If you’re in the search of information related to Google Privacy Sandbox then there’s a good chance that you already know that it’ll soon be replacing the third-party cookie. There’s a lot of confusion and fear in the industry about how the industry will function without the third-party cookie. But why is the third-party cookie being dismantled and if Google is providing a solution then why are we worried?
Well, to answer your questions, we have to start from the beginning. Shall we?
Table of Contents
Before the Privacy Sandbox: Role of the Third-Party Cookies
There are two kinds of cookies that can be present in a user’s browser, i.e., first-Party cookie, and third-Party Cookie. Both of them are simple text files and both of them contain information about the user.
The information saved in the first-party cookie helps in providing an improved user experience, for instance, remembering login details, remembering the products added to the cart by the user, remembering the language preference, etc.
The information saved in the third-party cookie helps in providing an improved ad experience, for instance, delivering relevant ads based on the user interest, showing ads of the products that the user added to the cart but forgot to make the payment, etc.
The difference between the two cookies is that the first-party cookie is created by the domain the user is currently visiting, whereas the third-party cookie is created by the domains other than the user is currently visiting.
For Example,
First-Party Cookie: A user visits www.businessinsider.com and the cookie is also created by www.businessinsider.com
Third-Party Cookie: A user visits www.businessinsider.com and but a cookie is created by ad.doubleclick.net
The third-party cookies are mostly from ad-tech vendors that are working with the publisher for serving ads. Content like ads or images on the page is owned by such vendors. The objective of these vendors is to help to serve the right ad to the right user. Due to the help, it provides in ad serving, the third-party cookie has been the backbone of the online ads industry for nearly two decades. Apart from ad serving, third-party cookies can also come from vendors that are providing other services to a site and its visitors, like chatbots, email opt-ins, log-in through social media accounts, etc.
Sidenote: The subject of a second-party cookie is a bit controversial. When company A gives its first-party cookie to company B then it can be considered a second-party cookie. But in such a case it would be more appropriate to call it second-party data instead of a second-party cookie.
But if the third-party cookie is so important then why is it being replaced by Privacy Sandbox? Because the third-party cookie will cease to exist in the next two years.
Why Chrome is Phasing Out the Support for 3p Cookie?
The biggest reason behind the expiry of the third-party cookie is its shortcomings. Malicious use of the third-party cookie can cause damage to the user’s privacy by unethical practices like cross-site scripting and misuse of personal data.
The second reason behind it is the rising awareness of privacy among internet users. The fact that third-party vendors are collecting user info without their knowledge is unacceptable for many users. The rising privacy concern gave birth to many privacy laws like GDPR, CCPA, LGPD, PDPA, and many more. All these laws limit the use of the cookie and make it difficult for the industry to function in the same way it used to.
The third reason is that more and more web browsers are blocking third-party tracking. Mozilla Firefox and Safari are the biggest players to make moves against the cookie. But there are many more browsers that are using people’s privacy concerns to increase their market shares. If the trend keeps going then the browsers supporting the third-party cookie will lose all their users.
There can be many more reasons that can attribute to the demise of the third-party cookie, but the bottom of the story is that if an alternative to the cookie is not brought then many ad tech players will start losing money.
Non-relevant ads or blocked ads will bring losses to publishers as well as other ad tech companies. A study by Google showed that even global top publishers can lose more than 50% of their revenue. As a result, publishers would have to rely on revenue sources like paid subscriptions. The open web would not remain as open as it is now. But it is not possible for every publisher to sell subscriptions or make users log in.
So What’s the Role of Google Privacy Sandbox here?
As we mentioned before, internet users are moving towards cookieless alternatives. Since the Chrome browser supports the third-party cookie, if it continues the support, then many users will stop using Chrome. Currently, Chrome has the biggest market share and it helps Google in running its advertising business smoothly. If Google wants to maintain its browser market share and run its ads business as it was then it has to remove the third-party support from Chrome and come up with an alternative. The alternative is Privacy Sandbox.
The aim of the Privacy Sandbox is to keep the efficiency of ad delivery intact (targeting, conversion, attribution, reporting, etc) without the use of third-party cookies in Chrome.
How Would Google Privacy Sandbox Work?
Google Privacy Sandbox tries to provide anonymity to the user data at the same time it wants the advertisers to continue behavioral targeting. The project is currently in infancy and therefore a lot of doubts are floating around in the industry.
But based on the information released so far, a rough outline can be drawn about how things might work in the future. Most of the work will be done through browser APIs.
Trust Token API: This API will be used by publishers to differentiate between human and bot users. Users may be asked to fill out a form. Cryptographic tokens would be allotted to the trusted and non trusted users. Due to the cryptic nature, it wouldn’t be possible for the site to track the user. In this way, fraud detection could be carried out without breaking into the user’s privacy.
Aggregated Reporting API: As the name suggests, this API will be used for reporting needs. Performance-related information like impressions, views, reach, etc would be collapsed into a single report without cross-site tracking of the user.
Conversion Measurement API: This API will help advertisers in finding out whether a user was converted by clicking on the ad or buying the advertised product.
Privacy Budget: This feature will limit the sites in collecting user data and types of signals. A budget will be allotted to the site for retrieving data from the APIs. In this way, only the most necessary user data will be passed to the website.
Federated Learning of Cohorts (FLoC): This will be a key that will be used to club the users together based on their interests. The data from the browsing history will be used to determine the interest. Creating flocks will help in concealing the personal identities of the users. We’ve covered how FLoCs are created and how ad platforms will communicate with Chrome to target through FLoC ID here.
Turtle Dove: This API will be used to target the flocks that we discussed above. Since the flocks are interest-based, targeting turtle dove will also be based on interest.
First-Party Sets: It would enable publishers to declare multiple domains owned by them as the same first-party.
In a nutshell, all the user data will sit safely in the Chrome browsers of the individual users. The interests of the users will be discovered on the basis of their browsing history. The users with similar interests will be grouped together. Only Chrome will know about the group to which a user belongs. The API will signal only the groups of the users and the buyers will be targeting those groups. The remaining APIs will help in all the supporting activities like reporting, fraud detection, conversion tracking, etc.
The First-Party Sets will be used to enable targeting across multiple sites owned by the same publisher. Cross-site targeting across the web will not work. Privacy Budget will ensure that a limited amount of user data is being disclosed so that granular targeting cannot be done.
“For instance, an ad tech provider might call Chrome for a list of people who have visited a group of 100 sites, avoiding granular targeting. Or, Chrome might group people with similar browsing habits.”
– Sarah Sluis, AdExchanger.
If you do not know, An API is a computing interface that defines interactions between multiple software intermediaries. In our case, the APIs will be used to transmit the required data from the browser to all the entities working together to serve the ads.
All these ideas are at their infancy stage and there are almost two years left before their implementation. So it cannot be guaranteed that the mechanism will work in the same way as we are seeing it right now.
Would Google Privacy Sandbox be as Good as 3p Cookie?
If we talk in terms of personalized and target ads then the answer is ‘no’. It is so because the whole purpose of the Privacy Sandbox is to save users from individual targeting. Group targeting will definitely be less accurate than targeting an individual.
That being said, in a recent update, Google says that, with FLoCs, advertisers can expect at least 95% of the conversions per dollar spent when compared to today’s cookie-based advertising. That’s an impressive result and it seems that we can still have interest-based advertising in the post-cookie world.
If we talk about its effects on revenue then the answer is “we can’t say”. It is so because when every buyer in the open market will be using the same targeting criteria then the sandbox will become a new norm. If earnings start to fall and all publishers start taking initiatives like setting minimum floor prices, then the earnings may come back to normal. But again, it’s hard to say.
Although, following privacy policies may become easier and less risky as the publishers will not be holding any personal information.
What Should Publishers do about it?
The open web is guaranteed to work without third-party cookies in the future. To deal with the situation Google is building a privacy sandbox, IAB is working on Project Rearc, companies like Pubmatic and Criteo are coming up with their own solutions.
The next move for publishers should be to build their first-party database. By doing so, publishers will be less dependent on the third-party data and therefore the losses (if any) would be mitigated. Remember, once the Privacy Sandbox comes into existence, the browser takes center-stage and it will play an irreplaceable role. From targeting to tracking to measurement, every platform has to rely on the browser. So it is better to stay prepared.
