The web is about to change. For years, third-party cookies have powered the free web, providing data and information for advertisements targeted precisely to us. A situation that has created concerns for the privacy of us users, even on the part of regulators (especially in Europe). For this reason, Google is gradually rolling out to Chrome and Android Privacy Sandbox, a system of tools and services that aim to protect the privacy of those who browse online, while allowing companies to provide advertising based on our interests. To better understand how Privacy Sandbox works and how Google will implement these changes in Chrome and Androidwe spoke with Hanne Tuomisto-Inch, Director of Privacy Sandbox Partnerships EMEA. Who explained to us in a dedicated press conference what this means for both users and companies.
Privacy Sandbox, how Google’s project works
If you work in the online advertising sector, or if you are particularly attentive to privacy on the web, you have undoubtedly already heard of this project. Hanne Tuomisto-Inch explained to us that this is a multi-year initiative, which aims to “protect users’ online privacy – for a free web for all“.
In fact, if Google has received the first ‘ok’ from regulators for over a year and has started enabling Privacy Sandbox in Android and Chrome this year, other changes are on the way. From the second half of next year, Google’s browser and mobile operating system will stop using third-party cookies, making Privacy Sandbox a set of tools essential for advertising and website functionality.
A new sensitivity on privacy
This decision by Google doesn’t come out of nowhere. The manager explains to us that attitudes and concerns about privacy have changed. “It’s clear that the growing focus on privacy is not a passing fad“. Instead, it represents a fundamental shift in what we expect from online businesses.
The data confirms that this is happening. Google reports that 80% of users believe that attention to data is very important. By the end of this year, 65% of the world’s population is expected to have stronger legislative privacy protections. So that “the advertising model built on third-party cookies can no longer meet user expectations“.
An effort by the entire industry (but with Google as a protagonist)
To meet these needs, explains Tuomisto-Inch, it becomes vital to develop durable products that put privacy at the center, while allowing companies can succeed with advertising. Google thinks that “free content – from news to manuals to videos – should reach everyone, no matter their income level or location.” But guarantees must be given that data regarding online activities are protected. An effort that must be conducted at an industry level, the manager explains to us. But it goes without saying that Google, which has both the browser and the most popular mobile operating system in the world, can only play a leading role.
Privacy Sandbox was born as a project in 2019. It wants to allow “a healthy system supported by advertisements, better protecting user privacy but also the needs of companies”. People they should not agree to give up their data to have personalized experiences. It’s not companies should not track individual users on the web or on apps.
This future is approaching. “In the second half of 2024, we will phase out third-party cookies on Chrome.” Why not right away? Tuomisto-Inch explains that some users and platforms have started to do this, but without valid alternatives. This can put users’ privacy at greater risk, as it could push them to adopt hidden tracking (such as fingerprinting). Google therefore wants to work with partners, because the entire industry needs to test and participate in the development of new technologies.
Google aims to “continue to support effective advertising, for finance a healthy web through ads. Thus keeping contents and services accessible to all.“
What Google Privacy Sandbox is (and isn’t).
During his explanation of the project, Tuomisto-Inch tells us bluntly that Privacy Sandbox works for everyone the same way: everyone, including Google Adsense, have the same access to data. It’s about API (Application Programming Interfacea set of definitions and protocols for integrating software) that everyone can use: they are open source, available to everyone. This is “one of the commitments that Google has made with the English Agcom and which we are applying globally.”
Google also explains that Privacy Sandbox is not a standalone solution for partners and customers. E it is not a “replacement of third-party cookies”. With Privacy Sandbox, Chrome is providing the ‘building blocks’ for tech providers: for those who provide advertising services on websites or in mobile applications. This way they can collect information that does not violate users’ privacy, which they can add to first-party data (all information collected by apps, sites or physical stores) e contextual (the site or app the user is using, for example). Companies will use all of these technologies to deliver ads that users will find interesting. But without having to (or being able to) profile each user individually.
In fact, Tuomisto-Inch explains that Privacy Sandbox is not another type of tracking. However, it improves privacy with respect to third-party cookies and other forms of identification.
How Privacy Sandbox works
According to Google, simply removing third-party cookies from Chrome and Android would not have been enough. Among the cookieless solutions, there are new types of cross-site identification (between different sites you visit) that follow IP addresses or user data such as email address. This allows you to identify users on other sites. Like third-party cookies, these technologies track user activities across different apps or websites, allowing individual-level profiles to be created for users.
Google explains that Privacy Sandbox doesn’t work like that. Leverage other technologies, such as PETS (Privacy Enanching Technologies). It aggregates data, obfuscates it (adding data to make it impossible to identify individual users) and above all takes advantage of on-device computing (on the device), ensuring that your data does not leave your device. In this way, Privacy Sandbox hides user information and gives greater privacy guarantees.
Diverse API
The Privacy Sandbox APIs developed by Google are many and varied. An example concerns theAPI Topics, one of the proposals that aims to show relevant content and ads, without undermining privacy. Topics allows you to show ads to users based on their browser activity, without revealing specific sites to external parties – including Google.
Topics determines a series of topics (fitness, travel, etc.) that represent your interests, based on your online experience. Your browser determines the topics associated with the websites you visit – not you. A website about yoga, for example, might be classified as fitness-related. So, when you visit a partner site, you will share one of the topics that interested you with the site and its advertising partners.
Everything directly from the device: it does not pass through servers, Google or others. Furthermore, Topics occasionally inserts extra information at random, in order to make it more difficult to accumulate data about you. Other APIs, such as Protected Audience e Attribution Reporting, they limit the amount of data that sites and advertisers can have. By aggregating information about your interests, obfuscating it with some data added at random and always operating on the device, it increases privacy compared to third-party cookies. But it provides relevant ads and content, based on your interests.
Over 20 APIs, not just for advertising
There are over twenty new technologies in the Privacy Sandbox, which is not limited only to the world of advertising. Most sites use data from third-party cookies for some functional elements of the site. So Chrome wants to “guarantee these use cases, if legitimate, even after eliminating third-party cookies. For this we have developed other APIs for increase cross-site privacy to prevent covert tracking.”
L’API CHIPSfor example, allows sites to use built-in services (such as social media links or chat supports) without problems. Related Website Sets allows the use of some third-party cookies in a first-party context to minimize some functions, such as “sign-in” on sites and services (for example, if a publisher has several domains or different sites). In this way, interruptions in browsing are reduced without sacrificing privacy.
What will happen between now and deletion of cookies
Tuomisto-Inch explains to us that, to date, almost 100% of sites use available Sanndbox technologies. So advertising providers and developers can do meaningful testing in their products and services. There are tons of companies that are using these technologies and providing feedback to improve the APIs. Among these there is Blendeean Italian company that is collaborating with Google – but there are many others.
Additionally, Chrome is making testing easier for…