Google’s Privacy Sandbox Risks “Fragmenting the Internet” Says IAB Tech Lab

Dan Meier 26 February, 2024 

Earlier this month, IAB Tech Lab carried out gap analysis of Google’s Privacy Sandbox, the tech giant’s set of tools designed to replace third-party cookies, which are due to be fully phased out of Chrome in Q3 2024.

But large pockets of the digital advertising industry remain unconvinced by the Sandbox, with critics citing its limitations, complexity, and potential for anti-competitive practices.

VideoWeek asked Shailley Singh, EVP of Product & COO at IAB Tech Lab, how valid those concerns are,  and what this new paradigm will look like in practice.

Is Google’s Privacy Sandbox fit for purpose in its current form?

It depends on whose purpose. The Sandbox been designed with certain privacy goals in mind. And whenever you introduce more privacy you are going to see a dissolution or a degradation in utility. So that’s what the gap analysis tries to point out based on today’s frame of reference, in terms of the operational and transactional processes that the industry uses today. So if you’re talking to a privacy advocate, yes it serves their purpose fully. If you talk to somebody who’s trying to monetise their content on the web, maybe not.

To what extent is the Privacy Sandbox unfit for the purposes of digital advertising?

Digital advertising, as it stands today, has been an evolution of 10-15 years of work. Over the years, they’ve added more capabilities and figured out better optimisations and how to manage all of that, and a lot of it was tied to giving an individual user some form of identification, with a lot of use cases tied to the third-party cookie. So that goes away. Instead the Sandbox is providing its own alternative way of doing some sort of targeting of customers without having to know their personal information or any sort of identifier for each consumer. So that’s essentially what it is at the core.

It’s also building an ad server and an ad exchange inside the browser. I think that’s where the challenges start to begin, which is constrained by the privacy paradigm the Sandbox has; no cross-site tracking, removal of a lot of the vectors that people use for other things like location, or other capabilities that derive from the user’s web interactions on the browser. So that poses operational challenges for optimisation for things like budgeting, because it creates boundaries between the publisher/seller and the advertiser.

Previously it was set up so they could have their own negotiations, they could have their own contracts, and they could manage all of that outside of the browser. Now the browser starts controlling some of those relationships, so it starts limiting optimisations. It starts limiting the capabilities of operational processes that are typically carried out at the back end. And then the browser is also taking care of the reporting, on which a lot of the commercial is dependent. So there are question marks going forward as to how you make sure that whatever reports you get from the browser are actually billable and honoured by the industry.

What are IAB Tech Lab’s other main areas of concern?

A key concern is around long-term governance and transparency. Browsers typically used to have these single-use features, like giving you a way to drop a cookie and have an ID, so that you can do single sign-on to manage the server session. Or they would have interventions, like we won’t allow flash because it’s bad for user experience. And those are all single-use features, which are easy for developers; they could pick that up and build something on top of that.

Now, with this, you’re actually introducing the exchange and the ad server, which means you’re actually introducing a full business function into the browser. So that’s one big concern. You can resolve technical issues; five engineers can sit in a room and figure out a way out of that. Business issues are not that simple and straightforward, because they mean rewriting previous agreements.

The second thing is transparency. We know that browsers will have limitations on resources based on a user’s device, like somebody may not have the latest machine and their device may not be that powerful. The browser may have to make certain decisions, like we can’t have 1000 interest groups bidding, because the resources just don’t allow that. So who gets dropped? How is that decision made? So that transparency in that governance is the other concern. And I think those are the big areas that we need to work together to figure out how those get solved.

What elements will need to be rebuilt in the digital advertising ecosystem?

The other browsers have not committed to doing any of this yet, so the industry would have to maintain two sets of operational processes. If I produce a creative today, it works in all the browsers because it’s based on HTML and understanding of iframe capabilities. Now with the Sandbox, they’ve introduced fenced frames [a way of embedding content onto a page without sharing cross-site data], and other browsers haven’t done anything similar. So I have to write my ad code to be able to take care of both of those environments. If I’m just operating on traditional RTB, I’ll need a different instrumentation from Safari. So it starts fragmenting the internet in a way. And that puts additional cost on advertisers and all of the vendors to build these multiple instrumentations, and have the ad ready for multiple environments. We used to deal with iOS and Android, and we built standards like MRAID and VAST to make sure that you build it once and it delivers everywhere. So we’re back to that cycle. We’ll have to figure that out again!

Is there anything that’s going to break, or be impossible within this new paradigm?

I think the way people define segments and audiences and activate them is going to change drastically, because they’re defined on certain assumptions of data being available. And the Sandbox completely stops you from combining data from two different sites into one segment. So that’s going to be hard. You will hear answers from Google or others that there is one way to do it. But it may not be a very practical way, and maybe a very roundabout way. And in some cases, we’ve heard things like, oh you can use postMessage [a method of communicating between windows]. But we know postMessage is going to go away and that’s against your privacy principles to bust out of an iframe, so why would you do that method when it’s not in line with the set principles?

That’s one area that people have to really look hard at, in terms of how they manage audiences for Sandbox. One example is, if I define you as somebody who’s interested in say, personal finance. Typically the way that’s done is not because you just read one article; people have higher thresholds. If you’ve read five articles across three different sites, then I will say, ok you are interested in this topic. It’s not just a one-off that something came in your feed and you read it one day. So in the Sandbox, that’s going to be very hard to do. It starts breaking up the way we’ve traditionally constructed these audiences.

Follow VideoWeek on Twitter and LinkedIn.


About the Author:

Reporter at VideoWeek.
Go to Top