DIGITAL ROUNDUP - August 2024

Welcome to this month’s edition of the roundup to some core updates in the digital advertising industry.

NB: the following represents my own opinion

Google remove 3P Cookie Deprecation timeline in favour of user consent approach

Google dropped a major update to the state of 3P cookies on Chrome and the future of the Privacy Sandbox on web by moving to a new approach involving a consumer led prompt to manually opt out of 3P cookies (https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/)

DEEPDIVE

A blog post from Google which has set the industry into a frenzy of reactions / opinions, taking the past 4 years of 3P cookie deprecation into a new stage. Let’s be clear here, in reality nothing has changed and despite the very tabloidy initial news articles out there, 3P cookies are still going away. Just the onus is moving away from Google and onto consumers.

Much is still to be learnt on what this will look like and the overarching impact this will cause to the ecosystem. There have been plenty of reactions already:

  • The CMA who have been reviewing the Privacy Sandbox in somewhat silo to where 3P cookies would end, have made it clear they are needing to factor in this new design into what it means for the Privacy Sandbox & therefore did not release their latest Q224 report.

  • The ICO have now even more importance in what this may end up looking like, who reacted with a disappointment reaction given the change of stance from Google. The ICO firmly believe that 3P cookies should go full stop in tandem with other browsers.

  • Plenty of vendors in the space are eagerly awaiting the next steps of what this user choice prompt will look like but the more mature are still ensuring that the Privacy Sandbox remains part of their plans

Certainly users can already opt out of 3P cookies in Chrome today by navigating to the appropriate Privacy settings where you can fully opt out or actually set an approval list for certain websites / trackers to work. This to some degree aligns with some prompts Google have made with the Privacy Sandbox & 1% opt out grouping over the past 12 months within Chrome. But as most people have mentioned, the similarities to an Apple style ATT prompt on iOS could dictate a very low opt in rate, considering consumers are less likely to trust Google.

Digging deeper on this ATT comparison, its important to note that the App space is much simple. The currency (IDFA) is the same across advertisers & publishers. A 3P cookie on web has been manipulated to be similar but not exactly the same, considering the limited persistency but also the additional middlemen like data brokers / collaborators / SSPs / DSPs / adservers that sit in the web ecosystem. Therefore whatever this prompt is if super strict, would implicate a much wider range of vendors. And what happens if there is no consent on ATT? The good old trusty SKAdNetwork API. And what does that look like in Chrome? Privacy Sandbox Attribution Reporting API. Which i’d expect to be more likely to be fundamental to the end game.

Speaking of the Privacy Sandbox, the choice of wording in the blog post is telling. Privacy Sandbox is not going anywhere & it never was. The more security / backend proposals like CHIPS or Privacy State Tokens are very viable & should be moved to production. IP Protection (Google’s VPN style approach similar to Apple’s Private Relay) is a green light as mentioned in the blog post. But the more ad centric ones like Topics, PAAPI & ARAPI are the most critiqued. And whilst I expect this to continue, some form of them will likely release no matter what happens to 3P cookies.

So what is next? In a way it doesn’t matter. The smart advertisers / publishers need to fully adopt an approach across their tech stack / measurement that is not dependent on any form of legacy identifier like a 3P cookie but also considers what may be the next in line to be targeted (IP address / user agent / alternative ids). My bet is Google also now take Android, the app space which has been on the same path to a 3P cookie with AAID deprecation & has a Privacy Sandbox, as a means to do what Apple did with iOS14.5 & ATT. There are plenty of other variables like the Google antitrust case in the US in September, which can be construed as Google showing neutrality now to help with that. But innovation remains the most important word to keep striving forwards.

Apple double down with private browsing 2.0

Apple have more formally introduced its approach to privacy on Safari with Private Browsing 2.0, specific to removing unwanted tracking whilst using the browser. (https://webkit.org/blog/15697/private-browsing-2-0/)

DEEPDIVE

In quite coincidental timing to Google’s 3P cookie update, Apple have made a new blog post on the state of their web tracking on Safari dubbed Private Browsing 2.0, whilst also taking aim at Google’s Privacy Sandbox Topics API, accusing it of digital fingerprinting.

The blog post is quite long but there isn’t a huge amount of new updates to report here, which is not surprising to hear but still should not be ignored. The facts are:

  • This only relates to Private Browsing i.e. Safari’s incognito mode and is still yet to be default for the main browser experience

  • There is a big focus on workarounds that may exist in the adtech ecosystem to do tracking without legacy approaches, which includes the use of click based tracking parameters such as click IDs, the use of 1st party cookies & even more technical concepts like local storage / cookie partitioning that are starting to be “abused” in the vein of ad tracking

The writing is on the wall as to whether Apple would take these changes to a more standard level, but it is clear to see their definition of privacy is changing with the times. So the likes of query parameters, ip address & 1P cookies are not safe here. Ironically to this, Google have recently made some updates to their Google Tag dubbed first-party mode, to where some of these tweaks can definitely play with fire on Safari & where the likes of Adobe have already explored to futureproof their Analytics platform.

OtHeR KEY CALLOUTS

SOCIAL / SEARCH HIGHLIGHTS 📱

  • Microsoft will be making consent mandatory through their ad platforms, requiring the addition of a consent mode solution into pixels (Microsoft)

  • LinkedIn have released a new Sponsored Newsletter solution as part of their ads offering (LinkedIn)

  • TikTok have added more privacy controls to its platforms as a result of data regulation needs (TikTok)

  • Meta have made additional changes to remove the ability to use detailed targeting options as exclusions within Ads Manager (Meta)

PROGRAMMATIC HIGHLIGHTS 🌐

  • Reach have announced their integration with TTD’s EUID, the European version of the universal identifier that leverages hashed email as a basis (NewAgeDigital)

  • Ozone have partnerned with Yahoo to offer premium publisher audiences at scale through the Yahoo DSP (Ozone)

  • DoubleVerify have released a mapping of their solutions to Oracle Grapeshot contextual segments, for any legacy Oracle customers looking to move (DoubleVerify)

  • Adform have made significant updates to its tag management workflow within their platform (Adform)

  • Outbrain are in advanced talks to acquire Teads from Altice (BusinessInsider)

IDENTITY HIGHLIGHTS 🆔

  • NOYB have called out Microsoft for their approach to dealing with GDPR opt outs (NOYB)

  • Merkle / Cardinal Path have a nice new blog on why GA4 UI vs BigQuery data may not match (CardinalPath)

  • Meta are on track to be the first major company to be fined by the EU Commission for antitrust reasons under the DMA (Reuters)

  • Google have written up a nice overview of their BigQuery Cleanrooms offering on LinkedIn and how it works with other solutions (LinkedIn)

  • Some nice independent research on the impact of Apple ATT on ads (SSRN)

For any additional questions or comments, feel free to contact on the form below!