Paid Media
Paid media is the activation channel where CDP-computed audiences are pushed to ad platforms for impression targeting. It is the highest-volume CDP use case by audience-member count (a single custom audience can contain millions of profiles), and is the channel with the most complex identity matching requirements (ad platforms require hashed email, mobile device ID, or LiveRamp-resolved RampID — not behavioral signals).
Identity requirements. Paid media activation does not receive profile attributes — it receives match signals. The CDP (or reverse-ETL layer) exports a list of match keys (SHA-256 hashed email addresses, IDFA/GAID mobile device IDs, or third-party resolved identifiers like LiveRamp RampID) along with a membership flag. Ad platforms match these keys against their own user graphs. Match rate (typically 30–60% for email-hash matching, higher for device IDs) determines the usable audience size — a minimum threshold applies (Meta: 100+ matched users; Google: 1000+ matched users) before the ad platform can deliver impressions. Low match rate is the most common operational failure in paid media CDP activation.
Audience size minimums. Ad platform minimum audience sizes are a material architectural constraint: a highly targeted CDP segment (e.g., "high-propensity purchasers of SKU X with >3 cross-channel touchpoints in last 14 days, excluding existing loyalty members") may be precise enough to be below the ad platform's minimum. Organizations must balance segment precision against audience size viability.
Look-alike modeling. The composable activation model: a CDW-computed seed list of high-value customers is exported to the ad platform; the platform's look-alike algorithm extends the targeting to users it predicts are similar. This is the dominant acquisition-goal activation pattern in paid media. Look-alike model refresh is typically weekly (platform training cycles), making this the latency-tier.weekly use case for composable CDPs.
Governance — HIPAA. Under the HIPAA Marketing Rule and HHS tracking-technology guidance (March 2024), healthcare organizations are prohibited from routing PHI to non-BAA ad platforms. Meta and Google do not sign BAAs. The architectural response: de-identify before export (Safe Harbor — remove 18 identifiers) or use a healthcare-specific privacy platform (e.g., vendor.freshpaint) that intercepts PHI before any paid-media destination receives it.
Governance — CCPA/CPRA. Sharing customer data with ad platforms for targeting constitutes "sale" or "sharing" of personal information under CCPA. California residents have the right to opt out. CDP architectures must maintain a suppression list of opt-out records and exclude opted-out profiles from any paid-media audience export. This suppression propagation requirement is architecturally analogous to the TCPA STOP opt-out for SMS.
Governance — GDPR. In EU-scoped paid media activation, legitimate interest is the most common basis for behavioral targeting (consent for advertising is high-effort and rarely granted for programmatic display). Legitimate interest requires a balancing test; retargeting (showing ads to users who visited the site) typically passes; cold prospecting via purchased look-alike data requires more care.
Latency profile. Custom audience refresh: inter-day (most ad platforms refresh custom audiences on 24-hour cycles; Meta and Google support more frequent updates for large lists via API). Look-alike model refresh: weekly. Programmatic display (pre-bid filtering using CDW-computed audience membership, via The Trade Desk or DV360 real-time data segment APIs): intra-day to inter-session is possible for organizations with direct API integrations.