Expectations continue not to reflect reality in the business and working groups of the World Wide Web Consortium (W3C).
In late August, Google software engineers presented a new proposal for the Privacy Sandbox called “fenced frames” that initially appeared to be a compromise with third-party ad companies.
When the proposal was first mentioned before actually being presented at an Aug. 25 meeting of the W3C’s Improving Web Advertising Business Group, John Sabella, PubMatic’s CTO and a member of the group, got excited.
It sounded like something he and PubMatic colleagues had been talking about for a long time: a separate container within the browser that would allow limited data to flow in and out.
Ad tech companies could use a dedicated iframe as a sandbox within the Privacy Sandbox inside of which browser standards, such as TURTLEDOVE, could function and third-party companies, including ad tech, could run their technologies, transact with publishers and experiment in a privacy-compliant way, whatever that will come to mean.
“That would level the playing field, because inside the frame would be a protected space where technologies could operate in an open way,” Sabella said. “If we’re beholden to one set of technology, that limits innovation. Fenced frames felt like it could be a medium for us to be able to do that.”
Except … that’s not actually what Google was proposing.
Rather than anything more grandiose, the fenced frame API would simply enable ads to render without the surrounding page being able to learn what ad is being shown. A third-party iframe could communicate with the page it’s embedded on while simultaneously enforcing a boundary so that user data couldn’t be joined together across sites.
In practice, however, this would mainly enable certain aspects of the TURTLEDOVE Privacy Sandbox proposal, including interest group-based advertising and the ability to render the winning creative of an on-device auction in the browser, without leaking user information.
“It’s an enabler of TURTLEDOVE that tries to deal with the deficiencies related to its implementation,” said James Rosewell, CEO and co-founder of device detection company 51Degrees, and a member of the W3C’s Improving Web Advertising Business Group and Privacy Interest Group.
In other words, another black box, Sabella said.
“Fenced frames is good in that it answers some questions [about TURTLEDOVE implementation],” he said. “But it was also disappointing to me.”
It’s an emotion that non-browser companies participating in the W3C group discussions about the cookieless future are more than familiar with.
Despite some progress to open up the lines of communication between browser engineers and the ad-focused companies – W3C’s Advisory Board have been receptive to concerns raised by the latter, for example – the clock is unforgiving.
Even if Google extends the deadline on its plan to phase out third-party cookies, an enormous amount of work still needs to be done.
For instance, TURTLEDOVE, possibly the most high profile of the Privacy Sandbox proposals, is still in the incubation stage and draft form in a W3C community group. It also remains largely untested at any scale.
“One of the issues we identified through our engagement with the Advisory Board is the perception problem that people externally have about the level that we’re at now,” said Rosewell, who presented these and other concerns before the Advisory Board in early August.
“Everything Google is presenting is very, very early,” he said. “If you take the 17 months that remain against Google’s window during which we need to have a mature and inclusive discussion that will lead to an enduring solution – that’s insufficient time."