of the solution you use. For example, different inputs are required for a lift study that uses randomization versus a quasi-experimental design, which must create a “control” group that looks exactly like the exposed, save for exposure to the campaign.
  • What type and level of data is needed? For example,
    • Do you need exposure, outcome, and/or demographic/behavioral data? What about data on advertising spend or general economic data?
    • Does each element need to be at the person-, household-, geographic-, publisher-, or channel-level?
  • Where is data sourced?
    • Do you have or collect the data directly (e.g., onsite purchases, ad spend) or indirectly?
    • Does consumer data need to be connected across touchpoints and/or partners? How is matching achieved (cookies, IP, universal ID, consented data collaboration)?

Usage of any consumer data at the person or household-level, especially personally identifiable information that is especially sensitive, warrants an investigation to ensure privacy expectations and requirements are being met. 

The following rules of thumb may also help flag the areas of concern in regard to privacy and durability:

Greater Privacy Durability Greater Privacy Risk
(use with caution)
Data Type / Collection
  • Business data (aggregated sales, spend)
  • Consented data for purpose usage
  • Data collected directly from consumers by the party deploying it (1st party)
  • Granular consumer data
  • Passively-collected identifiers for data linkage (e.g., cookies, MAIDs, potentially IP).
  • Non-consented data
Data Collaboration
  • Limited sharing (2nd party) of consented data
  • 3rd-party sharing of consumer data


Even based on this general guidance and prior to drilling into underlying methodologies, some solutions appear to be more privacy-durable (e.g., media mix modeling / MMM) than others (e.g., multi-touch attribution / MTA).

What’s Next?

The players that will navigate privacy-changes most successfully will be those with the greatest flexibility. The era of big data generated unprecedented value for the industry, but now we’re in a period of correction to find a balance of consumer and business needs. This requires not just adhering to laws and policies of today, but approaching all decisions – including those in measurement – from the perspective of where the industry is heading. 

For some, this may mean sunsetting long-used solutions, blending old and new methodologies together, building out first-party data collection capabilities, or eliminating some intermediaries. Regardless of the approach, it is clear the industry as a whole needs to become more comfortable with less certainty (e.g., data minimization, probabilistic modeling). After all, this is only the latest industry shake-up in a long history of disruption, and we have certainly found ways to innovate in the past. The best way to get ahead is to understand what is changing and proactively choose the right strategies for your business priorities. 

Now that you have a rough idea of where your measurement strategy might pose privacy risks, it is time to dig in and work with your partners to fully evaluate and ensure these practices are privacy compliant and as forward-looking as possible. To help you do this, keep an eye out for the upcoming CIMM/4As report developed with ThinkMedium, which will include a more in-depth privacy framework and our durability evaluations of many existing and emerging measurement and activation solutions. Given the potential of emerging solutions and technologies to enhance or disrupt what’s currently available, we’ll be sharing a second piece in this series in January to provide more insight into how to think about emerging solutions and where there is more work to be done to enable privacy over the long-term.

Published On: November 15, 2023

Share this Story, Choose your Platform!

Related Articles

Privacy Game-Changers 3: Before/After
Privacy Game-Changers 3: Before/After

Privacy Game-Changers 3: Before/After

June 6, 2025
Privacy Game-Changers 2: Assessing Impact
Privacy Game-Changers 2: Assessing Impact

Privacy Game-Changers 2: Assessing Impact

June 6, 2025
Publisher Readiness Playbook
Publisher Readiness Playbook

Publisher Readiness Playbook

April 29, 2025
Undermining Ourselves
Undermining Ourselves

Undermining Ourselves

April 15, 2025