The Chrome Privacy Sandbox, Google’s petri dish for testing and developing privacy-preserving ad targeting and measurement, has become the rope in a game of tug of war.
On one side we have Google Advertising and sandbox backers, and on the other, industry opponents, including The Trade Desk, who see Google as self-serving and sandbox solutions as inadequate.
In a blog post on Wednesday, Google’s senior director of product management, Victor Wong, defended the Privacy Sandbox APIs and laid out in very direct terms the flaws Google sees in common criticisms of its sandbox proposals.
Below are the seven main objections, as per Google, with additional analysis and context.
Objection 1: Privacy Sandbox doesn’t provide one-to-one replacements for third-party cookie supported use cases
In other words, don’t expect the same features or functionality as third-party cookies or you will be mightily disappointed.
But there’s important context (and drama) in the subtext.
The Chrome Privacy Sandbox team has taken potshots from Google antagonists for more than a year, and direct shots from The Trade Desk beginning in December.
Ad tech companies, mainly DSPs that have not invested time or effort in – or have even publicly disavowed – the Privacy Sandbox, instead push advertisers toward programmatic identity initiatives, such as UID2, and vendor alternatives like Yahoo’s ConnectID and those provided by LiveRamp or ID5.
But as Wong puts it, “certain capabilities that relied on third-party cookies, like audiences based on profiles of user activity across websites, will not be possible to directly replicate.”
Did you catch that?
Advertising ID services that profile users based on cross-site tracking may outlast third-party cookies, but they are explicitly not a part of what the Chrome team considers a privacy-centric web moving forward.
“We’re committed to pushing privacy-preserving technologies forward for years to come,” Wong continues.
Which is a subtle way of saying that those other identity graphs may no longer have cross-site tracking tech in the years to come.
Objection 2: Privacy Sandbox is too complex compared to using identifiers
This is another point where Google isn’t correcting advertisers. Rather, it’s saying that, yes, this medicine tastes bad, but you still have to take it.
Third-party ad tech solutions that recreate web-tracking IDs without cookies are “easier to retrofit into existing products,” Wong writes.
But those solutions aren’t a “meaningful improvement” on third-party cookies. Not as a measure of ad performance, but because they continue the practice of reidentifying users across sites, which Chrome intends to prohibit.
The Privacy Sandbox system, Wong writes, “requires technology innovation and an openness to new paradigms.”
So, get used to it.
Objection 3: Future Privacy Sandbox capabilities are uncertain
As in, Chrome is working on it.
One of the most common criticisms of Privacy Sandbox APIs is that they don’t solve a problem. They tend to be partial improvements, because Google must also make concessions to advertisers, publishers and ad tech.
But, from Chrome’s point of view, building these technologies is like stacking blocks to help people climb a wall. And the first few blocks won’t get over the top.
Not everything in the sandbox will be finished by the end of 2024. Wong notes, for instance, that Chrome is working to update APIs to support video and native ads. These products won’t be ready until 2026, but Google plans to consult with the UK’s Competition and Markets Authority (CMA) on the changes.
“Some have asserted that we must have complete technical designs ready today for these future Privacy Sandbox changes, before the industry can adopt the current technologies,” Wong writes. “We disagree.”
Objection 4: Google’s products must have some advantage in Privacy Sandbox
Google is very sensitive about antitrust-related criticisms.
And Wong is adamant that “all businesses and developers who use Privacy Sandbox technologies – including Google – have the same access to the same Privacy Sandbox capabilities.”
While that’s technically true and may be sufficient for the Privacy Sandbox APIs to pass muster with the CMA, what ad tech companies are really worried about is that Google Ads is a major relative beneficiary of the Privacy Sandbox initiative.
Without third-party data, the programmatic industry must retreat to first-party data and a great deal of data modeling. But who has first-party data?
Google does.
And Google Ads will no doubt lean heavily on Google’s first-party data and owned-and-operated properties.
Third-party ad tech will simply lose.
Objection 5: Building on the Privacy Sandbox is too costly
Again, Chrome is telling people to take their medicine.
Rebuilding user trust and a new system of advertising on the web will require “a real investment of resources, time, and energy,” Wong writes.
But other browsers, including Safari and Firefox, have already removed third-party cookies and other advertising identifiers. Meanwhile, privacy laws are expanding worldwide. So developing for a post-cookie world is a necessary step, and one that gets tougher to take the longer you wait.
Also, as adoption of Privacy Sandbox services grow, they will become more cost-efficient, in terms of cloud data costs.
“Taken as a whole,” Wong writes, “the return-on-investment of building for better online privacy is significant and growing.”
Objection 6: Privacy Sandbox APIs aren’t based on real ecosystem input
The Chrome team uses this point to give big ups to the open industry players that helped formulate the sandbox APIs.
For example, Criteo, RTB House, OpenX and NextRoll were all involved in the development of the Protected Audiences API, which formerly was a proposal called FLEDGE (and before that, TURTLEDOVE). They’ve also been actively testing the sandbox tech.
The Privacy Sandbox represents the collective work of hundreds of individuals across the industry who’ve dedicated thousands of hours in various forums to discuss, debate and provide feedback on the API designs, according to the post.
The Topics and Attribution Reporting APIs were also updated last year in response to industry input, Wong says.
Although, it must be pointed out Google has been known to take input from vendors that support its mission, while sometimes ignoring criticism from those that don’t. The W3C, the nonprofit org where the Privacy Sandbox specs are published and reviewed, rejected the Topics API last year. Google is moving forward with it anyway.
Objection 7: Moving the timeline for third-party cookie deprecation will help the ecosystem prepare
Lol.
Are we pretending the deadline hasn’t been pushed twice already?
“We understand some people want more time,” Wong writes, “but we have heard repeatedly from the industry that moving the timeline is likely to result in less ecosystem preparedness, not more.”
Google hasn’t just heard about this as a hypothetical. It has seen firsthand on numerous occasions that deferring the deadline only results in procrastination.
Wong does add the standard caveat, however, that third-party cookie deprecation is predicated on the CMA approving the Privacy Sandbox proposals.
But barring regulatory action, Chrome still plans to remove third-party cookies in 2024. Really guys, Google means it this time.