Google proposes radical privacy framework to protect users and ad targeting

Dive Brief:

• Google unveiled a major new consumer privacy initiative Thursday with a proposal that intends to give users more choice and control over how their data is applied for advertising purposes. The framework is currently open for comment as Google looks to refine the details and position its solution as applicable to the entire industry.
• The proposal centers around three principles: transparency, where users will be able to see and understand how their data is collected and applied for advertising; choice, which gives users greater control around “how they experience the web”; and control, where users can tweak data collection and application processes, including when it comes to ad personalization. The document specifically criticizes large-scale blocking of cookies, an approach being adopted by rivals like Apple, which Google believes will be a hindrance to publisher revenue.
• Google also published several additional posts around privacy initiatives Thursday, urging the web community to work toward new standards and recommending the creation of a “privacy sandbox,” where publishers and developers can deliver personalized content and ads while protecting user privacy.

Dive Insight:

Google has been under mounting pressure from regulators and consumers to be more proactive in protecting user privacy, while needing to reinforce that free web content often requires well-targeted ads to survive. The company has a vested stake in preserving this ecosystem as the largest digital advertising platform in the world, but the larger framework Google is proposing would fundamentally alter how online ad targeting works.

The new standards address how data is collected, the metadata accompanying every ad, a consistent way to identify companies involved in showing ads, a centralized registry of participating companies and a way to address practices that violate the proposed standards.

Under this framework, most individualized user data, such as a browsing trail, would stay in the device’s browser, while the data would be employed to assign that user to an anonymous, aggregated group of similar users. Ads would be targeted at that entire group of users — not to individuals. According to Google, this kind of arrangement allows “for your browser to avoid revealing that you are a member of a group that likes Beyoncé and sweater vests until it can be sure that group contains thousands of other people.”

Additionally, Google suggests that similar anonymized segments could help determine which users are trusted, possibly in conjunction with a separate Privacy Pass that’s being promoted by web security firm Cloudflare. Privacy Pass utilizes an encrypted token as a way for users to demonstrate they are human and not a bot, without revealing their identity or requiring they continually re-authenticate.

The initiative acknowledges that efforts by Google, Apple and others to diminish the role of cookies has generated several undesired responses. One is a greater use of device fingerprinting, where a device profile is based on the unique configuration of many small differences between users, such as the browser version, downloaded fonts and the particular device.

In the proposal, Google firmly sides against fingerprinting because users have no control over the use of their data with that method. One countermeasure the company highlighted is what a “privacy budget,” where the data revealed by a browser to a site will not exceed what’s needed to assign that user to an anonymized audience segment.

The other large consequence of anti-cookie efforts, Google acknowledges, is that it threatens the availability of free content on the web, which requires targeted ads.

Google said its research over three months with a randomly selected group of the 500 largest Google Ad Manager publishers found that, when no cookie was present, publishers had an average of 52% less revenue than when a cookie was present. For news publishers, no cookie meant 62% less revenue. With this in mind, the tech giant is now spearheading new efforts of finding ways to protect user privacy while supporting the availability of free, ad-supported content.

The proposed initiative arrives as the tech giant has finally agreed to version 2.0 of Transparency and Consent Framework from IAB Europe and the IAB Tech Lab, as reported in AdExchanger. The company had avoided formal acceptance of the initial Framework version, which establishes a user consent string that’s shared among publishers and digital ad vendors and is compatible with the European Union’s General Data Protection Regulation (GDPR).