If the digital ad ecosystem is going to mature to a new stage of privacy consciousness, advertisers must be better stewards of their first-party data.
One aspect of that evolution is the idea of trusted execution environments (TEEs), which are new cloud-based ad exchanges that help match first-party data sets and browser data for targeting and measurement. Because the first-party data owner is the only entity authorized to access and derive insights from the TEE, there is less risk of data leakage or of companies swapping data, as is typical with programmatic tech.
On Thursday, Google Ads announced a new TEE-based feature called confidential matching. Confidential matching uses a TEE built on Google Cloud infrastructure to create an isolated computing environment for ad targeting and measurement.
Confidential matching will now be the default setting for all uses of advertiser first-party data in Customer Match on the Google Ads platform, including via Google Ads Data Manager. The solution is free to use for all Google Ads clients and does not require the advertiser to enter a separate arrangement with Google Cloud.
How it works
Confidential matching’s TEE works kind of like a house that only the advertiser has the key to unlock, said Kamal Janardhan, Google Ads senior director of product management and ads measurement.
“You have an encryption key that is owned by the advertiser, so no one, especially the infrastructure provider or Google Ads, who is the facilitator of the infrastructure, has access to any of the data,” Janardhan said.
Existing Google Ads customers don’t have to change anything to begin using the feature. Google Ads will automatically apply the new TEE-based security features when the advertiser connects its first-party audience data.
In a few months, the security features will also be applied for Google Ads’ enhanced conversions for web, Janardhan added. Enhanced conversions is an optimization feature that sends hashed advertiser conversion signals, such as landing page clicks, to Google Ads so it can provide clearer attribution and more effective campaign optimization. Google Ads does so by supplementing the advertiser data with its own logged-in data to improve attribution.
But, crucially, advertisers don’t gain any user-level insights when audiences or actions they’ve measured are associated with specific Google IDs, Janardhan said. The advertiser receives only aggregated reporting on conversions, which is all that’s really required for measurement, she added.
Because confidential matching is solely for use with first-party data, it’s also not compatible with third-party cookie matching.
However, advertisers can use first-party audience data derived from matches against third-party IDs, such as LiveRamp’s RampID or The Trade Desk’s UID2 – as long as such signals are based on data collected in a first-party context, with customers sharing data directly with the advertiser. And Google Ads would have no insight into what ID solution was used to create this audience data, Janardhan said.
She also said that, although the confidential matching product and the Chrome Privacy Sandbox use TEEs for similar purposes, the Google Ads solution is not directly related to Chrome’s Privacy Sandbox initiative.
Fostering best practices
Going it alone has not worked well for Google lately. So it’s working with the IAB Tech Lab’s privacy enhancing technology working group to build best practices for the use of TEE technology.
Part of TEE best practices, Janardhan said, includes attestation that the solution works as intended and advertisers’ data is used only as intended. Google Ads provides this attestation through reports delivered to the advertiser through the platform’s user interface.
Google Ads is also making the TEE architecture publicly available, with the open-source code hosted on GitHub.
“The reason for the code being put on GitHub, and why we started the [Tech Lab] partnership, is expediency,” Janardhan said. “We wanted to provide [the attestation features] to customers as quickly as possible, so this reference architecture could allow you to build this yourself if you wanted.”
Asked if Google Ads envisions ad tech companies using this architecture to create alternative TEE-based solutions for Google Ads or for other ad platforms, Janardhan said she is “open from a vision perspective to all of those flavors.”
However, she added that the purpose of making this TEE architecture open source and partnering with the IAB Tech Lab is to foster industry best practices for wider TEE implementations.
“This tech would [establish] norms around how data is processed safely,” she said. “Advertisers could bring in their data, and you don’t learn anything new just because you’re a particular [tech] provider.”
The solution also prioritizes injecting first-party data into Google Ads Data Manager in a way that requires no technical lift or investment from the advertiser, to make it accessible to advertisers of all sizes, she added.
“The idea that you should pay for privacy is really a disservice to the ads business model,” she said. “It needs to be built into the system, and it has to be done in this open ecosystem way.”
