By Ronan Shields • February 16, 2024 • 5 min read •
Ivy Liu
Earlier this week, Google issued its response to an analysis from the IAB Tech Lab’s Privacy Sandbox Task Force that analyzed 44 use cases of the APIs currently available from the online giant’s Chrome team.
The task force, which represents the interests of more than 60 entities, produced its assessment of the Privacy Sandbox last week, the results of which were pretty damning — the phrase “not fit for purpose” comes to mind.
And, without using too broad a brushstroke, Google’s return serve could be read as, “You’re not quite getting this whole privacy thing.” Or, more diplomatically, “We all have to try a bit harder.” The Privacy Sandbox saga is lining up to be one of the big stories of the 2020s in terms of the history of the media industry.
Regardless, the two sides have vowed further collaboration — the task force’s initial assessment is open for public comment until March 22, with a full report due later in the year pending subsequent feedback — in order to figure out some form of working consensus.
Meanwhile, as the Google Chrome team’s deadline for depreciating third-party cookies (the end of 2024) draws ever closer, negotiations will revolve around some key tentpoles. Below is a quick summary of some of the burning issues.
A new level-setting
The drawn-out debate between the respective parties has been well documented, the intricacies of which go down some serious rabbit holes. But what’s clear is that the media industry is entering a new era, and a balance between privacy-enhancing technologies and properly functioning (yet equitable) ad tech must be struck.
A key pillar of Google’s response to the task force’s earlier assessment was that much of the proposals that formed its feedback could “go against privacy-preserving goals.” Yet representatives on the task force maintain they need a more reliable way of asserting how to pass buyers’ desired targeting criteria using Privacy Sanbox’s Protected Audiences, or “PAPI,” API.
IAB Tech Lab is advising members to embrace the closing spectrum between media functionality and user privacy and that, in some cases, existing utilities will make disappear altogether. Members will have to lean in as the new level-setting takes place.
A new partnership paradigm
The recent status quo of ad tech was (comparatively) simple, or linear: Bid requests go from supply-side platforms to demand-side platforms, matches are made in the middle using identifiers such as cookies, ancillary service providers such as brand safety vendors sign off on a transaction, and a user sees the resulting ad.
However, in its current guise, Privacy Sandbox changes things. It essentially proposes that the traditional functions of an ad server and an SSP operate within the Chrome browser, and this has caused some industry players to question the very fundamentals of how the supply chain interoperates.
For example, how will accreditation or fraud prevention work in the new paradigm? As one source recently noted, “Contracts between the DSP and an SSP are fundamental to how we do business, but that kind of commercial contract is missing from the way in which Privacy Sandbox is being delivered into the ecosystem.”
Attribution will change, but who will pay?
Engineers at independent ad tech vendors report concerns over Privacy Sandbox’s Attribution Reporting API. Basically, in its current form, the amount of data Chrome passes back to the ad tech ecosystem makes it more difficult for media buyers to attribute a conversion to an ad-buy.
Some independent ad tech vendors worry over whether media buyers will want to buy ad space using it and opt for walled garden offerings, such as Google’s Performance Max, instead of the open web. “It’s almost a different planet in my perspective compared to where we are today,” added a separate source.
Of course, allocating engineering resources to develop the use case for such APIs costs money — funds that could otherwise be directed toward more guaranteed revenue-generating activities.
Even if that guarantee is short-lived, most CFOs in the independent ad tech sector will have made their 2024 budget allocations in 2023. That means the slow pace of development over Privacy Sandbox means tense conversations between the aforementioned CFO and their counterpart CTO are likely to happen in the coming year.
Last year, Google did fund third parties’ Privacy Sandbox research, with sources telling Digiday such grants were as large as $5 million and a welcome injection of funds to aid their engineering requirements. Although, it is understood this was geared toward helping independent ad tech companies submit their assessments to the U.K.’s Competition Markets Authority as part of the regulator’s Privacy Sandbox oversight, and the program has since closed.
Can we have more time, please?
It’s worth noting how all these conversations were supposed to have been wrapped already: Google’s initial cookie deprecation deadline was supposed to be 2022.
Yet, as the end-of-2024 deadline draws ever closer, many doubt the feasibility of Google’s current stated timeline and are betting estimating that the CMA will step in and use its effective veto over the implementation of Privacy Sandbox to enforce a further postponement.
However, Google is steadfast, publicly at least, in its commitment to the 2024 deadline for the depreciation of third-party cookies in Chrome, even if it does have to balance this commitment with other concerns caused by regulatory oversight.
For, while sources there acknowledge the industry’s feedback, they maintain that having a finish line within sight will help focus priorities. It appears as if any further delay to this market development will require an outside government intervention.
https://digiday.com/?p=535065