As Google began deprecating third-party cookies starting January 4, this has led to a series of questions around how publishers will navigate through the new structure. Even as a majority of publishers have already invested in creating their own first-party data besides a customer data platform (CDP), there is still a lot to be done. Not to mention understanding the new ecosystem of Privacy Sandbox.
Google’s Privacy Sandbox initiative is responsible for building new technologies that keep user information private across the web and app ecosystems, whilst providing companies the tools they require to successfully operate in a free and open Internet. This also means that the mechanics of advertising on the Internet will go through a sea change. In conversation with BrandWagon Online, Kunal Guha, director, Privacy – Chrome and Android for Asia Pacific at Google, talks about building a better Internet for all as he leads the privacy partnerships for web and mobile apps across the region. (Edited Excerpts)
How favourable is the Privacy Sandbox for advertisers, developers, and users? How privacy-preserving will the Internet be with these new technologies?
The Internet was invented 40 years ago. Technologies that today track our online activity on the web were invented in 1994, exactly 30 years ago. The third-party cookie was invented to help publishers as the first wave of the Internet was just beginning to develop. The original intent of these technologies was to neither allow cross-site tracking nor for other nefarious ways with which you can track people, whether it be through a cookie, an IP address, or other various forms of fingerprinting.
Since then, we’ve seen decades of innovation, such as the mobile era, and now, we’re seeing the advancements of the AI era. As technology and innovations advance, we also have the building blocks to create a more private Internet.
Our approach to improving privacy on the web has differed substantially from others in recognising the critical role ads play in keeping the content on the web free and accessible to everyone. We have taken a disciplined approach to ensuring the integrity of the digital economy continues to thrive whilst making the internet more private. This, in essence, is the Privacy Sandbox initiative.
What in your view is the ultimate goal of the Privacy Sandbox?
The goal of the Privacy Sandbox is to offer a new approach to digital advertising that improves people’s privacy on Chrome and Android, while keeping content like news sites, mobile apps and more accessible to everyone for free. It is imperative that both the digital ecosystem realise is critical and will help preserve the model of an open Internet. Of course, it needs to be successful for publishers and creators – so they can fund quality journalism and the content people love. It needs to be stronger for businesses – so businesses of every size have an opportunity to grow and build a strong customer base. So while our fundamental marketing goals of driving awareness, intent, and sales aren’t changing, the ways marketers achieve these goals are – that necessitates a shift from ‘precision’ to ‘prediction’ to deliver results at scale. Through the Privacy Sandbox effort, we’re building new technologies to deliver the utility of advertising without compromising on privacy.
Protected Audience API, which is a Privacy Sandbox technology, enables on-device auction by browser to choose relevant ads for the website. It is designed in a way that third-party cookies cannot track user browsing behaviour across sites. How will it continue to work for publishers’ needs? Can you give us a deep dive for a better understanding of how it will work in favour of publishers?
The suite of Privacy Sandbox APIs has been developed to ensure that key use cases of digital marketing continue to exist. Performance campaigns play an important role for marketers in delivering their business goals. The Protected Audience API is built for such performance campaigns. Custom audiences are a very important use case for delivering highly relevant ads. An advertiser will be able to build custom audiences based on users showing a behaviour on said domain, and then be able to re-market to this custom audience without the requirement to track each (individual) user.
The Protected Audience API employs many new approaches through Privacy Enhancing Technologies (PETs) to preserve user privacy while supporting this important and complex use case. To illustrate: the interest group information and their associated bidding scripts are stored on the user’s device. When the auction runs, those scripts run either on the user’s device or in a special server protected by a Trusted Execution Environment where sensitive data is secured, encrypted and access restricted. K-anonymity thresholds protect against microtargeting by rendering an ad only if the same rendering URL is being shown to a sufficiently large number of people.
Simplified, what external parties can learn is that an ad was shown to their custom interest group and will be able to measure the impact of their marketing, whilst ensuring user identity remains private.
Publishers are still in the process of building their first-party data. They’re trying to bring their data points together and create their own CDP and CRM. On one hand, many users may not want to log into a one-tap or SSO login, and on the other hand, they may find themselves consenting to many individual sites. Which other mechanisms are there for identifying users in these cases?
Publishers are the stalwarts of the free and open Internet. As they’ve embarked on their variations of digital transformation, an important question they are tackling is how they can ensure their platforms respect users’ need for more privacy and transparency, and the growing regulatory requirements by governments.
We’ve spent a considerable amount of time working closely with publishers to educate and help implement Privacy Sandbox technologies as an important infrastructure layer on their web properties. We are aware that publishers will also continue to build their first-party data strategies. Here it is imperative they closely follow regulatory guidelines to ensure they are privacy-ready.
On the Privacy Sandbox initiative, we have worked closely with Publishers, and members of the AdTech industry in the testing and feedback loops, over the past four years. In the true spirit of open-source technologies, this is a collaborative process which helps us build technologies for the entire digital ecosystem. There are publishers who have been on the leading edge, working on testing and integrating the Privacy Sandbox APIs, to ensure they will be well placed through the migration away from third-party cookies.
According to MarTech firms and publishers, one has to participate in relevant Privacy Sandbox initiatives. How does this affect their plans? How should they participate?
We always welcome input from the industry, our focus is on supporting developers, small and large advertisers, creators, and publishers so that they’re able to navigate changes and mitigate the impact on their businesses while meeting consumers’ growing privacy expectations.
Technologies that we’re creating are building blocks for everyone. Every company has equal access to these open-source technologies. In line with our commitment to a collaborative and responsible approach, we have governance in place and we share regular updates with regulators. Towards that, we work with everyone, including many publishers in India such as Times Internet and Jagran New Media. As they integrate the APIs, we showcase the work that they’re doing, because our goal is to make sure that we have an even playing field that the ad tech layer can integrate into, and every single publisher can plug into, and then, of course, advertisers can run media on.
What has been the rate of adoption of the Privacy Sandbox technologies so far? What are the findings so far? There is speculation that publishers may see an impact on revenue. Are these estimates credible?
On Jan 4, 2024, Chrome began disabling one per cent of cookies, a key milestone to facilitate testing. The reason why we’re doing this is we’re making a concerted effort to ensure companies have sufficient time to begin their migration and test the technologies on their domains. This is the time when partners continue to test and get a better understanding of the range of efforts that are needed for a broader privacy-centric strategy, of which the Privacy Sandbox is one.
We have formal commitments with the Competition and Markets Authority (CMA) in the UK to ensure that the changes we make in Chrome apply to the entire digital ecosystem. The Privacy Sandbox APIs have been designed, developed and implemented with regulatory oversight and input from the CMA and the ICO. These are really important governance drivers that Google is standing by.
What has been the rate of adoption among Indian publishers?
We have developed Privacy Sandbox tooling to help all companies, every publisher in the world, to begin auditing their sites and to understand the relationships with third-party cookies.
In India, we have conducted a series of deep dives with publishers to educate them on the Privacy Sandbox technologies and provide demos of the tooling available to them. And we’ve followed this up with a series of support to help publishers through their testing and implementations.
I’ll give you a great example of this: a publisher we’re closely working with identified that their subscription sign-up flow, which accounts for a double-digit percentage of their revenue, would have been impacted because the technology they were using for user sign-on was dependent on a third-party cookie relationship. They were able to identify this through the programmes we’ve established in India.
Our role will continue to be to inform, educate and provide the tooling necessary for publishers to be best prepared. But at the same time, this is an equal responsibility that publishers also realise they need to begin their migration to a more private internet by ensuring they have allocated the necessary resources to test and implement Privacy Sandbox for their businesses.