All you need to know about Google’s Privacy Sandbox

Google is ‘expanding’ the testing window for its Privacy Sandbox APIs, announced the project’s VP Anthony Chavez in a blog post last week. This will provide developers with more time to evaluate the technologies before the tech giant eventually phases out third-party cookies from the Chrome browser in 2024. 

Come August, the trials are expected to expand beyond developers to ‘millions of users globally.’ Users will receive a prompt beforehand to ‘manage their participation’ in these trials. This testing population will be gradually increased over the months—based on their feedback, it is likely that Privacy Sandbox APIs will be launched by Q3 of 2023. In April 2022, also Google rolled out a developer preview for its Android Privacy Sandbox tools. 

Announced in 2019, Privacy Sandbox is Google’s evolving attempt at developing a gamut of ‘privacy-preserving’ advertising standards and tools that target users ‘on the basis of a subset of .. [their] interest data with no access to users’ online action data’.

What this means: developing new digital advertising tools to phase out the current dependence on third-party cookies that profile and target an individual consumer’s activity across the Web. 

In 2020, Google announced that it would stop supporting third-party cookies on the Chrome browser. A year later, it added that it ‘won’t build [an] alternative mechanism to track individuals’ behaviour across the internet’. 

Never miss out on important developments in tech policy, whether in India or across the world. Sign up for our morning newsletter, with a “Free Read of the Day”, to experience MediaNama in a whole new way.

Advertisement. Scroll to continue reading.

Why it matters: Of late, the ad-tech industry—which is dominated by Google—has come under fire worldwide for its egregious consumer privacy invasions. Initiatives like Privacy Sandbox appear to be an attempt to address the bad press and regulatory scrutiny by balancing consumer privacy expectations with business growth. However, Sandbox has faced various criticisms already: most importantly, that it may reinforce Google’s market dominance in the ad-tech industry to the disadvantage of other advertisers, while still remaining privacy invasive for users. Following a 2021 investigation by the United Kingdom’s market regulator, Google now commits to ensuring that its Privacy Sandbox initiatives do not distort competition ‘between Google’s own advertising products and services and those of other market participants.’ In April 2022, Google also reported advertising revenues of $54.7 billion, up 22% from Q1 the previous year. Whether the final APIs will honour these dual promises of privacy and fair play without denting advertising revenues remains to be seen.

Privacy Sandbox clearly also marks an existential reckoning on the future of publishers dependent on ad revenue. A Google study from 2019 found that ad revenues shrunk by 52% when cookies were disabled for the top 500 publishers worldwide. 

How Does Privacy Sandbox Work?

In short: tools developed under Privacy Sandbox ‘won’t identify individual users’ the way third-party cookies do. 

Specifically, these tools and APIs for advertisers restrict the use of ‘activity-tracking’ cookies that ad-tech software use to deliver targeted advertisements to potential consumers while helping companies ‘build thriving digital businesses.’ Additionally, they reportedly aim to reduce ‘cross-site and cross-app tracking while helping to keep online content and services free for all.’ 

Privacy Sandbox tools are reportedly being developed keeping in mind a few key questions:

Advertisement. Scroll to continue reading.

• ‘The impact on privacy outcomes and compliance with privacy laws;
• The impact on competition in digital advertising between Google and other market participants, and, in particular, the risk of distortion to competition;
• The impact on publishers (including their ability to generate revenue from ad inventory) and advertisers;
• The impact on user experience (e.g. relevance of advertising and transparency over the use of personal data); and
• The technical feasibility, complexity and cost involved for Google.’

What Do ‘Privacy-Preserving’ Tools Look Like?

By Google’s own admission, the testing of Privacy Sandbox tools is a collaborative effort—one that actively solicits the input of ‘publishers, developers, advertisers, and more’ to create privacy-preserving ad-tech. A wide range of Privacy Sandbox tools is under development, including: 

Privacy Budget: In response to various attempts to block cookies and user-tracking online, some advertisers have gone underground to develop ‘harder-to-detect methods that subvert cookie controls’. This is known as ‘fingerprinting’, and because it is ‘neither transparent nor under the user’s control, it results in tracking that doesn’t respect user choice.’ Google claims that it wants to limit the information available on an individual online—such that it becomes impossible to identify them, except as part of ‘heterogeneous groups’. Google’s ‘maximum tolerance for revealing information about each user is termed the privacy budget.’ Once enforced, APIs that violate this budget will either generate errors or be replaced by a privacy-preserving edition. Once the budget is hit for a specific website, Google may also deny further network and storage requests. 

Topics: A tool that helps browsers recognise the topics or categories of websites a user frequently visits. One new topic is shared every week with the sites a user has visited—this helps advertisers display relevant ads, without specific knowledge of the exact sites visited by the user (which are otherwise collected by cookies). An important point to note: ‘only sites that are using Topics or have at least one embedded service that uses the Topics API, will be included in topics generation.’ Users can view the topics generated on their behaviour and have the power to remove or disable them from their Chrome browser. 

FLEDGE: A tool for remarketing—or reminding a user of a product they may have shown interest in—that doesn’t involve third-party cookies. In marketing speak, ‘the Fledge API enables on-device auctions by the browser, to choose relevant ads from websites the user has previously visited.’ What this means in practice: as and when a user visits a site, an advertiser can use the tool to inform the browser that they’d like to re-market their ads to that user at a later date. This is done by adding them to an ‘interest group’ of users interested in the product the ad is selling. Once a user visits a website with open ad inventory, an in-built algorithm in the browser runs an auction for advertisers representing listed interest groups.  The winning ad is displayed. 

Attribution Reporting: This API ‘allows advertising companies to gain insights into conversions without tracking an individual’s activity across sites [through cookies].’ For event-level reports on conversions, the information gathered by the API is ‘too coarse’ to build a detailed profile of the consumer. Larger summaries produced by the API offer detailed data—however, this is both encrypted and aggregated. 

Trust Tokens: This tool aims to combat fraud and spam online by distinguishing ‘real people from bots or malicious attackers.’ Based on how a user engages with it, a website can issue their browser a ‘trust token’. This is then used by other sites to verify that the user is in fact human. These tokens are encrypted—it ‘isn’t possible’ to identify the individual they’ve been issued to.

Advertisement. Scroll to continue reading.

Why Is Privacy Sandbox Still Raising Eyebrows?

Privacy Sandbox’s potential competition concerns have been raised since 2020—when the project was barely off the ground. The biggest concern: that Google isn’t a neutral mediator in the ad-tech industry, it dominates it, often unfairly.

These concerns have resulted in multiple antitrust investigations into its ad-tech business. In June 2021, France’s market regulator fined Google $268 million for ‘self-preferencing’ its ad-tech services. A few weeks later, the European Commission opened an antitrust investigation that notably sought to examine whether Google was ‘distorting competition by restricting access by third parties to user data for advertising purposes on websites and apps, while reserving such data for its own use.’ In June this year, to avoid a fine in the investigation, Google’s parent company Alphabet offered to let rival ad intermediaries place ads on YouTube, instead of just its Ad Manager service. 

So, could a company repeatedly accused of rigging the ad-tech system to its own profit be trusted with ensuring its ‘just’ transformation in a privacy-first world? Initial debates on Privacy Sandbox pondered over just this, questioning whether Google would provide its own advertising services with access to granular user-data collected by the company, instead of just aggregated, non-identifiable data. 

Soon enough, commentators began questioning whether aggregated, interest-based user profiling is really privacy-preserving at all. It may replicate discriminatory targeting, for instance. An example of such an application: the Federated Learning of Cohorts (FLoC), a Privacy Sandbox tool unsurprisingly discontinued by Google in 2021. FLoC grouped users into advertising groups based on their interests, instead of based on their individual browsing histories. Critics argued that even when users are hidden in data rows, the crowd is small enough for ‘fingerprinters’ to discern their browsers and identify them. Being part of an interest-based group still allows advertisers to zero down on what kind of person you are, and the kinds of information you seek or subscribe to. Most importantly, this grouping of users is by an ‘unsupervised algorithm’—which could threaten civil liberties.

March 2021 saw a group of 16 Attorneys General critique Privacy Sandbox in an antitrust lawsuit filed in Texas against the tech giant. ‘Google does not actually put a stop to user profiling or targeted advertising — it puts Google’s Chrome browser at the centre of tracking and targeting,’ the petitioners argued. Subscribing to Privacy Sandbox standards and tools would render it a ‘middleman’ in ad-tech once again, reinforcing dependence on its product suite. As MediaNama extensively reported last year, the lawsuit further adds that Privacy Sandbox may:

Advertisement. Scroll to continue reading.

Raise barriers to entry and exclude competition in the online advertising business and further strengthen Google’s position because they will affect small publishers and advertisers who track users and target ads (..) But “the same advertiser will be able to continue tracking and targeting ads across Google Search, YouTube, and Gmail—amongst the largest sites in the world—because Google relies on a different type of cookie (which Chrome will not block) and alternative tracking technologies,” the lawsuit explains. This “will pressure advertisers to shift to Google money otherwise spent on smaller publishers,” the lawsuit adds. Furthermore, non-Google ad buying tools are bound to get hurt because they primarily rely on the cookies that Google is set to block, but Google’s ad buying tools “partially circumvent reliance on the same type of cookies because Google grants them exclusive access to user data from Chrome and Google’s Android mobile operating system” the lawsuit states. And because Google’s ad buying tools favor Google’s exchange, this will further strengthen Google’s monopoly in that market as well.

Google denied the allegations made in the lawsuit. 

How Can the Growth of Privacy-Preserving Ad-tech Be Better Regulated?

As the Texas example shows, Privacy Sandbox is indelibly linked to both antitrust and privacy concerns. This may require a regulatory approach that serves both users and competitors—best seen in a 2021 investigation into Privacy Sandbox by the UK’s Competition and Markets Authority (CMA). 

A 2020 complaint filed by marketers and publishers with the CMA accused Privacy Sandbox of being anti-competitive in the ad-tech industry. It suggested that Privacy Sandbox increased Google’s control over the ad-tech industry, giving it more power to determine ‘how publishers, advertisers and other digital businesses can operate on the web.’ The complaint sought that the initial implementation of Privacy Sandbox in 2021 be stayed to allow regulators to better mitigate Google’s potential market dominance over the sector. 

Following consultations, Google proposed certain commitments that it would abide by to improve the competitiveness of the service. These commitments were greenlit by the CMA in February 2022—Privacy Sandbox development is now regulated by the CMA in consultation with the Information Commissioner’s Office (the UK’s independent national data protection authority). The commitments, which are subject to the jurisdiction of English and Welsh courts, include: 

• ‘Transparency and consultation with third parties’: Google will engage with stakeholder concerns transparently, and publish public reports on developments in Privacy Sandbox’s implementation. Google will also instruct staff to make claims to customers that are in line with the commitments. 
• ‘Google’s use of Data’: Once Google stops using third-party cookies, it commits to not using personal data from a user’s browser or their Google Analytics account to track that user ‘on either Google-owned and operated ad inventory or ad inventory on websites not owned and operated by Google.’ 
• Involve CMA in consultations: Google will regularly report to CMA on its responses to and engagement with third-party opinions on its policies. 
• ‘Standstill on the removal of third-party cookies’: Google will not remove third-party cookies before a standstill period of 60 days from the date it notifies the CMA that it intends to do so. 
• Non-discrimination: Google commits that it will not design or implement Privacy Sandbox tools such that they ‘distort competition by discriminating against rivals in favour of Google’s advertising products and services.’ Additionally, ‘Privacy Sandbox proposals that deprecate Chrome functionality will remove such functionality for Google’s own advertising products and services as well as for those of other market participants.’
• Reporting and compliance: Google commits to appointing a CMA-approved compliance monitor. Any breach of the commitments must be reported to the CMA within five working days. 
• Specifying durations: The commitments will be in force for six years once accepted by the CMA.

Legally-binding commitments and joint regulatory approaches may help curb the excesses of a predatory ad-tech model. But, if this year is anything to go by, they may do little to stem the distrust surrounding Google’s ad-tech business. In February 2022, the European Publishers Council filed an antitrust complaint against Google’s ad-tech practices. A few months later in May, the CMA stepped in again to open an antitrust investigation over Google’s ‘potential abuse of dominance in ad tech’. These complaints, largely filed by publishers and advertisers, hinge on the lack of choice Google offers them as they advertise online—denting their earnings in the process. MediaNama documents just how the tech giant mediates the flows of advertising supply and demand online here.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Advertisement. Scroll to continue reading.

Read More

• Google Antitrust Lawsuit Part 1: How Online Advertising Works And How Google Dominates It
• Google Antitrust Lawsuit Part 4: How AMP, Unified Pricing Rules, Chrome Privacy Sandbox Cement Google’s Monopoly?
• Google’s Alternative To Third-Party Cookies, FLoC, Will Now Be Replaced By Topics
• Google Did Not Forget About Privacy At I/O 2022