Criteo has some good news and some bad news about the Chrome Privacy Sandbox based on its most recent tests.
Bad news first: If Google were to shut off third-party cookies today and implement the current version of the Privacy Sandbox, publishers would see their ad revenue on Chrome tank by around 60% on average.
But the good news – or, at least, the less bad news – is that the Privacy Sandbox can become a workable alternative to third-party cookies for advertising purposes if Google agrees to make important modifications, said Todd Parsons, Criteo’s chief product officer.
“On the back of our very rigorous testing, we’ve made specific requests of Google to improve the configuration of the APIs,” Parsons said. “So, not net-new things, but rather taking the product as designed and tweaking it in a non-breaking way, which could bring us a lot closer to a minimally viable product.”
That’s a very different take on the Privacy Sandbox than the one espoused by the IAB Tech Lab in its analysis of the APIs released in February. At the time, Tech Lab CEO Tony Katsur called the Privacy Sandbox ineffective, not robust enough to support most basic digital advertising needs and, in some cases, “simply dysfunctional.”
Stress test
But Criteo wouldn’t have devoted so much time and so many engineering resources to Privacy Sandbox testing if it didn’t think the concept had merit, according to Parsons.
“Otherwise, we would have stopped investing a long time ago,” he said.
Criteo was one of the earliest Privacy Sandbox testers going back to 2021, when the APIs were still named after birds.
Its most recent battery of Sandbox testing, released on Thursday, took place between mid-March and mid-May and was conducted across nearly 18,000 advertisers, 1,200 publishers and 100 million weekly ad impressions.
Criteo analyzed three groups: one for which third-party cookies were removed and the Privacy Sandbox was used in conjunction with contextual targeting and publisher first-party data, a control group where third-party cookies were used without the Privacy Sandbox and a second control group that used only contextual targeting and first-party data.
What did Criteo find?
Slow your roll
The results, at first blush, are alarming.
In addition to uncovering that colossal 60% dip in revenue on Chrome for publishers without access to third-party cookies, Criteo also observed a more than 100% increase in load time for ads rendered on Sandbox traffic.
And on top of that – FYI to the CMA – Criteo found that the Privacy Sandbox creates an enormous advantage for Google’s advertising business, including putting Google Ad Manager in a position to boost its market share from 23% to 83%.
(Criteo did, of course, share its report with the UK’s Competition and Markets Authority, whose job it is to assess whether the Privacy Sandbox APIs create competition risks.)
One thing that would help level the playing field at least somewhat, however, is if everyone in the online ad ecosystem, including publishers and other ad tech vendors, would engage in more rigorous testing, Parsons said.
Many ad tech vendors have still only done “light” testing, he said, and publisher adoption of the Privacy Sandbox remains below 55%.
It’s not surprising, though, that testing has only happened in fits and starts across the industry, considering Google’s multiple third-party cookie deprecation delays, the lack of a detailed road map and the fact that companies must adapt their entire advertising infrastructure to a complicated new developer toolkit.
“We rebuilt our entire performance pipeline – not just the auction and bidding components, but also the targeting components, product recommendation components, creative and measurement,” Parsons said. “I mean, we literally re-architected our pipeline end to end.”
The hope is that Google will reciprocate this effort by re-architecting the Privacy Sandbox APIs based on feedback.
And there’s precedent for that. According to Parsons, Google has implemented Criteo’s ideas for Privacy Sandbox changes in the past, including adding a server-side component to the Privacy Sandbox and other tweaks that eventually led to the replacement of FLoC with the Topics API.
Criteo’s latest suggestions fall into four main buckets: performance features, ways to create more valuable audiences, what Criteo refers to as “critical functionalities” that prevent fraud and ensure transparency, and governance-related callouts to make the rollout more efficient and organized.
[Click here for a full list of Criteo’s proposed changes.]
All of Criteo’s proposed modifications – including a change to PAAPI’s auction integrity to prevent bid tampering and a clearer connection between the deprecation of third-party cookies and the adoption of the Android Privacy Sandbox – are in the spirit of helping Google release a version of its product that won’t totally disrupt the online advertising ecosystem.
Because, as is, the Privacy Sandbox – which is arguably “the biggest product rollout in ad tech history” – is simply not fit to be released, Parsons said.
“I’ve never shipped a product that, for example, is working at a 60% deficit to an alternative,” he said. “I probably wouldn’t have my job here if I did.”
Updated 6/27/24 @ 3:15 p..m
A Google spokesperson shared a statement responding to Criteo’s report:
“We are encouraged to see companies building with the Privacy Sandbox and other privacy enhancing technologies. But it’s not possible to predict publisher performance based on effectiveness of a single buying platform, as publishers typically work with dozens of demand sources. In addition, we expect performance numbers to evolve, and they currently don’t reflect how the overall ecosystem will perform in a true marketplace – which won’t exist until adoption expands alongside third-party cookieless traffic. We look forward to the ecosystem continuing to share valuable insights and feature requests for Chrome and the industry.”