Interested in learning more about us?

Subscribe to our newsletter

Send us a message

Back to blog

The ongoing guide to Google’s Privacy Sandbox 

By Steve Adams
Content Strategist
February 25th, 2020

Back in January, Google introduced the Privacy Sandbox: a set of initiatives intended to cement user privacy in programmatic advertising. This announcement spelled the end for the third-party cookie—which allowed advertisers to track users using personal data. The consequences of this loss are numerous and the privacy-centric replacement solutions proposed by Google are still pretty early in development. They are also still fairly vague.

Kate Dye is the product manager of the district m exchange (dmx), and she is following the developments of the Privacy Sandbox very closely. In this video series, Kate will give a guide to Privacy Sandbox and will be giving updates as they roll out from Google.

An intro to Google Privacy Sandbox and Key definitions



On January 14, Google made this announcement, which was a seismic shift for the industry. The Google Privacy Sandbox has been around for a little while. They’ve come out and said, in two years’ time, roughly, there’s going to be no third-party cookies. What they have presented is a form of guidance. There’s not necessarily actual tech that you could start to use just yet. But there’s a bunch of different you know, conversion, attribution, learning cohorts, and even decisioning on the edge that they have presented to the advertising and marketing industry, and publishers to start to use and play around with and build. I ream going to start out with just some terms because there’s some privacy terms, some new acronyms—because this is ad tech, and we love our acronyms—some computer networking terms. So the idea is really to make it easy to understand or at least start to understand what some of these initiatives are—one which was new to me was federated which means it’s a collective sort of an agreement where a bunch of different entities agree to do something in the same way. So in this case, there are the Federated learning cohorts. So instead of each ad network exchange, or publisher or brand, having their own way of mapping identity, you have everyone contributing, so everyone could contribute to identifying that someone’s a sports enthusiast. And that would be in the browser. Another term that is very prominent, and I think one of the exciting growth areas if you will, is the edge. So edge computing is essentially, it’s best understood as it relates to cloud computing. So cloud computing is decisioning happening on a server somewhere, whether it’s AWS, Google Cloud, etc. So this would happen on node devices. So in the case of advertising, it’s people’s devices, your laptop, your phone, and so on. And for publishers, they might be familiar with this, because Prebid, one of the most popular ways of holding an auction, happens on the edge on a user’s device. Whereas there’s been recently a move to server-side bidding, whether it’s a private server, Amazon TAM, or custom integration. But edge computing is really exciting. And it’s really prominent in TURTLEDOVE, which is part of the Google Privacy Sandbox. The announcement that Google made is that third-party cookies are going to go away. So third-party cookies are when I go to a website. That website could drop a cookie on my device. And it would be a first-party cookie because it’s the first party website that I’m on that’s dropping the cookie. Whereas a third-party cookie is either in an iframe or via some JavaScript, some mechanism where a different domain like an advertising network, dropping a cookie on my device, and then if there’s already a third-party cookie there, and that information along with all of the data lake of information about me can be used to show me relevant ads. So what Google and Apple have done already is to get rid of that option, where third-party cookies can work across domains.


Privacy Sandbox initiative TURTLEDOVE


TURTLEDOVE stands for two uncorrelated requests then locally executed on victory; finally remembered it. I see TURTLEDOVE as emblematic of this move to the edge. So instead of the decision happening in an ad exchange or an ad server, it’s actually happening on a user’s device. So the two uncorrelated requests are: the first one is very similar to what we have now. But it’s all about context. It’s going to have the URL in it, but it’s not going have anything about the user or anything interest based. And so that might in an example, I go to, you might have information about the ad placement, where it is on the page, what sizes obviously, and then an ad network could respond. The other set of requests are more about a user’s behavior and interest. And so that is not necessarily even centre the same time as the context one, in part, because then that prevents bad actors from trying to correlate the time and kind of work backwards to map those two together. Now, brand safety will be really important if you want to use an interest-based request, which is sent, you know, beforehand. Let’s use an example, for example, Nike knows that I really like basketball and maybe I want a new pair of LeBrons. So that information could be sent from my browser to an ad network before I ever go to The ad network might respond with the ad. It’s actually stored on my browser, even though it’s not displayed yet. Later when I go to, the contextual requests is sent out that says, hey, this is ESPN, top of the page, 728 by 90, and they respond with some ad. Now, it’s actually my browser that decides which ad is going to be served. There’s going to be potentially some JavaScript with some logic, or then you’d be able to show the LeBron ad, or the contextual ad, whichever one wins. This is a little bit opaque. And I can sense that marketers might be a little bit apprehensive. It will also be really important here for there to be like a separation of church and state that there’s Google Chrome and Google the advertising company, which I think you know, they’ve done a okay job of so far. Brand safety would be really important in this case, because the ad that’s being sent to my device, that’s based on interest, the advertiser might not want to show that depending on what site It is. In my example, ESPN and LeBron shoes, there’s pretty good alignment there. It will be really important for ad networks and exchanges to make sure they have something in place to prevent brand-unsafe webpages like in real-time Prebid. Because if you can do that, then an advertiser with an interest-based ad doesn’t need to worry about, you know, an ad showing up on a site that they don’t know about.


Privacy Sandbox’s impact on the ad-tech industry


There are a lot of different takes on who’s going to benefit. How doomed is the industry? And one of the big questions is are walled gardens going to benefit from this change? Maybe, I mean, in times of change people often go to the incumbents that are sort of reliable, they seem safer. And of course, they have all of their data within the walled garden, which makes it more, gives them more longevity. Things like TV advertising, you know, social, influencer marketing, out-of-home, all of these means of advertising in all of history, have not relied on third-party cookies and the systems that we think are so important and that we absolutely need and we’re worried about going away. So, you know, those have been pretty successful. And there’s nothing to say that the sort of cohort approach they use, can’t work in digital advertising. Maybe perhaps brand, brand endemic or semantic contextual will make a comeback. I think that contextual has sort of been, I don’t want to say a dirty word, but it’s been viewed as outdated. But there’s lots of new and interesting ways of doing contextual that maybe not many players had the tech resources to do at scale. Doing things like page level, contextual, and semantic contextual targeting, are really great opportunities to say we don’t actually need to rely on cookies at all. We can get enough context and information and you know, as a brand, perhaps understand our users well enough to know where we want to show them an ad and a certain message without relying on a known person. Another term that is not quite related to the Privacy Sandbox directly, but has become more popular, sort of as a result of this move away from relying on third-party cookies, is the CDP (Customer data platform). And what is a customer data platform? Well, it’s very similar in intent to a DMP, which is a data management platform. However, data management platforms often rely on these workflows that all tie back to third-party cookies, where the customer data platform is really about creating this global view of a customer if you are a brand.



Google Privacy Sandbox creates a golden opportunity for publishers to leverage first-party data



One of the parts about Sandbox, and already now with Safari, that’s going to be way more important for publishers especially, is using first-party data. Publishers have this sort of latent asset that’s not necessarily being used and I think a lot of them are thinking about it. And that’s really exciting. I think it’s certainly something that we’re focusing on at district m, and enabling publishers to activate their first-party data, their relationship and understanding about their users in a way that they don’t have to port that data out somewhere where or they don’t have control over it, or tie it to a third-party cookie where it’s not going to be around for that long. A bunch of different publishers are either using existing DMPs that or newer DMPs often that are tied to first-party cookies, or they’re building them in-house or maybe they’re creating a taxonomy about their content to better expose that to advertisers. So there’s lots of different strategies but I think it’s very exciting for publishers because they’ve kind of previously handed over control of, monetization and understanding of consumers. And that’s kind of gone down the chain too far. I think over the course of the next year and a half, two years. It will be way more important as a publisher to leverage your first-party data assets and partner with advertisers, partner with exchanges to expose that.



What will Privacy Sandbox do to attribution in digital advertising?


One of the things that is going to go away with the end of third-party cookies is actually attribution, frequency capping, you know, conversion tracking. And I don’t think that’s necessarily, at least from a publisher perspective, the first thing people think about. And it’s maybe not the first thing that consumers think about when they learn that interest-based tracking is going to get harder. But Google has a couple solutions to that. They have an Aggregate Reporting API, and Conversion Tracking API. And the high-level intent is that there’s going to be machine learning and in general, some obfuscation to prevent people from identifying that the sort of one-to-one, this person converted based on seeing this ad at this time on this site, and instead having sort of aggregated, grouped reporting so they can still track what’s effective, what campaigns are performing, and so on, but they’re not going to be able to, there’s going to be noise intentionally added into that to prevent them from having one-to-one tracking


Like what you see?

If you’re interested in learning more about how district m can help your business, please reach out to us!