Privacy Sandbox response to IAB Tech Lab's Fit Gap Analysis for Digital Advertising

The IAB Tech Lab recently published a Privacy Sandbox Fit Gap Analysis for Digital Advertising. Chrome appreciates the IAB Tech Lab's mission to educate its members on new technologies that will impact the digital ecosystem, and looks forward to continuing to work together to support a deeper understanding of Privacy Sandbox. We also recognize the importance of IAB Tech Lab's larger mission to develop digital advertising standards; it's great to see that IAB Tech Lab working groups are already developing VAST support for Attribution Reporting API, signaling testing labels and expanding the OpenRTB protocol for use in Protected Audience.

The Privacy Sandbox represents the collective work of hundreds of individuals across the industry who've dedicated thousands of hours in various forums to discuss, debate, and provide feedback on the API designs. We are happy to see IAB Tech Lab add its voice to this collaborative, years-long effort. Its Task Force's analysis includes new feedback for Chrome and suggests more areas for the industry to establish new norms and standards. For example, the report points out the potential for groups like the Media Rating Council to evolve accreditation approaches in a world with privacy-enhancing technologies.

However, in our view, the analysis contains many misunderstandings and inaccuracies, which we consider important to correct in order to provide accurate information to the ecosystem. Overall, the report appears to ignore the broader objective of Privacy Sandbox to enhance user privacy while supporting effective digital advertising.

The Privacy Sandbox APIs provide building blocks that support business goals while preserving privacy for people. They are not designed to offer 1:1 replacements for third-party cookies or cross-site identifiers. In order to deliver meaningful improvements to user privacy, it's not viable to recreate every marketing tactic as it exists today. But it is possible to provide solutions that address business objectives by adapting existing approaches and, in some cases, inventing new ones. While this change takes investment, effort, and collaboration, we believe it is both necessary and achievable.

Our response to IAB Tech Lab's analysis focuses primarily on the Technical Assessment section, providing detailed commentary and clarifications across the five programmatic advertising categories outlined in the report: Audience Management, Auction Dynamics, Creative Delivery and Rendering, Reporting, and Interoperability. We believe that it's important to listen to what IAB Tech Lab is presenting and that the ecosystem has the most up to date, accurate information. Overall, the clarifications fall in four primary buckets:

  1. Corrections to assumptions or use case gaps that are supported by the Privacy Sandbox APIs
    • Example assertion from report: "Loss of Runtime Data for Brand Safety."
      This is inaccurate. Buyers continue to receive the URL of the page in an ad request, just like they do today. They can even compare that seller-declared URL with the URL declared by the browser during a Protected Audience auction, which is an extra brand safety check they do not have today.
  2. Use cases that are currently not supported by third-party cookies and are thus out of scope
    • Example assertion from report: "Interest Groups do work across sites, but do not span across devices."
      This is true, and third-party cookies do not span across devices either.
  3. Feedback and/or proposals that could potentially recreate cross-site tracking and go against privacy-preserving goals
    • Example assertion from report: "Until the PAAPI provides a clear explanation of how to pass buyers' trusted signals to the report generating functions, this use case is not supported."
      This feature request is asking for reports that make it possible to identify the person browsing the web, which is not compatible with privacy goals.
  4. Areas where the solution should be determined by the ad tech provider (not the browser or platform) or where the ad tech provider needs to adapt new tactics building on top of Privacy Sandbox
    • Example assertion from report: "Look-alike modeling is not supported."
      There are multiple paths to support the goals of look-alike modeling. For example, learning the aggregate behavior of a seed audience using the Private Aggregation API.

The report also highlights feature requests and areas where the Privacy Sandbox team would welcome additional IAB Tech Lab and broader ecosystem input on possible improvements, consistent with how we've gathered feedback from multiple industry stakeholders, which have informed the design and development of the APIs to date.

We've focused our responses on the Technical Assessment, as an accurate understanding of the Privacy Sandbox APIs is critical to understanding business impact. In addition, the report raises questions around fragmented documentation, commercial requirements, third-party audits, industry accreditation, scalability, transparency and future governance, which we will engage with the ecosystem on and update our public FAQs accordingly.

We continue to move forward with our plans to phase out third-party cookies in H2 2024, subject to addressing any remaining competition concerns from the UK Competition and Markets Authority. We're encouraged by the many IAB members actively building solutions using the Privacy Sandbox APIs. We welcome continued collaboration with the IAB Tech Lab, and support their call to action for companies to start testing the Privacy Sandbox APIs and share feedback on how the Privacy Sandbox technologies can be improved now and in the future.

Access the full report