Advertisers and digital publishers are nowhere near an agreement on how to replace third-party tracking cookies, and instead have clung to various ad hoc solutions that don't all work well together and lack sufficient oversight.

Why it matters: The push to be more privacy-centric has muddled an already messy digital ad ecosystem, and many of the changes being introduced could easily be upended by future legislation.

• "This has been a prolonged period of turmoil since 2020," said Eric Seufert, an independent analyst and owner of Mobile Dev Memo. "It isn't getting any more clarity as time goes by, which is frustrating for marketers."

Driving the news: Google's decision last week to delay ending support for third-party cookies until 2024 — the second delay in two years — was a signal to the industry that this limbo isn't ending any time soon.

• Google said the decision was prompted by feedback from its advertising and publishing partners that they need more time to test alternate solutions. But most marketers aren't waiting on the company to begin such testing.
• FLoC, Google's initial cookie replacement, was scrapped in January after two years, in part because privacy experts worried it could inadvertently make it easier for advertisers to gather user information.
• They then debuted a new solution called Topics, which allows advertisers to place ads via a limited number of topics determined by users' browser activity. But it's still in early days, and hasn't yet won a wide industry consensus.

State of play: Looming privacy legislation and antitrust threats have forced major internet companies like Google and Apple to begin implementing privacy changes before regulators can take aim at their businesses.

• But their approaches are vastly different, and marketers are being forced to reckon with both until some sort of comprehensive privacy reform is passed.

Google hopes to create a cross-industry framework for all parties across the open web. But those changes only apply to its Chrome browser and Android operating system.

Apple is taking a much more blunt approach. It has already begun instituting its own unilateral privacy changes for its browser, Safari, and within its iOS mobile operating system.

• Its mobile app tracking changes have been met with frustration by some of its competitors — most notably Facebook — who argue they've made it harder for marketers to target users with personal data on other apps. They also argue that Apple's ads business is disproportionately benefiting from the changes.

Be smart: Instead of waiting to see how Google and Apple's changes shake out, many advertisers and publishers have begun to rally around new solutions that can — at least in the next few years — offer targeting alternatives for ads online without cookies.

Unified ID 2.0 is perhaps the most popular solution so far. A brainchild of the ad tech firm the Trade Desk, it's a cryptographic standard that can be applied to users' personally identifiable information (PII) — like an email or phone number — that prevents ad targeters from specifically identifying individuals.

• Already dozens of ad tech firms, ad agencies and web publishers have adopted this standard. And there's now a push to bring it to other countries.

Yes, but: Users have to opt in to share their personal information, and lawmakers in the future could tighten privacy requirements further. Currently, most users opt in by providing their email addresses when they sign up for a purchase or promotion.

• "The biggest problem with any sort of identity solution is that it relies on people subjecting themselves to it," Seufert said. "That's a very difficult proposition. It seems unlikely to me they’ll see widespread consumer adoption of UID 2.0 or any kind of alternative ID system."
• There's also no real governing body that's agreed to manage the enforcement of that standard. The Interactive Advertising Bureau (IAB) had initially volunteered to do so, but pulled out over concerns about liability. It's unclear whether another industry body will step in.

Between the lines: A few other options have been introduced, but those have so far made a smaller splash, because they mostly offer workaround solutions for cookies and not new standards.

• For example, LiveRamp, an advertising data company, has created "RampID," which is essentially an identity graph — or a digital map — that identifies users by connecting them to their data on other devices or offline data.
• ID5, another data identify company, has created a user "IdentityCloud" which it hopes can be used to target users with shared first-party data across the web.

What's next: Amid all of these changes, most publishers and advertisers are working to collect their own first-party data, or data given to the publisher directly with a user's permission.

• But for bigger publishers that need to offer advertisers the ability to target users at scale across their platforms, adopting data identity standards like Unified ID 2.0 will be critical to remain competitive.
• Disney, for example, signed a landmark deal with the Trade Desk earlier this month to match their first-party data from users with personalized data that meets the Unified ID 2.0 standard so that advertisers can target automated ads.

The bottom line: "A lot of this is foundational, radical change, and it's very disorienting for marketing teams who are getting stuck in the middle," said Seufert.