WTF are Related Website Sets in Google’s Privacy Sandbox?

Hence, it’s clear that better education on Privacy Sandbox’s proposed APIs is needed, and it’s worth asking the question: WTF are Related Website Sets? See the explainer video below by Digiday senior media editor Tim Peterson.

So, what’s the pitch? 

Per Google’s documentation for developers, the Related Website Sets API (a.k.a. ‘RWS’ and formerly known as First Party Sets) minimizes disruptions to specific user-facing features once Chrome starts limiting access to third-party cookies by default. 

“Related Website Sets is a way for a company to declare relationships among sites so that browsers allow limited third-party cookie access for specific purposes,” reads its official developer documentation. “Chrome will use these declared relationships to decide when to allow or deny a site access to their cookies when in a third-party context.”  

In plain English, RWS is the proposed means for publishers to declare a relationship between their various web domains (and associated ones) after Google Chrome pulls support for third-party cookies. The concept allows publishers to form a “set” to measure conversions, which helps media buyers assess the effectiveness of ads on their portfolio of websites without the need to track individual users across the web. 

For example, a publisher with a primary domain, such as ‘www.digiday.com,’ may have several related country domains, such as ‘www.digiday.co.uk’ or other related properties. Until now, such publishers have used third-party cookies to track users across their various web properties, meaning they don’t have to log in to each separate domain. The proposed end benefit of RWS is that website visitors still won’t have to do so even after the demise of third-party cookies in Chrome. 

How does that work? 

Raptive’s vp of ecosystem innovation, Don Marti, characterizes RWS as “a way that Google Chrome is giving exceptions to cross-site tracking rules across multiple domains.” 

He further explains, “The process of getting your domain included in a set is that you have to make a special set of JSON files, you put them on your domain, then you make an entry for a directory that lives in a GitHub repository. And from that point on, Google Chrome should recognize those domains as connected in some way.”

The Google Chrome team has instituted a condition classifying three types of domains that can be included in a set: service domains, country-code top-level domains and associated domains. 

Ian Meyers, cofounder of Sincera.io, describes service domains as “essentially technical support sites” that aid with ongoing website infrastructure.

“You might have Google tagging its primary site ‘Google.com,’ and then listing [on the RWS GitHub register] as ‘Google/usercontent.com,'” he explains. 

“No one’s going to ‘Google/usercontent.com’ right? But it’s used across their portfolio of sites to provide some service like technical, security, or other kinds of infrastructure to those properties.”  

Meanwhile, country-code top-level domains are those that are clearly cobranded with a primary site and also share common ownership with the primary domain. An example could include domains such as ‘digiday.com’ and ‘digiday.co.uk.’  

So, isn’t this just a back door for the same old tricks?

Some have questioned whether or not this effectively opens a back door for cross-site tracking – limiting this was the entire point of Privacy Sandbox in the first place. 

However, to further ensure user privacy, the latest proposals limit publishers to listing five associated domains (formerly, this was three) in a set. 

These sites do not have to share common ownership but, per Google’s documentation, must be clearly affiliated with the primary domain. Additionally, such affiliations must be made clear to web users for Google’s Chrome team to accept them as part of a common set. 

As with most developments within Privacy Sandbox, this is not without controversy. For example, some parties within large publishers – think of a large conglomerate such as News Corp. or DotDash Meredith, etc. – own multiple domains and maintain they have the right to track users across said web properties, provided a user has consented to their terms and conditions.  

“I can see both sides of the argument,” says Meyers, “the way Google wants this [RWS] to work is to keep sets relatively small, but at the same time, five [domains] is not a lot.”