Story was updated on 10/10 to reflect that the Protected Audiences API does allow cross-site frequency capping and to note that publishers can use Prebid and OpenRTB together with the Protected Audiences API.
Google’s Privacy Sandbox APIs became generally available for the majority of Chrome users in early September, which means marketers need to start actually using them.
But the industry still has lingering questions about Google’s long-hyped replacement for third-party cookies in Chrome and how these APIs will function in practice.
Alex Cone, product manager for the Privacy Sandbox, addressed some of these queries during AdExchanger’s Programmatic IO event in New York City last week in an “ask me anything” session moderated by sell-side consultant Scott Messer.
Here are some of Cone’s most illuminating responses.
What’s the timeline for cookie deprecation?
In Q1 of 2024, Google will deactivate third-party cookies for 1% of Chrome traffic and “hold there,” Cone said. This will allow testing of the Privacy Sandbox against cookieless traffic during the first half of 2024.
Then, in the second half of next year, Google will begin a gradual ramp-up of cookie deprecation with the intention of eventually disabling cookies for 100% of Chrome traffic, Cone said. He did not specify when Google expects to fully complete cookie deprecation in Chrome.
What are Protected Audiences?
The Protected Audiences API (or PAAPI, as Messer referred to it) allows sites to compile user impressions associated with a particular event (like clicks) into a segment for targeted advertising, Cone said.
PAAPI (guess we’re going with that now) was previously known as the FLEDGE API until Google changed the name in April – but it’s the same tech under the hood. There is, however, still some disagreement within Google about whether the API should be referred to as “Protected Audiences” (plural) or “Protected Audience” (singular), Cone added.
As if the Privacy Sandbox’s discontinued bird names weren’t ridiculous enough – now we’re quibbling over the placement of an “s.”
Do buyers bid on Protected Audiences through Prebid?
No. The bidding logic for the Protected Audiences API runs inside the Chrome browser, Cone said.
In contrast, Prebid’s bidding logic runs within a client-side ad server and involves a server-to-server connection, rather than within the browser.
However, using the Protected Audiences API does not preclude publishers from running their usual Open RTB auction, Cone said. Publishers can use Prebid and OpenRTB in conjunction with a Protected Audience auction.
Can publishers run multiple Protected Audiences auctions at once, including one auction for Google Ad Manager and other auctions for SSPs?
Yes. Google refers to such auctions as “multi-seller component auctions.”
“You can do effectively the same thing that you do today, which is have multiple sellers representing you as a publisher,” Cone said. “If you’re working with a bunch of SSPs, they can all call out to buyers they’re connected to in Protected Audience. They can score ads and do what they do from an SSP standpoint.”
The Protected Audiences API also includes top-level seller scoring logic, which allows publishers to run a first-price auction in which the highest bidder among its multiple sellers wins the impression, Cone said.
How does frequency capping work for the Privacy Sandbox?
Prebid frequency capping is possible within the Protected Audiences API, but it’s limited to campaigns that run in Chrome browsers and on Android operating systems, Cone said. “We would love to see other browsers and operating systems adopt these APIs,” he added.
The way prebid frequency capping works is that the buyer’s bidder can check for previous wins and adjust accordingly, Cone said.
The Protected Audiences API does enable cross-site frequency capping, Cone said, but only for bidding that happens within PAAPI.
Does Google’s measurement and attribution API work across all of Chrome and Android?
According to Cone, it works both within and outside of Protected Audience API auctions. The measurement and attribution API also works for app-to-web and web-to-app attribution, but only across Chrome browsers and Android apps, he added.
But measurement and attribution won’t work in the Chrome iOS app, Cone said. Apple still calls the shots on what happens on iOS.
Are companies required to use Google’s Ads Data Hub to analyze data exported from the measurement API, or can the data be sent elsewhere?
The data can be analyzed within Ads Data Hub or within any other measurement platform, Cone said.
But you probably need to be a data scientist to understand the reports.
Data exported from the measurement API will not come in the form of an Excel spreadsheet that can be easily shared with measurement partners, Cone conceded.
Will publishers be able to see which interest-based Topics were associated with ad impressions?
Yes. Core Prebid now includes functionality that allows SSPs to pull the Topics associated with ad impressions and share them with publishers and DSP partners, Cone said.
Do the Privacy Sandbox’s “fenced frames” replace iframes?
Iframes will still exist.
Fenced frames are intended to be a more locked-down version of iframes that prevent data leakage from ad creative, Cone said. Fenced frames will not be required for Protected Audiences auctions until 2026.
Why should anyone trust that Privacy Sandbox auctions will be fair, since it’s all running on Google’s tech?
Because Google is prioritizing transparency on its own, through involvement with the W3C, gathering industry feedback and making its API development open source, Cone said. And, he added, because Google is being forced by regulators like the UK’s Competition and Markets Authority to be transparent.
“The proof is in the pudding in the amount of time we spent on this,” Cone said.