What is first-party data activation?

While Google no longer plans to deprecate cookies and replace them with its Privacy Sandbox solutions, a major shift in targeting is still underway — not just due to regulatory pressure, but because third-party cookies are becoming increasingly unreliable. As data quality declines, so does the effectiveness of third-party audience targeting.

With the old way of doing things crumbling, brands are turning to new ways to reach, extend, and engage their audiences in a targeted, privacy-aligned manner. The most immediate and scalable option? Activating the first-party data they already own.

And it’s paying off: The New York Times, an early mover away from third-party cookies, reports that its first-party data-powered campaigns now deliver 3–4× better performance than traditional methods.

So with many brand marketers turning renewed focus on their first-party data, one question comes to the forefront: What is first-party data activation, and how does it solve today’s targeting challenge?
‍

Defining first-party data

To understand its activation, let’s first define first-party data. Sometimes referred to as “proprietary data”, first-party data refers to information collected directly from individuals by an organization. The information includes insights into customer behaviors, preferences, and interactions. This data becomes a cornerstone for building personalized customer experiences and fueling targeted marketing campaigns.

First-party data is also distinct from second- and third-party data, which are types of customer data from external sources.

How do organizations collect first-party data?

Companies engage users across multiple touchpoints to collect first-party data. These touchpoints might include when customers visit a website, interact on social media, or use a mobile app, for example. Brands gather key information, like purchase history and email addresses, during these interactions.

The role of privacy in first-party data collection and use

Because it contains transactional and behavioral information associated with logged-in or identifiable users, first-party data is often linked directly to individuals. This, in turn, makes first-party data more private. In fact, much of it is classified as personal data under the General Data Protection Regulation (GDPR) and is subject to strict compliance regulations.

Additionally, the trust customers place in organizations they have a direct relationship with means that any mishandling can significantly damage loyalty between individual and organization.

First-party data activation use cases

Now that we’ve covered why first-party data is more important than ever for accurate targeting and how it’s collected, let's explore what brands can do with it by looking at popular use cases for its activation.

Retargeting

With retargeting campaigns, brands create ads to re-engage users who previously interacted with the brand but haven't completed a desired action, such as making a purchase. 

When retargeting efforts are built on a first-party data foundation, a brand can re-engage with existing customers to upsell them on new products, as they are already in the brand’s customer relationship management tool (CRM). However, this is less effective for prospecting campaigns, because these prospects haven't bought anything yet, so they don't land in the CRM. 

You may be interested in learning the difference between remarketing and retargeting.

Audience exclusion

When brands have certain audiences they don’t want to target as part of their advertising efforts (such as existing customers when they are attempting to gain net new customers as their campaign goal), audience exclusion comes into play. With this method, brands can ensure that these specific groups won't see the ads.

Audience exclusion with first-party data involves two key actions: 

1. Excluding current customers from targeting 
2. Suppressing publisher segments that are not in line with the brand audience

Lookalike audiences

Lookalike audiences are a set of users whose characteristics closely resemble those of an existing (“seed”) audience.

Lookalikes are particularly interesting when running prospecting campaigns to acquire new customers. This is because they enable a brand to start from a seed audience consisting of existing customers and extend it to similar users in the publisher's user inventory.

How can brands activate first-party data?

The activation of first-party data involves turning raw information into audiences that can be targeted with ads. Several methods can achieve this, and each has its own advantages. Let's explore some key approaches:

Customer matching

Popular within walled garden environments, such as Facebook, Instagram and Amazon, customer matching solutions let brands target audiences within a given ecosystem based on their own list of customers or prospects. To initiate this, the brand sends the list of users to the publisher, either in plain text or via pseudonymous identifiers (e.g., hashed emails).

For this approach to be effective, a brand must be willing to share its first-party data with media publishers. They also have to have confidence in the effectiveness of the lookalike targeting offered by these publishers. However, the concept of direct data sharing as practiced here can mean that Data Protection Officers (DPOs) quickly shut down customer matching solutions.

Read our complete guide to premium publishers for advertising here.

Customer data platforms

Customer data platforms (CDPs) are becoming the state-of-the-art technology to consolidate and curate first-party data.

Using a CDP to activate first-party data is a valid choice if a brand is comfortable giving its first-party data to media platforms. However, like customer matching, many DPOs will prevent brands from going any further with this approach.

In response, some brands are exploring privacy-first alternatives like data clean rooms — secure environments that allow audience activation without directly sharing personal data. When used together, CDPs and clean rooms can offer both flexibility and compliance at scale.

For a deeper look at how the two can work in tandem, read our guide on CDPs and data clean rooms.

Identity providers

Identity providers link and consolidate customer data from various channels and devices to develop a cohesive perspective of a customer, referred to as an identity graph. In doing so, they create unique IDs that operate across the demand and supply side ad-ecosystem for precise targeting.

By verifying user identities, brands can trust that the insights derived from first-party data are based on reliable information. This not only aids in targeted marketing but also contributes to building trust with customers.

One significant drawback here is the limitation in audience reach, as this form of activation centers around retargeting logged-in users and lacks audience extension, for example, through lookalikes. 

Additionally, it is crucial to acknowledge that under GDPR recital 26, these pseudonymous IDs are classified as personal data rather than anonymous data. Learn the difference between anonymization and pseudonymization here.

Brands that opt for identity provider solutions have to be okay with the fact that their customers’ personal data is shared with various third parties. In addition, the identity provider may be monetizing customers’ identifiable information (PII) data to enhance its proprietary ID graph.

For a deeper dive into why identity-based targeting has its limits — and why ID solutions aren’t always the right fit for every use case — read our full breakdown of ID solutions in the post-cookie era.

Google PAIR

Google's Publisher Advertiser Identity Reconciliation (PAIR) is an innovative solution that allows organizations to gain insights from combined datasets without compromising individual privacy. This privacy-preserving approach ensures that sensitive information remains protected while still enabling valuable data collaboration.

The drawback to PAIR is that it focuses only on retargeting and doesn’t enable lookalike activation, leading to restricted reach. Furthermore, PAIR adds complexity by introducing new identifiers in the auction process.

Traditional data clean rooms

Traditional data clean rooms provide a secure environment for different entities to collaborate on insights without directly sharing sensitive information.

When a brand invites a publisher to the data clean room, the technology matches the brand's first-party data with that of the publisher. Typically, the publisher then uses the list of matched customers to create a customized audience that a brand can then activate on.

In terms of privacy concerns, traditional data clean rooms may appear to be an improvement over the other solutions presented so far, where all proprietary data was sent to the publisher. In this scenario, “only” overlapping customers are accessible to the publisher. But this still entails complex legal arrangements such as data sharing agreements or joint controller agreements. 

Additionally, there is a lack of control over how the overlapping audience will be treated, raising concerns about the risk of the publisher using this audience to help a competing brand with its advertising efforts.

Case study: IKEA and willhaben — privacy-first data activation at scale

Faced with the declining reliability of third-party data, IKEA Austria partnered with willhaben to run a privacy-compliant, first-party data-driven campaign. Using Decentriq’s data clean room, IKEA securely matched its CRM data with willhaben’s first-party audience segments, without sharing raw data.

This enabled IKEA to shift from intuitive to data-driven segment selection, identifying high-affinity audiences they hadn’t previously considered.

The results:

• 20–30% drop in cost per visit (CPV)
  
• 15–20% drop in cost per action (CPA)
  
• 10% increase in return on ad spend (ROAS)
  

By activating first-party data in a clean room, IKEA boosted performance while maintaining full data sovereignty and privacy compliance.

Full case study →

Privacy-preserving data clean rooms

Decentriq’s privacy-preserving data clean rooms for advertisers prioritize both privacy and effectiveness. They allow brands to collectively analyze data without exposing individual-level details, striking a balance between valuable insights and user privacy.

With Decentriq, brands can achieve high-precision, high-reach audience activation through built-in lookalikes.

And because all first-party data remains confidential and isn’t shared with any third parties, it’s easy to get approval from the DPO and start reaching new audiences quickly.