Google’s Privacy Sandbox is a space where a series of complex proposals to protect user privacy have been developed and are undergoing (or have undergone) extensive testing. In short, Privacy Sandbox is an attempt to fill in the many gaps that will open up in the advertising ecosystem when third-party cookies are deprecated in the Chrome browser.
One key proposal is to replace tracking of indivdual users with Topics, assigning them (temporarily and in a way that does not identify them) topics of interest based on their browsing.
But it’s not just about the Chrome Browser and it’s not just about Topics. There’s also a Privacy Sandbox for Android that explores ways of preserving the app advertising ecosystem once users can opt out of being tracked (as they already can on iOS).
Google has repeatedly delayed the complete deprecation of third-party cookies, although at the beginning of 2024 it did roll out the option to opt out to some 1% of Chrome users worldwide. It currently maintains that cookies will be gone by the end of the year, although regulators have warned it not to act before anti-competitive concerns have been resolved.
Dig deeper: Google is rolling out Topics-based tracking for Chrome
Google’s thankless transparency
Throughout the multi-year lifespan of the Sandbox, Google has — on the face of it — gone out of its way to offer transparency into its proposals and timeline (here’s the Web timeline as of April 2024). It has worked with the U.K. Competition and Markets Authority (CMA) on antitrust issues since 2021 and has collaborated with the IAB Tech Lab industry consortium to refine Privacy Sandbox proposals.
Google might feel that the transparency has not been appreciated. The CMA’s concerns have not yet been resolved and in a scathing report released in February, 2024, the Tech Lab said:
“(T)he changes mandated by Privacy Sandbox will require substantial development and infrastructure investment costs for both buy and sell-side technology companies. Additionally, operational, business, financial, and legal processes for brands, agencies, and media companies will need extensive reworking
IAB Tech Lab slams Google Privacy Sandbox
Google was not slow to clap back:
“(T)he analysis contains many misunderstandings and inaccuracies, which we consider important to correct in order to provide accurate information to the ecosystem. Overall, the report appears to ignore the broader objective of Privacy Sandbox to enhance user privacy while supporting effective digital advertising.”
IAB Tech Lab slams Google Privacy Sandbox
UK’s Information Commissioner’s Office (ICO) steps in
In a recent development, the Privacy Sandbox is now being challenged by another U.K. regulator responsible for information rights and public privacy. The ICO is an executive non-departmental public body, sponsored by the U.K. government’s Department for Science, Innovation and Technology.
Concerns are being raised about adequate protection for user privacy within the protocols being developed by Privacy Sandbox, according to documents obtained by the Wall Street Journal. It believes there are loopholes that could be exploited to track users — something Google was set on eliminating. The ICO has shared its concernes with the CMA.
Ad industry is now acting
After a lengthy period of prevarication, strongly recalling the run-up to GDPR, the ad industry has begun taking steps to prepare for cookie deprecation. It is making major investments in order to adapt to the new privacy-by-design ecosystem, according to an IAB survey of 500 advertising and data experts at brands, agencies and publishers.
The 2024 edition of the IAB’s annual “State of Data” report shows how the industry is addressing the new privacy-by-design ecosystem in which the deprecation of third-party cookies and other privacy-protective measures are expected to lead to significant signal loss. In particular, the new environment is expected to put obstacles in the way of targeting, personalization and measurement.
More than half those surveyed anticipate challenges in tracking conversions, attributing conversions to campaign or channel performance, measuring ROI and optimizing campaigns; almost 50% expect to struggle to measure reach.
Against this background, some 90% are shifting their personalization tactics, their ad spend, and the balance of first- and third-party data in their ad strategy. Eighty percent are planning to train their staff on privacy-related issues, while many expect to create dedicated teams or employ external experts to work on these issues.
Brands, agencies, and publishers are planning to grow their first party data-sets at a rate almost double two years ago (71% vs. 41%). In other words, we will see an attempt to leverage first-party (and zero-party) data as a replacement for the third-party data collected through covert tracking. There are two concerns however. The first is that, due to the comparatively limited quantity of first-party data, this approach just won’t achieve the results seen with third-party cookies. The second is that using first-party data means addressing only existing customers (or subscribers, or members, etc.). Other tactics will be needed to support acquisition.
Concerns about adequacy of Privacy Sandbox testing
The protocols in the Privacy Sandbox became available for testing in January this year. The problem that some experts see is that it requires large-scale adoption within the ad ecosystem for the results of the testing to be reliable. While it may be possible to test whether something technically works on this scale, it’s hard to evaluate the effects it would have when adopted across the ecosystem.
Said Ken Weiner, CTO at contextual advertising platform GumGum, “Some people have prototyped it and what I’ve heard is, it’s kind of working but the CPMs are lower. But when more people adopt it, we might get back up to normal levels.”
Data clean room and collaboration platform Optable has a direct integration with Privacy Sandbox and is one of the organizations involved in testing its capabilities. Bosko Milekic, co-founder and chief product officer, said: “We have some sense that it works for audience targeting; it’s designed to enable that kind of campaign to continue to run once cookies are gone. It’s still difficult to draw conclusions on performance, the reason being that the amount of inventory currently available to bidders such as Optable through the Privacy Sandbox mechanisms is quite limited.”
Optable is finding that the targeting and measurement mechanisms work. “But it’s still to early to draw definitive conclusions as to broad performance,” said Milekic.
By Q3, the 1% testing period will be over and Google will be able (CMA permitting) to roll out cookie deprecation everywhere without a clear idea of what will happen when it goes from 1% to 100%.
Some don’t care about cookies
There are some members of the advertising ecosystem that are not just resigned to the loss of third-party cookies, but aren’t even mourning it.
GumGum, with its stake in contextual advertising, is one. Another is marketing analytics firm ChannelMix. “We have a solution that doesn’t rely on cookies,” said Michelle Jacobs, ChannelMix’s President and co-founder, “so it doesn’t really matter to us what Google ends up doing.” Nevertheless, she views the Privacy Sandbox proposals as a step backwards. “Marketers aren’t going to be able to execute media like they’re doing today.”
Jacobs’ co-founder and ChannelMix CEO Matt Hertig believes that “straight-line attribution” based on cookie-tracking has actually been dead for years. “We’re excited because this is forcing the industry to adopt practical measurement strategies based around first-party data.”
Another agnostic player is Optable, the data collaboration and clean room vendor that was created in conscious anticipation of the deprecation of third-party cookies on Chrome. “We created Optable specifically to make it possible to do relevant advertising effectively without third-party cookies,” said Milekic.
The main alternatives to third-party cookies
Although there seem to be countless proposed alternatives to cookies out there, they generally fall into one of the following categories: reliance on first-party (and zero-party) data, contextual advertising, identity resolution (including data clean rooms) or purported substitutes like Privacy Sandbox’s Topics.
“I think there are going to be lots of different tactics to get through this,” said Tara DeZao, product marketing director for adtech and martech at Pega . “Brands that don’t have a lot of first-party data — say, for example, CPG brands — are going to rely on their retail media partners, the Targets and the Walmarts, to get them the reach that they need. In terms of other industries, there are lots of first-party data options available.”
First-party (and zero-party) data
“Consumers are amenable to giving you their data as long as there’s a value exchange there,” said DeZao. “I think brands haven’t cracked the code 100% on what the value exchange is going to be.”
Closely associated with first-party data is zero-party data, data that is not personally identifying but which is offered up by the consumer through engagements like quizzes. One example we wrote about was an online temporary tattoo brand that collected information about a visitor’s style preferences and showed them relevant products; collecting first-party data could wait.
Contextual advertising
In a sense, contextual advertising goes back to the days of soap opera when Madison Avenue confidently identified the demographic watching daytime television dramas as the demographic responsible for buying soap powder. But there are new forms of contextual advertising out there.
“Context is going to be huge,” said DeZao. “As someone working for an AI company, we know that consumers are moving so rapidly through all their channels and devices, so you need real-time data and information. Context is one of those categories where you can get the freshest take on what your consumer is doing in the moment.” In other words, regardless of identity, consumers scrolling through camping websites might like to see ads for tents.
Identity resolution
There are many vendors today offering identity resolution solutions that — largely probabilistically — stitch identifiers like postal or email address to transaction activity or other trackable behaviors. Some of these solutions are interoperable — for example, The Trade Desk’s UID is interoperable with LiveRamp’s RampID. Does that bring benefits?
“If you look at our marketing stacks today they’re so, so bloated,” said DeZao. “We’re actually using less of the stack than we ever did, but we’re continuing to add things into it. So I think, when a brand is looking for new solutions — and it’s going to be multiple, because there’s not one solution to replace this functionality — they need to be reducing the number of vendors they have versus adding. Consider technologies that are interoperable with each other.”
Google Topics
The winning alternative to cookies that has emerged from Privacy Sandbox is Topics, a browser-based approach that assigns a rotating and limited number of topics to a browser based on activity.
“It’s a seven-day cadence,” DeZao explained, “and I think there’s something like 460 or 470 categories, and they’re not super granular. Criteo is a Google partner; they’ve been testing Topics and a year ago they found that Topics was five times less effective than cookies. They have added a hundred or so categories since then but the granularity is not there.”
“Topics is not going to have demographic information or categories,” she said. “Your first-party data is your best bet. If you’re in industries like finance, telecoms and potentially arts and entertainment, you’re going to want that demographic info.”
If DeZao had to place a dollar on which solution will ultimately win out? It sounds like she’s bet on contextual advertising. “Contextuality and real-time data — like, the freshest possible data.”
What you need to know about Privacy Sandbox for Android
Most discussion of Google’s Privacy Sandbox proposals have focused on what they mean for the Chrome browser. After all, it’s Chrome’s deprecation of cookies that has seemed to be the motivating force for the Sandbox and for proposals like Topics and Protected Audiences. But it raises significant issues for mobile marketing too.
Privacy Sandbox for Android will deprecate identifiers just as Apple’s iOS already has. “Privacy Sandbox is introducing APIs and solutions that basically remove the Android Advertising ID, a unique identifier at device level that is consistent across all apps on that device,” said said Itai Cohen, SVP marketing and strategy at Digital Turbine. It is possible to reset the ID, but Cohen expects only a minority of tech-savvy users to do that. Consent is easier on iOS, but consent rates are still below 20%.
Having already lost identifiers on iOS, mobile marketers should know what to expect. Losing the device identifier meant losing two things: The database becomes far less useful for gauging the right level of bidding, and attribution becomes highly problematic. “Once you can’t close the loop between purchase and user acquisition spend, measuring marketing efficacy is significantly hindered,” said Cohen.
The major difference between Apple’s and Google’s approaches is that users on iOS receive a prompt from each individual app where they can choose to actively opt-in to share their device identifier (albeit consent rates are still below 20%), whereas Google’s Privacy Sandbox aims to remove user-level identifiers altogether and replace them with a set of APIs that support various advertising use-cases without relying on identifiers.
Said Cohen, “While Chrome Privacy Sandbox is challenging to implement, mobile will be a much bigger lift. The IAB had a strong response to the Chrome Privacy Sandbox, and that was an easier process compared to the mobile side.”
Dig deeper: More details on Privacy Sandbox for Android
The post Google’s Privacy Sandbox: What you need to know appeared first on MarTech.