The Privacy Sandbox And A Pre-emptive Breakup Of Google?

Alan Chapell

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Alan Chapell, president at Chapell & Associates.

Like most of you, I’ve been following Google’s announcement of the Privacy Sandbox, the eventual depreciation of third-parties cookies in Chrome and the regulatory activity taking place against Google and other platforms. And I’m starting to think they may be related.

As of December 2020, Google is dealing with complaints from the U.S. Dept of Justice, the Competition and Markets Authority in the United Kingdom, the Attorneys General of Texas and several other U.S. States and the Consumer and Competition Commission in Australia. And then there’s the 100 million Euro fine recently imposed by the CNIL for Google’s alleged failure to obtain consent for cookies.

Meanwhile, Google’s Chrome team continues to work towards depreciating third-party cookies and creating a new cohort-based ad platform via a W3C Business Group. I’ve been thinking about this for a while now. My sense is that Google’s strategy is predicated on three realizations:

  1. A government mandated breakup of Google is likely.
  2. Cookies provide an audit path for regulators – one that may not be accessible via other tracking mechanisms.
  3. The globalization of GDPR (and GDPR-linked consent requirements) will make cookie based display advertising too risky and costly for Google over the long term.

Those realizations may be driving a good deal of Google’s strategy with respect to its Privacy Sandbox and depreciation of third-party cookies. The whole point of Google’s bird-themed Privacy Sandbox proposals (see TURTLEDOVE and FLoC) under consideration – and implicitly blessed by the W3C – is to move the ad serving process from the open web into the browser. And while Google has clearly stated that its current ad tech stack will be subject to the rules of this new ad platform, those assurances may be rendered moot. In other words, providing an assurance that Google’s third-party networks will adhere to the Privacy Sandbox rules is only a big deal if Google intends to maintain those third-party networks over the long term.

I’m just speculating here, but I’m starting to wonder whether Google might be looking to re-design or even replace its third-party networks in favor of something that would subject Google to less regulatory scrutiny. Similarly, I’m wondering if Google would consider offering a pre-emptive breakup in order to appease regulators without necessarily impacting its own bottom line significantly. Let’s look at the spinoff concept first.

I could see a scenario where Google attempts to negotiate a spin-off of its third-party display ad tech stack with regulators in hopes of preventing a more comprehensive breakup that could include YouTube, search advertising, Chrome and/or Gmail.  I’m certainly not the first person to suggest this as a possibility. In fact, the CMA in the UK already noted the separation of the ad server from the rest of Google’s business as being one of the potential remedies for addressing the CMA’s anti-competitive concerns.

Such a spinoff would be applauded in certain circles as a win for regulators – and might serve to keep the heat off of Google for a period of time. It would certainly look like a significant move on paper – as the third-party advertising component represents over $20 billion in annual revenues. But would this really be a long-term concession for Google? I’m not so sure….

Say what you want about cookies, but they offer an easier path for regulators seeking to enforce consent rules than similar tracking offered by walled gardens with logged in users. Facing cookie fines from the CNIL and other regulators is hard enough. But given that GDPR-like consent laws are emerging world-wide, Google may be reading the tea leaves and conclude that an HTTP cookie-based approach will carry too much risk in too many places.

Since its acquisition of DoubleClick, Google has consistently made moves designed to provide it with additional tools which – at least in theory – could be used to create an alternative ads product. This product would have equivalent functionality to Google’s current third-party ad tech stack, but function entirely inside Google’s walls. For example, Google’s Accelerated Mobile Pages (AMP) arguably creates a scenario where Google is able to operate as a first party on publisher pages. Similarly, some have speculated that Chrome’s  “X-client-data” header could be used as an internal advertising ID that would be much more difficult for regulators to capture in future “cookie sweeps.” Not to mention the dozens of products and services for which Google already has logged in user relationships with its users.

So if I were Google, I’d make sure that – sooner rather than later – I’m in a position to serve targeted ads to the same audience currently captured by the ad stack formerly known as DoubleClick without using any of that ad stack’s plumbing. Meanwhile, the rest of the marketplace will be stuck with a clunky bird-themed ad platform that doesn’t serve advertisers nearly as well as what Google has built internally.

If my thinking is correct, selling off that ad stack now might result in a significant short term revenue hit, but would have a minimal impact on Google’s revenues over the long run. Moreover, transitioning ad products from something that is more viewable externally by regulators into something that is more difficult for those regulators to decipher may mitigate against one of the largest privacy related threats to Google.

In this light, the Privacy Sandbox may be able to address two of Google’s biggest regulatory challenges in one fell (bird-like) swoop.

Follow Alan Chapell on Twitter.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!