Last week, Google took its most significant step to launch Privacy Sandbox, which is a series of APIs—application programming interfaces—that publishers, advertisers, demand-side platforms and supply-side platforms must adopt to serve internet ads on Chrome web browsers once Google shuts down cookies. Google turned off cookies on 1% of traffic on Chrome last week, allowing the first tests of its new platform using real-world conditions.
Cookies were the fundamental building blocks of internet advertising for three decades, offering an easy way to track consumers online and hit them with targeted messages. The cookies also allowed marketers to measure campaigns and helped fund websites that rely on advertising. The move to a post-cookie ecosystem has been called one of the biggest changes to programmatic advertising, and it has required industry players to test Privacy Sandbox APIs to see if they support the same functionality cookies once served.
There has already been some public criticism, including from a key rival The Trade Desk. Last month, Bill Simmons, VP of product at The Trade Desk, a demand-side platform, said Google’s post-cookie plan was doomed. “Privacy Sandbox will obscure the identity data about an individual user, making it harder to coordinate advertising across devices, and thus harder to measure and optimize performance,” Simmons wrote in a blog post. “It could limit the ability to run attribution models, randomizing interest groups and contextual information.”
Also read: Marketing guide to Google’s post-cookie ad tech
The Trade Desk has been developing its own post-cookie product called Universal ID 2.0, which facilitates ad targeting through data that is collected after consumers consent while surfing the web. Google’s Privacy Sandbox is meant to work even without IDs that track activity, and it uses aggregated data to hide individuals in crowds of consumer information. Google’s APIs also prevent data from leaving the Chrome browser so it doesn't leak to bad advertising actors.
But Google is being watched by regulators, especially the U.K.’s Competition and Markets Authority, which will have to give final approval to Privacy Sandbox. Regulators want to ensure that Google makes its browser more private but doesn’t stymie the online economy.
Wednesday’s blog post shows Google’s willingness to move forward with its proposals and illustrates some of the stumbling blocks that ad tech providers are likely to meet. For one, implementing the APIs is complicated.
“It’s not surprising that some industry responses to third-party cookie deprecation have been to develop new cross-site identifiers,” Wong said. “While these are easier to retrofit into existing products and are often described as ‘privacy first,’ in practice they may not represent meaningful improvement on third-party cookies because they still enable users to be re-identified across sites.”
There also have been complaints that Google is pushing parts of Privacy Sandbox, such as the API called Protected Audience, while postponing other features, including “fenced frames.” Fenced frames prevent cross-site tracking of people as they traverse the internet, but they won’t be fully implemented until 2026 at the earliest. Some ad tech experts have told Ad Age that Privacy Sandbox tests won’t be fully possible without the launch of all the privacy protections.
“Some have asserted that we must have complete technical designs ready today for these future Privacy Sandbox changes, before the industry can adopt the current technologies,” Wong said. “We disagree.”