The dust is slowly starting to settle after Google’s announcement in early March that it won’t build new ways to track users or support email-based IDs once third-party cookies are phased out in Chrome.
But the industry still has heaps of questions.
Will publisher-provided identifiers (PPIDs) be used on YouTube? Will buyers and sellers be able to use an encrypted pathway to pass hashed emails and/or the other new cookieless IDs being concocted by the industry? Do FLoCs actually solve the privacy problems associated with third-party cookies, or do they just create new ones?
And will Google, despite its claims to the contrary, eventually find a way to continue tracking users across the web as some in the industry believe it will do?
Senior AdExchanger editor Sarah Sluis put these questions and more to Chetna Bindra, Google’s group product manager for user, trust, privacy and transparency, during a fireside chat at AdExchanger’s Innovation Labs: Identity Day event on Tuesday.
Are PPIDs essentially a workaround?
Last week, Google announced plans to expand the use of PPIDs, which are unique identifiers created by publishers based on a first-party cookie or login ID that can then be hashed and passed to buyers through Google Ad Manager.
PPIDs aren’t new – they’ve been around since roughly 2013 – but they’re potentially newly useful as a way to make first-party cookies shareable with a demand-side platform.
But how does that development make sense in light of Google’s assertion that email-based IDs are no bueno?
The difference is the focus on facilitating first-party relationships, Bindra said, and making sure that publishers can continue to use their first-party data to monetize their sites – and only their sites – through Google’s sell-side platforms.
“It is something we ensure is kept publisher specific,” Bindra said. “We are not pooling or enabling pooling to happen across publisher sites … [and] as Google we will not be able to read or act on any data that represents a user being tracked across the web.”
Good enough for me … but what about thee?
Which is fine, but begs the question of whether Google plans to sip its own Kool-Aid and use PPIDs on YouTube.
Technically, the answer is no. Conceptually, though, the answer is yes.
The technology that YouTube uses to monetize via first-party data is not the same technology that underpins PPIDs, but the principle is the same, Bindra said.
“It is absolutely consistent with YouTube or any other publisher property that we have where it will primarily be first-party personalized based on that direct relationship with the user,” she said.
So, publishers are covered, but can brands connect their first-party data into a PPID?
As long as the data a brand brings to bear is first party, then bring it on.
Google’s ad platforms will continue to support advertiser first-party data so that buyers can target users on different sites if those users are also “represented within that particular publisher’s first-party data,” Bindra said.
That’s as true for PPIDs as it is for the APIs in the Privacy Sandbox, including FLEDGE, TURTLEDOVE, et al.
Are FLoCs a can of privacy worms?
Speaking of the sandbox, though, big questions remain about one of the most talked about proposals under development – Federated Learning of Cohorts – and whether it’s truly a privacy safe replacement for third-party cookie-based behavioral advertising.
The Electronic Frontier Foundation, for example, doesn’t think so.
Beyond valid questions as to the efficacy of cohort-based advertising – a major topic of debate in the W3C’s Improving Web Advertising Business Group right now – one of the biggest concerns about FLoCs is whether the unsupervised machine learning algorithm that will be used to create them could end up grouping users into sensitive categories.
Because it’s one thing to create a FLoC of auto intenders in a certain geo, and quite another to cluster a group of people based on religion, for example, ethnicity or whether they’re suffering from depression.
According to Bindra, Chrome is very focused on making sure that individuals will not be placed into groups that are “deemed sensitive.”
“There is a lot of testing and technology being developed here before a cohort becomes active,” she said.
One option, she said, is for the browser to analyze whether someone is visiting pages related to sensitive topics at a high rate and then, without the browser necessarily knowing what the specific topics are, to prevent the clustering of those people based on those categories.
(What could go wrong?)
Okay, sure, let’s trust the machines. But how can people opt out of browser-created FLoCs?
The dialogue about how consent, opt-ins and opt-outs will function in the Privacy Sandbox is “still ongoing,” Bindra said.
“The origin trials that are planned for later this month are focused on ensuring that users are able to opt out of FLoCs,” she said. “It’s still in the early stages to really evaluate what that looks like.”
But what about Google’s inherent advantages over the rest of the ecosystem, like the fact that it’s got a proprietary browser that people can log into?
Google has no intention to build or use any type of technology to track individual people as they browse the web, Bindra said, including using the Chrome login which, “is not meant to be core to do any of the ad monetization efforts moving forward.”
“Just to emphasize and underscore it – and Jerry Dischler [Google’s VP and GM of ads] said it at the IAB [Annual Leadership Meeting] last week, as well: We will not build backdoors,” Bindra said. “We will not build workarounds for ourselves to continue to track individual people as they browse across the web.”
So, once and for all, Google will not support the Unified ID 2.0 initiative?
Bindra had a one-word answer for that one: “Correct.”