clock menu more-arrow no yes mobile

Filed under:

No, You're Not Giving Away Your Online Identity

There are plenty of creepy technologies that surreptitiously harvest consumer data and don’t ask for permission. But that’s not how third-party identity works.

dip / Shutterstock

The Internet is full of good, interesting discussion about privacy and personalization. The two concepts — respecting user privacy, and providing brands with the data they need to provide more relevant marketing and user experiences — seem to live on opposite axes.

Blatant instances of data misuse seem to happen weekly, and we’ve heard demands for better consumer controls and transparency for some time.

Positive things are happening in the name of privacy — data brokers are finally coming under scrutiny, and even becoming the subject of serious regulation. Third-party tracking cookies, the longtime staple of surreptitious data collection, are dying, too.

As these underhanded data collection methods crumble, marketers have turned to other means of connecting with and understanding their users. One major way is through leveraging customer identity.

Identity is essentially everything your customers choose to tell you about themselves — everything from basic details like their names, email addresses and ZIP codes to deeper profile data from their social network accounts. We use our identities online every day, and every time we fill out a registration form or log in to a site using social login, we’re using our digital identities.

In a guest post on Re/code in November, Kamakshi Sivaramakrishnan, CEO of Drawbridge, decried the use of user identities as a means to better understand and market to consumers.

But while Sivaramakrishnan makes some interesting points in her article, she is largely incorrect in her assertions about what actually does and does not happen with third-party identity data, and about how companies use this data. In short, her article misses the mark by painting third-party identity as yet another creepy data-grabbing technology that robs consumers of their information without their knowledge. This is just not the case.

Let’s deconstruct a few arguments in Sivaramakrishnan’s article to prove this point.

First, she asserts that “personal information … is often distributed to other apps and sites.” But, in fact, when it comes to the use of third-party identities, the opposite is true. For example, when a consumer registers on a site or app with his Facebook identity, he of course makes the choice to share personal information to round out his profile — name, email address, birth date, gender, political views, etc.

This is permission-based data, and allows the user to register/log in quickly while customizing their experience on the site. The site can capture the user’s permission-based information from Facebook, true; but it is prohibited from distributing it, selling it, or otherwise sharing it with other brands.

That’s against Facebook’s rules, and the company punishes sites and apps that don’t comply with its ToS by barring the offenders from using the Facebook platform.

Keeping with the Facebook theme, Sivaramakrishnan’s article is also never clear that when Facebook itself offers consumer data to advertisers, it doesn’t actually provide access to an individual user’s profile. Facebook sells segments only. So, if Porsche wants to use Facebook to target 30- to 40-year-old men who are sports-car enthusiasts, it will not see these users’ private profiles, only the segment.

In addition, Sivaramakrishnan writes that, “We get automatically ‘opted in’ to things we may not realize we’re opting in to …” But when it comes to third-party identities, and social identity in particular, there are different sets of rules that those identity providers — and the websites we log into — must abide by.

Third-party identity providers have strict permissions that very clearly show what information consumers are providing access to by authenticating. Moreover, Facebook and other identity providers make it very easy for consumers to simply prohibit pieces of data to the websites they log in to. Take a look at the Facebook authentication window below. Does this really look automatic and opaque? It’s actually remarkably transparent, and provides users with line-by-line controls about what the website/app can and cannot access and use.


Perhaps most vexing is that the article provides a narrow definition of “identity,” focusing primarily on social identity, when in fact the very definition of and types of identities are changing. The next wave of identity is already emerging and is specifically “non-social.”

Payment providers like Amazon and PayPal are now identity providers, and allow consumers to register/log in to sites with their payment credentials, making the full shopping and checkout experience more seamless. And of course, there’s Apple Pay joining the fray by tying biometric authentication to payments. These identity providers undoubtedly provide a better user experience (anyone who has ever used Apple Pay will tell you that), which is in turn better for businesses.

It’s true that customer identity data is invaluable to marketers and advertisers. But it’s also true that marketers have much to gain by being transparent about how they use identity data and establish relationships with their users. Sivaramakrishnan makes the case for using probabilistic methods for understanding users across devices instead of leveraging identity. Probabilistic methods are one way of trying to solve the cross-channel problem, but those pale in comparison to the deterministic methods that aren’t wrought with the privacy issues Sivaramakrishnan says they are.

The very word “probabilistic” in this context implies that you don’t know for sure who the user is. Deterministic means you do. With probabilistic methods, you don’t know for sure if the same user who browsed your site on his laptop is the same one who bought an item from your mobile store on his smartphone. Leveraging third-party identity is a deterministic way of gaining insight about your users, is explicitly opt-in, and allows you to know with near-certainty who your users are as they interact with your brand across devices.

There are plenty of creepy technologies on the Web that surreptitiously harvest consumer data and don’t ask for permission from users. And many of those technologies are on their way out because of technological challenges and increasing regulation and legislation.

But that’s not how third-party identity works, and to paint it with the same brush with the creepy stuff is alarmist and, frankly, isn’t borne out in the facts. Ultimately, consumers aren’t frittering away their online identities; they’re actually gaining greater control over their personal data.

Patrick Salyer is CEO of Gigya, a customer-identity management platform with more than 700 customers, including Fox, Forbes and Verizon. When he is not helping brands create identity-driven relationships with their customers, Salyer enjoys captaining the Gigya basketball team against formidable rec-league opponents, playing Settlers of Catan, and spending time with his wife and two daughters. Reach him @patricksalyer.

This article originally appeared on