The future of identity: A comprehensive glossary of terms

January 22, 2021 | 10 minute read
Text Size 100%:

The future of identity is dominating conversations and with so many words and phrases floating around, how can you be sure you and your partners speak the same language? To keep you up to speed, we’ve created a comprehensive glossary of terms to allow you not only to walk the walk, but also talk the talk.








Anonymous: Anonymous refers to data rendered anonymous in such a way that the data subject is not or is no longer identifiable. Contextual Intelligence is an example of an anonymous data signal.

Audience Targeting: Audience targeting is a data-driven approach to segment and reach prospective customers based on a variety of attributes and past behaviors such as demographics, online and offline purchase history, interest signals, and more. Using an Identity Graph, these anonymized audiences are delivered wherever consumers engage online from social networks and digital entertainment platforms, to the open internet through Demand Side Platforms (DSPs). While the deprecation of universal identifiers such as cookies and MAIDs may reduce available scale in the open internet, registration-based identifiers will still allow audience activation in environments like social networks, streaming media, over-the-top (OTT), and more.

Authenticated Data: This is data with a confirmed origin that verifies you are getting data from the correct entity and validates its integrity.

Authentication: The act of “logging in.”


California Consumer Privacy Act of 2018 (CCPA): CCPA went into effect on January 1, 2020 and strengthens consumer privacy rights for Californians. Businesses that collect or process personal information from California residents may be subject to the new requirements and restrictions. Additionally, draft regulations (on enforcement of the law) have been proposed by the California Attorney General and, when finalized, may add additional compliance considerations.

California Privacy Rights Act “CCPA 2.0”: CPRA is designed to expand and strengthen CCPA and is due to take effect on January 1, 2023; until that time, CCPA will remain in force. CPRA expands consumer rights and imposes new requirements on businesses.

Clean Room: A clean room is a secure, isolated platform acting as an extension of an organization’s own infrastructure. It links anonymized marketing and advertising data from multiple parties in a capacity that retains the anonymity of each dataset.

Cohort: Related groups of people sharing common traits that are leveraged as a privacy-safe proxy for the underlying individuals.

Contextual Targeting: Contextual targeting is an ID-free targeting capability based on alignment with relevant content and consumer mindset. Initially popularized for the brand safety use case, it since expanded to address positive and negative targeting capabilities. In the wake of universal IDs deprecating, there is a large opportunity for context-based solutions due to their inherent nature as ID-free solutions to reach people at scale.

Customer Data Platform (CDP): A CDP collects and unifies first-party customer data from multiple sources, such as behavioral data and transaction data, to build a single, coherent, complete view of each customer.


Data Controller: The data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Co-op: A data co-op enables members to more broadly understand their current and potential customer base through access to all the data the co-op members are willing to share. Often described as an “aggregated pool of shared data.”

Data Exchanges: Shares data between various entities by providing access to data points from around the world to fuel marketing activities and advertising.

Data Gravity: Data gravity is an Oracle Advertising term about the attraction of data providers and customers to a service or platform as the interest and adoption grows.

Data Locality: Data locality is how close data is to the processes that are operating on it. If data is in another cloud service, it must be transferred to the local cloud storage for it to be efficiently operated on.

Data Marketplaces: A data marketplace is an online transactional location or store that facilitates the buying and selling of data.

Data Modeling: Data modeling refers to creating scaled, effective logic using smaller datasets. For example, you can look at a sample of purchasers and model a larger set of rules that predict broader behavior based on the smaller set.

Data Processor: The data processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller. Processors act on behalf of the relevant controller and under their authority.

Device Fingerprinting: Device fingerprinting is an imperfect method for identification and tracking data that leverages a combination of device attributes to identify a device as unique. Once identified, fingerprinting subsequently relies on the probability that the device recognized contains consistent day-to-day attributes. Fingerprinting is not conducive to user consent and control; therefore, the industry and Oracle have disavowed its use.

Differential Privacy: Differential privacy is a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset while withholding information about individuals in the dataset.


First-Party Cookie: Per the IAB definition, a first-party cookie is created by the site the user is visiting. For example, when a user visits an ecommerce site, the cookie tracks the login status, shopping cart, and items purchased. First-party cookies are not at risk of deprecation.

Federated Learning of Cohorts (FLoC): FLoC are interest-based cohorts that are part of the Google Privacy Sandbox initiative. These cohorts leverage on-device machine learning to group individuals based on common browsing behavior as an alternate to third-party cookies.


General Data Protection Regulation (GDPR): GDPR is a European privacy and data protection regulation that went into effect on May 25, 2018. GDPR was implemented in part to minimize the different privacy and security requirements imposed by the various European Union (EU) member states that caused operational complexity and expense for those doing business in the EU. GDPR imposes several restrictions on individuals and entities that process personal data of individuals located in the EU. Significantly, organizations in breach of GDPR can be fined up to four percent of annual global turnover or €20 million, whichever is greater.

Google Privacy Sandbox: A Google initiative designed to “create a thriving web ecosystem that is respectful of users and private by default.” Architected to impede improper tracking while continuing to allow ad targeting within Google’s Chrome browser, the privacy sandbox is where Google Ads and Chrome teams test advertising and privacy technologies for when Chrome deprecates third-party cookies. Current examples of sandbox initiatives include TURTLEDOVE and SPARROW.


Hashed Email: A hashed email is an email address converted into an unidentifiable entity that cannot be tied back to the original email address and subsequently the individual it belongs to.

Hash Salt: In cryptography, a salt is random data used as an additional input to a one-way function that hashes an ID, or other data like a password or passphrase.


IAB Europe Transparency & Consent Framework (TCF): The IAB Europe Transparency & Consent Framework is a GDPR consent solution. TCF is designed to help all parties in the digital advertising chain ensure they comply with the EU’s GDPR and the ePrivacy Directive when processing personal data or accessing and/or storing information on a user’s device. This includes cookies, advertising identifiers, device identifiers, and other tracking technologies.

IAB Project Rearc: IAB Project Rearc is an industry-wide initiative to develop a set of technical standards and guidelines to inform how the industry should move forward in a world without universal IDs. The initiative is founded on the governing principle that direct addressability going forward, for any advertising-related use case, rests on trusted relationships between consumers and first parties. For brands and publishers in the future, addressability might only exist via a consumer-provided, consented identifier tied to privacy preferences. The Trade Desk initiative surrounding their Unified ID is an attempt at a technical implementation of these standards.

Identifier for Advertisers (IDFA): An IDFA is a random device identifier assigned by Apple to a user's device. Advertisers use this to track data so they can deliver customized advertising. In June 2020, Apple announced all applications in the Apple App Store using IDFA will be required to ask users if they agree to be tracked by the application within and across apps and websites owned by other companies. The Apple privacy feature calling for the end of the IDFA is App Tracking Transparency (ATT), and is confirmed for availability in 2021.

Identity: The ability to recognize a user or proxy for a user (e.g., device, browser, household) via a persistent ID. An identity service also can provide related attributes, such as address, for this identity. Some are even integrating connected attributes and cohorts connected to identities.

Interoperability: Interoperability refers to the ability of systems to communicate and exchange data across organizational boundaries, which provides a more sustainable alternative to enterprise solutions and gives marketers more choice over the technologies they use. In the wake of restrictions of universal IDs, many organizations are shifting to an emphasis on interoperability as it relates to increased collaboration across industry partnerships to achieve shared marketing goals.


K-Anonymous Data: Data anonymized before delivery, but specific enough to tie the data back to an individual without leveraging IDs.

Known Identity: Known identity refers to data identified customers have willingly or knowingly offered for marketing purposes, like hashed email addresses and registration-based IDs.


Mobile Advertising ID (MAID): Similar to a cookie in that it helps advertisers identify the person behind a device. A MAID serves the same purpose for marketers as a cookie does in a web browser. Using these identifiers connected to certain devices, marketers can reach users based on the data sent by mobile applications. MAIDS cannot be accessed from pages in a mobile browser.


Opt-in/Opt-out: “Opt-in” is the process used to describe when a positive action is required to subscribe a user to a newsletter list, for example. “Opt-out” means a user can be signed up more easily and given the possibility to opt-out effortlessly.

Oracle ID Graph: The Oracle ID Graph unites disparate data sources to unify the identity for many customers. ID Graph establishes and validates connections between IDs to enable the transport of data from one ID space to another for the purposes of targeting or measurement applications.


Partnership for Responsible and Addressable Media (PRAM): The Partnership for Responsible and Addressable Media is a collaborative effort of the leading advertising trade associations and companies. PRAM represents every sector of the global advertising industry to advance and protect critical functionalities like customization and analytics for digital media and advertising, while safeguarding privacy and improving consumer experience. The Governing Group of Industry Leaders includes the 4A’s, ANA, IAB, IAB Tech Lab, NAI, WFA, P&G, Unilever, Ford, GM, IBM, NBCUniversal, IPG, Publicis, Adobe, LiveRamp, MediaMath, The Trade Desk, and Oracle Data Cloud.

Privacy by Design: Privacy by design is about considering data protection and privacy issues upfront in everything you do. It can help you ensure your compliance with the fundamental principles and requirements of regulations such as GDPR and CCPA, and forms part of the focus on accountability. Sometimes it is referenced as “privacy by default” and is part of data protection law.

Pseudonymous Identifiers: Pseudonymous identifiers are a proxy for personal identity, such as a browser or device, and allow for the recognition, but not actual identification of individual users. MAIDs and cookies are pseudonymous identifiers, where MAIDs identify the device, and cookies identify the browser/device combination. Neither directly identify the person.

Publisher Network/1st Party ID Network: A term popularized by the idea that separate publishers can be brought together to create a large collection of shared, consented users to be addressed for adtech and martech use cases. This will allow smaller publishers to have an addressable user base similar to walled gardens, like Facebook, by sharing the burden of getting users to consent. Most likely, this functionality will be offered by a third-party provider.


Registration-based Data: Registration-based data is information provided as a part of a registration or subscription process used as the identifier match key against data with that attribute. Registration-based data includes a variety of PII such as email address, phone number, name, Social Security number, and address information (for example, Pinterest).


Secure Private Advertising Remotely Run On Webserver (SPARROW): SPARROW is a new privacy proposal from Criteo in response to Google’s privacy framework, TURTLEDOVE. The SPARROW proposal puts control over bidstream data and auction logic with an independent third party, what Criteo calls “the gatekeeper.”


Third-party Cookie: Per the IAB definition, a third-party cookie (a small piece of stored data) is on a site created by domains other than the one the user is visiting, hence the term “third party.” They are used for cross-site tracking, retargeting, and ad serving. Google plans to deprecate the third-party cookie from Google Chrome as early as 2021.

Two Uncorrelated Requests, Then Locally-Executed Decision On Victory (TURTLEDOVE): TURTLEDOVE is Google’s privacy initiative, which replaces a first effort called PIGIN (Private Interest Groups, Including Noise). This initiative proposes that all the logic and decisioning power built into Real-Time Bidding (RTB) auctions will happen inside the browser, and not in servers operated by Supply Side Platforms (SSPs), exchanges, or publishers. Such browsers could then allow contextual targeting or targeting based on interest groups, without user-level data being exposed to either side.


Universal Identifiers: Universal identifiers are IDs leveraged in adtech and martech to provide a shared identity to identify the user across the supply chain. Such IDs have provided the “backbone” of programmatic and with their imminent deprecation, the industry is seeking alternatives to ensure persistence of targeting and publisher monetization.


Walled Garden: A walled garden is a closed ecosystem in which all the operations are controlled by an ecosystem operator, such as Google and Snapchat.


Oracle Advertising has deep expertise, technical infrastructure, and a diversity of solutions to facilitate effective digital advertising in an increasingly consumer-centric ecosystem. To learn more about our industry-leading portfolio, contact your client partner for more information.

Oracle Advertising

Previous Post

Everything you need to know about StreamScam: The largest CTV ad fraud operation ever discovered

Kori Wallace | 3 min read

Next Post

How last-minute advertisers can reach Big Game viewership across platforms

Eric Amrine | 3 min read