Google, in a recent blogpost, shared their updated timeline for their Privacy Sandbox milestones, including a fresh set of dates on phasing out the third-party cookie. Launched by Chrome in 2019, the Privacy Sandbox is supposed to be a collaborative, open-source effort to develop a new set of standards in the form of web standards to define an Open Web Platform that replaces legacy and data-intensive mechanisms with safer solutions that protect the consumer's privacy.
It is important to note that the Privacy Sandbox initiative covers preventing covert tracking, verify consumer’s authenticity, show relevant content and advertising, and more importantly, measure digital ads in an anonymized way. A very tall order.
Despite offering more than 30 proposals along with an active engagement with all the industry bodies across brands, platforms, and publishers, the reality is that the Privacy Sandbox failed to reach admissible consensus from the industry for total deployment. And this falls across two broad areas.
- On March 23, Google’s current FLoC tests were declared to be non-compliant as per the GDPR standards. Questions were raised about whether a browser assigning users into cohorts counts as a use of personal data without consent, may be a privacy violation. Testing of FLoCs was stopped across EU nations and Google could run their tests only in the US and in APAC. Till now, there are no plans for when the testing will begin in Europe.
- On January 8, the UK’s Competition and Markets Authority (CMA) announced its formal investigation of the Privacy Sandbox in January. "We welcomed the opportunity to engage with a regulator with the mandate to promote competition for the benefit of consumers," [said Oliver Bethnell, the head of Google’s EMEA competition team, in June.] These commitments include zero self-preferencing and no data advantage for Google advertising products apart from involving the industry for a much deeper consultation and collaboration. This would not have concluded before the end of 2021.
Privacy Sandbox needs more work to gain industry acceptance and adoption. It requires more discussion, more testing to be ready for scaled-up adoption. This is also now linked to satisfactory clearance from the CMA before anything can be rolled out.
What does this mean for the industry?
- This does not mean that the industry will have to wait for the next 24 months and watch Google launch the new Privacy Sandbox through another blog. This is now an active industry and regulatory engagement starting now for the next two years.
- Once the testing is complete, publishers and the advertising industry will get nine months to migrate their services. Google will then, over a period of three months, phase out the support of third-party cookies in late 2023.
The industry must take this opportunity, to prepare itself well. The objectives of the Privacy Sandbox cannot be faulted. It is just that the path to get there requires more collaboration and consultation. Should Google prefer to avoid the same mistakes once again and accelerate the rollout, in my view, they have two steps to take.
- Browser-based cohorts are a non-starter. We need to move to universally codified cohorts for acceptance and adoption. The industry needs to spend a lot more time standardizing this.
- ANA has recently launched an Advertiser to Audience programmatic transparency audit. Perhaps a deeper discussion is required on how there can be zero self-preferencing and no unfair advantage for Google’s advertising products.
We now have 24 months to do this properly. In partnership with Google.