WTF is Google’s Privacy Sandbox?

As the furor continues in the wake of Google’s decision to kill third-party cookies, the company is pitching its Privacy Sandbox as the alternative. The initiative has been promised as a way to curtail improper tracking while continuing to allow ad targeting within Google’s Chrome browser. But members of the advertising industry are concerned that the proposal could come with a catch.

As is the case with any big announcement from Google, the ad industry is voicing excitement and confusion about what exactly the Privacy Sandbox is and how it works. Here’s a primer:

WTF is Google’s Privacy Sandbox?
In the cookieless future, Google wants ad targeting, measurement and fraud prevention to happen according to the standards set by its Privacy Sandbox, whereby cookies are replaced by five application programming interfaces. Advertisers will use each API to receive aggregated data about issues like conversion (how well their ads performed) and attribution (which entity is credited, say, for a purchase). Privacy Sandbox represents an alternative pathway that Google is providing for the ad industry to take, relying on anonymized signals (that are not cookies) within a person’s Chrome browser to profit from that user’s browsing habits.

“The two areas [in which] we’d anticipate the most change is the increase in the value of first-party data for both advertisers and publishers as well as an increase in scarcity of third-party audience data sourced through data brokers and partners who do not have a direct relationship with users,” said Paul Cuckoo, PHD Media’s worldwide head of analytics.

What’s in it?
The Privacy Sandbox initiative is still in its infancy so while Google has proposed many features, no actual platform or code exists for marketers to properly assess. Here’s what we know about each API so far. The trust API is Google’s alternative to CAPTCHA; it will ask a Chrome user just once to fill out a CAPTCHA-like program and then rely on anonymous “trust tokens” to prove in the future that this person is a real-life human. The privacy budget API will limit the amount of data that websites can glean from Google’s APIs by giving each one a “budget.” Google’s conversion measurement API alternative to cookies will let an advertiser know if a user saw its ad and then eventually bought the product or landed on the promoted page. The Federated Learning of Cohorts will rely on machine learning to study the browsing habits of groups of similar users. The final component is PIGIN (referring to private interest groups, including noise), which lets each Chrome browser track a set of interest groups a user is thought to belong to.

“The most significant item in the Privacy Sandbox is Google’s proposal to move all user data into the browser where it will be stored and processed,” said Amit Kotecha, marketing director at data management platform provider Permutive. “This means that data stays on the user’s device and is privacy compliant. This is now table stakes and the gold standard for privacy.”

Which proposal should be checked out first?
Google’s conversion management API has generated the most discussion among media buyers so far. It’s also the first API that Chrome’s developers have decided to test. Being able to attribute ads to pageviews and purchase impacts in Chrome would affect all aspects of digital advertising, from how budgets are divided up between channels to which products ad tech vendors build. How the conversion management API is built will provide a clear indicator of Google’s plan for the rest of the Privacy Sandbox and digital advertising in general.

“If conversion measurement does get limited to just very simple click-based attribution, then potentially that means there would be a bigger focus on direct-response ad campaigns,” said Matt McIntyre, head of programmatic advertising for EMEA for Essence.

Are all these changes good?
Google has said it’s open to working with advertisers and Chrome users to make sure its Privacy Sandbox benefits all industry stakeholders not just its bottom line. The company is looking for the following feedback: concerns about the types of information collected about users and insights about the best way to let users see which data is being collected about them. Google also wants general feedback about each of the proposed APIs. The end goal for this entire process is to turn the APIs into open web standards that theoretically could be adopted by vendors of other browsers like Safari and Mozilla. Thus far, the standards organization World Wide Web Consortium has been involved in the development of the Privacy Sandbox, leading some industry players to believe it could pave the way for the five APIs becoming consistent across all browsers.

“Advertisers could end up with a more stable view of users across the ecosystem,” McIntyre said.

Could the five APIs pave the way for a Google universal identifier?
A universal identifier could be a potential outcome realized from the development of the Privacy Sandbox, but Google hasn’t explicitly said it’s a definite one. Some ad executives, however, think a universal identifier is the ultimate endgame for this advertising company that owns a browser. Currently, most universal identifiers rely on tying third-party cookies to a centralized information database in order to create an ID that’s based not on facts about a person but on the probability that a user belongs to a certain category.

“With this move, Google could build [its] own replacement and take ownership of both the solution and the budgets,” said Tanya Field, chief product officer for ad tech vendor Smartpipe.

Do industry players hold other concerns?
Advertisers are trying to figure out whether the Privacy Sandbox will truly level the playing field between Google and the rest of the ad industry. Google has internal teams that are dedicated to advertising. Industry insiders are wondering whether those teams will have access only to the same aggregated user data in the Privacy Sandbox that is being offered to advertisers, publishers and ad tech vendors. Or will Google make an exception for its own teams and let them access granularlevel user data. Google has a long track record of tipping the scales in its favor in order to protect its share of advertising dollars.

“With the changes that Google Chrome announced earlier this week with Privacy Sandbox, it remains to be seen how Google will treat its marketing solutions like AdWords and DV360,” said Rajeev Goel, CEO of ad tech vendor PubMatic. “Will they have the same restrictions as the rest of the ecosystem, or will Google marketing solutions have special access to users reserved only for itself.”