Thriving in First-Party Gardens

Read our take on the shifts away from third-party cookies and towards first-party walled gardens, the value of product-keyed datasets, and what these changes mean for marketers.

Written by
Keerat Sharma
January 12, 2024
Thriving in First-Party Gardens

Table of contents

Table of contents










It is a first-party world with many gardens, and we’re going to live happily in all of them

As marketers, we’re moving to an aggregate and anonymous world that interfaces with many walled gardens. We’ll move increasingly to metrics around outcomes (e.g.: sales of products), as opposed to data about customers (which will steadily dry up). And all of this is better in many ways.

What changed, and why?

Rewind about half a decade and it was possible to take any customer-keyed dataset you had and activate it to reach that audience on any website or app and direct them to any destination. The technology powering this targeting was the cookie, which first appeared in 1994 on Netscape to personalize websites. It was quickly adopted by ad tech entities in the form of third party cookies.

Here’s how cookies were used within an advertising context. As a customer, when you landed on your favorite site, say a news media destination, your news site would read the cookies they’d set to figure out your identity. They’d then take this identity and pack it on a subsequent http request to a third party, like a DSP. This DSP would then receive the news site’s identity as a parameter on the call to them (because the news site chose to add this), along with the DSP’s own cookies. The DSP could then map the news site’s identity to the cookie the DSP had (or just set) for you. Now, all of the data that the DSP had for you via their cookie could be used to serve you an ad on the news media site. And of course, this worked much the same on apps on mobile devices, since they had a simpler analog for cookies called an ID for advertising (or IDFA).

In June 2019, Apple’s Safari changed all of this by rolling out a setting that blocked third-party cookies by default. So when you went to your news site using Safari, the news site may still have called the DSP it worked with, but that DSP didn’t get its cookies anymore. Suddenly, these third parties that had relied on cookies (specifically, third-party cookies) to understand that you were browsing a specific news site/article, lost that visibility. And then in early 2022, iOS put the IDFA behind an operating system consent framework that made it easy to block this identifier from being used by any app. So for you as a customer interacting with the news app, you could easily deny it from being able to use the IDFA. Meta’s CFO summed up the impact clearly: “We believe the impact of iOS overall is a headwind on our business [...] on the order of $10 billion, so it’s a pretty significant headwind [...].” I love the threshold for “pretty significant.”

With cookies and IDFAs disappearing from Apple devices, many entities in the ad space began figuring out all sorts of odd ways to still reach customers on an individual basis. Even today, a search for “fingerprinting for ad targeting” manifests hundreds of entities that seem to promise how precise their capabilities are. This is a myopic, risky, and dangerous direction to pursue. In the short term, these tactics may work, but they’re all misaligned with where the world is heading.

This isn’t about cookies; it is about first-party vs third-party interactions

It would be a mistake to conclude that these changes are about a specific technology like cookies or IDFAs. These changes are about how privacy advocates, regulators, and increasingly just normal users all want to be able to have first-party interactions with services they trust without having to wade through a sea of third parties who are passively observing (privacy advocates would say, covertly surveilling) them. We will see many black swans in the coming years (are they actually black swans if we know they’re going to arrive?), which massively disrupt the observability that a third party has on these first-party interactions. These will be technical, where we’re already seeing private relays and other obfuscation techniques. They’ll be regulatory, where new laws steadily broaden the definition of personal information and makes possession/observation of such data increasingly onerous and a liability. They’ll also be PR driven where privacy advocates and journalists will find and expose third parties who attempt to circumvent technical protections or the law. No credible advertiser will want to endure the risks entailed in working with third parties that embrace these techniques.

Gardens of high quality will win

So what’s happening now? First parties with a credible reason for customers to engage with them will become (or have already become) the key place where customer data gets accrued as the customer benefits from features like personalization. Notably, these interactions on first-party environments will steadily become restricted to only being usable back with the first party in question. These interactions won’t be passively observable by third parties anymore. Instead, third parties will have to make do with the way in which the first party chooses to make this data available for analysis and use.

The place where this is most clearly embodied is through retail media. But I’d contend that we’re really entering and expanding in the era of first-party media. Netflix, Hulu, CBS, Instagram, TiKTok, YouTube, and more are either already (or tending toward) fully authenticated services that have limited or no utility if you aren’t logged in. Logging in means that these services have an opportunity to validate that you are who you are, and that you see and acknowledge what they will do with your interactions with them as a first party. This enables them to be clear about their plans. Netflix, quite literally, has a plan where you’ll see ads. You know it, you expect it, you benefit from a lower subscription cost, and you aren’t negatively surprised by it. This contract/agreement that you are in with these first-party sites is substantially different from visiting a random website with a cookie consent notice. You trust the first party with your address, email, and often: your wallet.

While all of these first-party properties are at different states of maturity, the direction they’re heading in is clear: secure customer interactions are paramount and advertising compliments their native customer experience. This means that the interfaces for media buying and analysis over customer data are steadily changing. First, they’re becoming more specific to each property, taking advantage of the specific types of user interactions and the best way to showcase brands in each context. Examples include Sponsored Products on Amazon, Sponsored Product Ads on Walmart, Netflix’s Binge Ad Format, Uber Eats’ post-checkout offer format, and more.

More important than these specialized ad formats though, is how these properties are evolving to allow you to work with the data they have. To most of our clients, this is where the rubber meets the road: when there’s data about products getting bought. Orienting datasets around products being purchased and a deeper understanding of how customers end up buying that product is gold. We’re seeing a steady shift in how this works. In the world before, where cookie data was plenty and flowed easily, every third party could acquire reams of person-identity-keyed data and interactions/attributes around them. In the world ahead, this supply steadily dries up as each of these walled gardens is incentivized to steadily draw up their bridges (sorry- couldn’t help it!). Pixels, ad servers, DMPs, and the lot are all being phased out. Instead, you have an increasing number of APIs that return aggregated and anonymous forms of data, and nothing at a granular/customer level.

Even where some of these first-party properties need to work with third parties, I’m confident that these relationships are either already service-provider type ones, or will move to those. This means that third parties who are helping with media operations must use any data they collect exclusively for the first party they are working with, and cannot create derivative products using the data they collect. Put differently, if a first party is using either Criteo or The Trade Desk as their platform for media buying, they probably already have agreements that severely restrict what these third parties can do with their data. And realistically, this helps both the first parties (we don’t share data!) and the third parties (we are just acting as a service provider!).

Where value is steadily shifting toward

The strongest concerns around this shift toward first-party gardens is that it eliminates the visibility of what a customer is doing across various properties and kills traditional metrics like de-duplicated reach and frequency across sites. These metrics, for better or worse, are likely losing their prominence. They’re really oriented toward a world where a third party has the ability to passively observe a customer as they transition through many first parties. But we know that this observability is exactly what all of these changes are designed to eliminate.

Value for an advertiser will always come back to selling products. Sure, there are many ways to do this. Some brands want to spend a lot on acquiring new customers that purchase their products; others want to focus on keeping the customers they have; and there’s a whole lot of other approaches. But they’re all designed to sell products.

As first parties get better at protecting their datasets and exposing them in sensible ways, any credible ad tech provider must adapt and figure out how to utilize the APIs and services available to them to tie their media spend back to product sales. Reach, frequency, and whatever else continue as guideposts on how to redistribute where you spend and how much you spend. But we now have a lot of ways to go from media to sales, which is the ultimate way to measure. I see this as bridging sales and marketing, probabilism and determinism, and a fun one to solve.

No surprise, one of the best ways to do this will indeed be through clean rooms. I think one of the bigger recent industry moves is with Amazon Publisher Cloud. It is clear evidence that first parties are organizing around protecting their data, while also figuring out really innovative ways to partner with marketers. Consider that Amazon Publisher Cloud launched with NBCUniversal and DirectTV. Both have differentiated streaming content that you can consume through their apps/services where you do authenticate and typically pay. Marketers benefit greatly from this type of collaboration (Amazon + another first party) because they can maximize what they can get from Amazon and these other first parties by designing queries and models via these clean rooms. These operations execute over granular customer data, but only return aggregated information. For savvy marketers, this means that they can operate without any personal data of their own, and instead build intelligence via these clean room services. I’m sure we’ll see Amazon Publisher Cloud and Amazon Marketing Cloud have some closer linkages, which will allow us to use them together for media planning, deal making, activation, and most importantly: figuring out what experiences drive customer purchases.

This is, of course, just one example of how a set of first parties have been able to create a collaborative space with high quality first-party only data that allows a marketer to still perform very flexible analysis without ever coming into contact with any customer data directly. AWS Clean Rooms is now a commodity service, open to any entity, and I’d be surprised if we don’t see a lot of these sorts of islands of first-party collaborations emerge.


Each of these first-party gardens offers clues to how customers engage with brands and purchase products. I think the marketing entities that succeed will deeply understand how to use each first-party garden’s specific nuances to better understand how products get bought.

For ad tech entities, I think we’re steadily moving in a direction that shifts focus from large datasets about customers that many third parties curate to large datasets that are keyed by a product identifier like a SKU or ASIN. The volume of these product-keyed datasets and the APIs around them are only going to grow, and these will become the new way to plan, activate, and measure. The good news is that there’s a ton of this because it is indeed safe to share and utilize. Operating with aggregate and anonymous data as a third party is going to be a place of great innovation and safety in the coming years. Clean rooms will play a huge role in this.

Keerat Sharma is CTO at Flywheel. This post was first published as a Linkedin Pulse article on January 2, 2024.


Ready to grow your business?

Let’s discuss the best approach to meet your brand’s specific needs.

Let's connect