Demystifying Google’s Privacy Sandbox
It’s still pretty wild to think about 3rd party cookies being banned. Even after years of discussions and every major browser announcing they would ban them, we all kinda expect it to be a hoax. As if we’re all expecting it to be one big prank. After all, how can the ad industry, and the Internet as a whole, go without such a major technology?
And to be fair, Google has pushed back the date of the 3rd party cookie ban several times now, but if one thing really proves it’s gonna happen, it’s the existence of Google’s Privacy Sandbox. 3rd party cookies are so important that browsers can’t just say “Oh you don’t get them anymore, figure it out”. Yes, advertisers and publishers rely on them, but Google does too, heavily. So, they’re pretty much obligated to come up with an alternative if they want to ban them.
That’s what Privacy Sandbox is: a series of tools meant to replace the various things 3rd party cookies did in the past in a way that respects user privacy. However, this really hasn’t proven to be a simple task. As you can imagine, it’s easy to end up designing something that replaces 3rd party cookies and ends up being just as intrusive
Privacy Sandbox aims to act as a buffer between advertisers, publishers, other websites, web browsers, and users. Google explains it with the term “Privacy Budget”. This means that a third-party website can still ask your browser for some information, like if you have a specific technology installed. For example, Netflix could ask if you have the correct plugins installed to display their content, but not information that could allow them to “tag” your specific browser to later identify it. Privacy Sandbox will be the tool that regulates the flow of information.
This article will give you an overview of 3 of the many tools in the Sandbox: FLEDGE, the Attribution Reporting API, and Topics. We’ll also take a look at a few of the controversies about a tool that used to be in the Sandbox and around the rollout itself. Finally, we’ll explore alternatives to Google’s offering.
The Tools of Privacy Sandbox
With technology as complex as 3rd party cookies, it’s almost impossible to devise one new thing that will cover everything else that was being done by the tool before. The Privacy Sandbox has a multitude of tools, but today we’ll talk about 3 that represent the main categories that we feel will be the most important in the future: Targeting(Topics), Remarketing(FLEDGE), and Attribution(Attribution Reporting API).
One of the key things to understand is that each of these tools by themselves doesn’t really do anything. Just like 3rd party cookies, they’re frameworks that will be used by Google and other companies to develop apps and software that will allow advertisers and publishers to serve ads to users. Unlike 3rd party cookies, these frameworks do it in a much more respectful way in regards to user privacy.
It’s important to note that all these technologies are still in very early versions and are being actively tested by Google and its partners. We won’t go into specific details because the way these frameworks currently operate might be completely different by the time they get launched, but we’ll explain the general goal they try to achieve.
This technology is similar to the way Facebook categorizes its advertising audiences but with a simple twist to anonymize the process. Users will be organized into general categories based on their browsing habits, think Sports and Fitness, Beauty and Skincare, or Gaming. Advertisers will then be able to bid on ads within these interest groups.
This framework will be open compared to the version of it you see on social network ad platforms and will allow for some freedom for further development and innovation. Additionally, these categories will be made public and manually curated to ensure that no sensitive groups can be created.
The simplest way to describe this is that it’s the successor to remarketing. The main difference is that you won’t be allowed to directly advertise to a specific user. Instead, users that visited your website will be put into categories following Topics and then be auctioned off through a typical SSP/DSP model.
The main goal of this framework is to move the user information away from website owners into users’ browsers. That way the sharing of data can be controlled by users and fraudulent website owners will have a harder time gathering information.
Attribution Reporting API
The one with the most straightforward name but perhaps the framework with the most potential to be built into a variety of products. As the name says, this API will allow websites to properly track the provenance of a user for a variety of purposes like determining traffic sources and tracking conversions.
However, once again, it’s been specifically designed with anonymity in mind so that 3rd parties can’t track users across the websites they visit. The specific ways how this is done are actually quite interesting and worth a read, Google has a detailed explanation here.
Privacy Sandbox Controversies
It’s understandable that a lot of people have reserves when it comes to letting an entity like Google rewrite the rules of third-party cookies. After all, they were among the top users of that technology and they stand to gain by companies around the world being able to track users of their services.
Additionally, it’s easy to inadvertently end up developing technologies that have the exact same pitfalls as third-party cookies. In fact, this was the main issue with Google’s first proposition to replace third-party cookies, Federated Learning of Cohorts(FLoC).
What this technology did was take your browsing activity and aggregate it into an anonymized behavioral profile. That same profile would then be added to groups of thousands of other profiles that could then be targeted directly by advertisers and promoted by publishers.
However, early tests proved that this method allowed for obvious digital fingerprinting and would eventually lead to FLoC being rather simple to circumvent to identify users and track them. In fact, Google quickly pulled FLoC from its site and later replaced it with what has now become Topics. The Electronic Frontier Foundation wrote a full piece on FLoC back when it first came out detailing all the issues it had and it’s worth a read to understand the massive challenges behind replacing third-party cookies.
Another major gripe that has been raised is that the Privacy Sandbox could lead to the online advertising ecosystem becoming even more centered around Google’s offering. In fact, the United Kingdom launched a full-blown antitrust governmental investigation into the proposed measures to replace third-party cookies in Google’s ecosystem. Google and the UK later reached an agreement after a number of concessions by the advertising giant to ensure competitive integrity would be maintained in the future.
And look, just like the numerous scandals related to third-party cookies uncovered over the years, we’re probably not done hearing about snafus related to Privacy Sandbox. After all, this is still a framework to give out user information to advertisers, which means an error would take us back to breaches in user privacy like we’re currently experiencing.
The Future of Advertising Technology
There are no two ways about it: The future of advertising technology doesn’t lie in historical behavioral data. As long as we rely on this type of information, we put ourselves at risk of repeating the mistakes that put us in the current situation we’re attempting to solve.
The way forward is using real-time anonymized data to get an idea of a user’s current state, we think a user’s attention level is the best variable to explain this. Not only does it not allow for fingerprinting, but we’d also argue that it will lead to a much better kind of advertising that is far more relevant to users. Our purchase history, as an ad marker, will never be as reliable as our current browsing behavior.
Ethical targeting is the only path that doesn’t take us back to square one eventually. Obviously, we think Receptivity is at the forefront of this movement, but we’re excited to see other technologies embrace this model. In fact, the main issue with Privacy Sandbox is that it only focuses on preventing third-party entities from identifying users instead of having a privacy-first approach.