It’s the question on every digital advertiser’s lips – is the end of the cookie nigh?

Both Apple’s Safari and Mozilla’s Firefox have made the decision to block third-party cookies recently, while Google Chrome appears to be slowly taking steps in following suit.

But according to Rubicon Project VP product management Garrett McGrath, the discussion around cookies is only the tip of a much larger iceberg.

“We’ve begun to use identity as a differentiator, where one method of identification is better than another” he told B&T at the IAB Measure Up conference in Sydney on Tuesday.

“We’ve gotten ourselves into a situation where there’s a lot of questions being asked from a privacy point of view – and they’re totally appropriate questions that should be asked – and I think we’re quickly getting to a point where we need we need to realise we’re beginning to realize that identity should be a community asset.”

Publishers need to be controlling what they’re exposing users to, while end-users should be in control of how they are tracked, McGrath added.

The Rubicon Project is a digital advertising exchange, which last week acquired open-source header bidding solution RTK.IO.

“Our position and my personal position is that identity shouldn’t be a profit centre, it should be something that is community-controlled,” McGrath said.

Cutting through the noise

And while so much has been made of whether the future will be ‘cookieless’ or not, there is still a level of ambiguity around what this will actually look like.

“When we talk about cookieless at this point of time, it basically means Chrome blocks third-party cookies or they don’t,” McGrath clarified.

“Chrome and Google have done some very important things for giving consumers the ability to control [cookies], and they’re continuing to do those things, but is that is the future cookieless? It almost becomes a matter of ‘what does the identity model look like?’

“What are the tools given to consumers for the purpose of identity or personalised advertising.”

Of course, a significant step here has been the implementation of the GDPR by the EU last year.

Consent is now a key pillar in online advertising and users now have more power to control how their data is collected around the internet.

GDRP: Who Wins?

And while regulations such as GDPR have been widely supported across various industries, the changes impact businesses differently.

Polar CEO Kunal Gupta was recently quoted saying, “we may look back in a few years and ask ourselves the question, ‘did Google and Facebook invent GDPR?'”

“Google doesn’t really need GDPR, they have all of the login information and consent that they need,” McGrath said.

“However they have been heavily involved in drafting the IAB Transparency Consent Framework and said publicly they will join the framework once it’s live.”

Google’s approach does not necessarily mean other businesses are directly disadvantaged by GDPR.

“They’re [other companies] disadvantaged by the fact that they don’t have access to that data.

“Everything outside the walled gardens is independent folks trying to interoperate. They don’t have login data and they don’t have the breadth of data that Google or Facebook has.

“The open internet needs standards, tools and regulations to grow, and to be privacy-centric, safe for users and a viable alternative.

“Nobody – I think including Google – wants there to be only Google or only Facebook.”

ACCC report was Australia’s gdpr

From a local standpoint, Australia has previously been somewhat removed from something like GDPR, despite there being global ramification.

But according to Rubicon Project country manager ANZ Rohan Creasey, this year’s ACCC Digital Platforms Inquiry was somewhat a coming of age for the industry.

“I think the ACCC releasing their recommendations is probably going to be seen, when we look back on it, as Australia’s GDPR moment,” he said.

“I think everyone is realising this might come sooner than we think.”