Google exec on company's privacy philosophy: ‘FLoC will evolve – there will be other birds’
The Drum quizzes David Temkin, Google’s director of product management for ads privacy and user trust, about all things privacy.
David Temkin, Google’s director of product management, ads privacy and trust, talks privacy
Google, the tech giant whose decision to phase out third-party cookies in 2023 has brought the ad industry’s reckoning over consumer data to a head, has also been among the most influential forces in shaping the future of cookieless advertising. Early last year the company introduced Privacy Sandbox, its proposed framework for privacy-centric advertising sans third-party cookies.
The various components of the proposed solution – many of which remain in various stages of testing – have been met with mixed responses. While some hold that Google’s Privacy Sandbox offers genuinely privacy-safe alternatives for targeted advertising and ad measurement, critics have argued that it doesn’t go far enough in protecting user privacy.
Here, we catch up with David Temkin, Google’s director of product management, ads privacy and trust, who shares his perspective.
What does user privacy look like to you?
Let’s talk about what we mean by ‘privacy,’ because there is no hard and fast definition on the regulatory basis, on a man-in-the-street basis or on a tech company basis. But there are a few things that people do agree on. For example, it’s a generally-accepted practice – for a lot of good reasons – that if you were to go to, say, cnn.com, and you click on a link, and you click on another link, and you’re viewing articles related to health, that CNN would be expected to collect those clicks, and hold them and do something with them, and maybe present you with personalized content based on them. And the reason that that is considered to be OK is that it’s perfectly obvious to the user they’re interacting with. It’s intuitive that you know that when you’re looking at cnn.com or the CNN app, they’re receiving your information. It’s just perfectly clear.
[It becomes an issue] when that app is being [opaque with] the user, especially [in sharing that information with] third parties that the user can’t see. Most adtech might have a presence on the webpage for various reasons, and they are siphoning out data from that browser or that app, collecting it on the back end in a way that a user can’t see. And that gets to the core of what we’re talking about ... There is a general consensus [that is] strong with users and well established across the industry ... that tracking is undesirable. It makes users uncomfortable. We do not want to see a further degradation in trust for ads. In addressing the question of, ‘What do people mean by ‘privacy’?’ The core element is tracking.
Now, there are other aspects to privacy. I would argue that privacy is kind of subjective – it’s what the user feels. Do they feel that they understand where their data is going and what it’s being used for? [Do they know] if or how it’s being shared? Why did I get this ad? Who delivered it to me? So, there’s a little bit of ... ’give me more transparency.’ And then there’s the flip side of it: control. Do I want my ads personalized? Or if I do, what topics? Do I want to see what categories might be sensitive [and block those]? [It comes] down to the user: does the user have a sense that their data is being used fairly? Do they understand who’s using it and for what purposes? So, tracking a key component of it, but I think it’s broader. It’s more of a subjective feeling on the part of the users. And there are a lot of angles that can be used to improve the sense of privacy beyond material data privacy.
The definition of privacy is an important question. And that plays a major role in how Chrome and we collectively are approaching the Privacy Sandbox and private advertising in general. It’s not that the Privacy Sandbox will make it completely and totally impossible to track a user. But it provides mechanisms for advertisers to achieve the same results without tracking users. And at Google Ads – as distinct from Chrome – when third-party cookies are removed, we will not be tracking users as they browse across the web. We also will not be working around ... the removal of third-party cookies to create some other thing. We see [cookie workarounds] as a central element that needs to be tamped down on in order to kind of lift up user trust in advertising and in the digital ecosystem in general.
So, how is Google thinking about balancing this kind of privacy with the demands of advertisers?
When we look forward to the privacy-transformed internet, we see the need for [an ecosystem that] works for marketers, for publishers and also for users. And so when you look at the advertiser versus user piece, the main source of tension is there on data. Users are uncomfortable with how their is data being used. It’s not really on the level of, ‘Am I receiving ads and are they useful to me?’ Relevant ads are of service to the user. The reason that [a relevant ad] is more valuable than an ad that isn’t relevant is that it [has been proven] more relevant to the user – they clicked on it.
We’re looking to make advertising both private for users and effective from a monetization and marketing standpoint. We don’t see [it as] two worlds that shall never coexist – we think that we have the right recipe to bring them together. And hopefully we can lead the industry into that endpoint.
Privacy Sandbox is a technology that Chrome is working on with the rest of the web community, [including] World Wide Web Consortium (W3C) and the adtech community, to create a new standard that allows for the core adtech use cases to be realized without violating user privacy. ‘User privacy’ in this situation is defined as, ‘We don’t want to be tracked across websites; we don’t want to share personal information unwittingly.’ So the core advertising use cases that are addressed by this are a set of cases that relate to targeting interest-based advertising, remarketing, measurement and, finally, fraud. Those are the core ad use cases. There are a lot of details under the hood of each one of those, [but this is] the center of what makes adtech useful and what makes ads relevant and economically viable. There will be some set of long tail use cases that cannot be accomplished using this technology, but the intention here is to transition the business as it is currently structured, while being privacy-respecting, into this new world.
But Google Ads has a sort of a portfolio approach to privacy. There are other things that we’re doing within Google Ads to support publishers and effective advertising. [For example,] better harnessing of first-party data is critical to what we’re doing. We think that’s underleveraged right now, and we’re introducing a set of new offerings that will permit publishers to interact with advertisers that they have direct relationships with to add value to their own sites. That’s an example. There will be more [product development] coming down the line.
You expressed that you’re confident that tools within Privacy Sandbox will prove as effective, if not more effective, than current tracking-based methods for advertisers. What do you mean by that? Can you share any performance data?
I don’t have any data of that form, but I will say it’s still early stages. Chrome delayed the elimination of third-party cookies until the end of 2023, and the intention behind that was to allow for more iteration and more feedback.
If you look at how Chrome works, it is part of the web community. Its development is done as part of an open-source collaborative process [with other companies]. It’s all driven toward, ‘Can we create standards that make this work?’ Like, the reason that you can go to a certain web page in Chrome, Firefox and Safari and see the same thing is that they’re built on the same standards. And the reason that works is that on the web, development ... is kind of like writing software in a fishbowl. There’s a ton of feedback and iteration that goes through that.
And when you look at something like Google’s Federated Learning of Cohorts (FLoC), FLoC is not a product – it was a proposal. And a lot of feedback has come in. Not everyone’s happy with it. But that’s how [the process of development is] supposed to work. And it may not be the case that everyone’s going to be satisfied in the end – but that’s partially because there is no clear definition of privacy. But we have a certain conception of [privacy] that we believe is mainstream, and it’s conforming with what users believe and what most of the industry believes. And we do believe that, in the time allotted ... the technology available to the industry can deliver the kind of results that we’re talking about: preserving the mainstream advertising use cases, while making them private, and preserving the effectiveness of them. Again, you should expect some iteration here. FLoC is a proposal – it will evolve. There will be other birds. There are already a lot of birds.
There are a lot of factors shaping the future of the web right now. The metaverse is one of those things. What does privacy look like within the metaverse? And will other movements, such as crypto and NFTs, impact advertising and your vision for a more private digital ecosystem?
Zooming out a bit, Google wants to support an open, thriving internet. And we believe that advertising has a critical role to play in supporting such an entity. I don’t think any of these things – such as the metaverse or crypto – are going to remove the role that advertising will play in this open internet. Now, should users choose to immerse themselves in a virtual reality and that becomes the nature of the internet, modes of interaction may change. They did when we shifted to mobile.
Could crypto play a role in this? It’s possible. Will crypto eliminate advertising? Absolutely not. Crypto and advertising could be combined in various ways, as the metaverse could be combined [with advertising]. It’s hard to see how this plays out, but you’ve got one invariant here: an open internet depends on the ability of publishers and app developers to monetize their sites in ways that don’t require user payment. And it’s not really specific to the mode of interaction. So we’ve already seen one big shift in the internet to mobile apps. Could others occur? They could. I’m probably not the guy to ask about that. But I can tell you that no matter how it lands, you will see advertising play a role.
In the background of this digital evolution, there’s a lot happening on the regulatory side of things. China and Saudi Arabia are the latest to pass comprehensive, GDPR-like laws, but countless countries and US states are in the process of proposing and passing their own consent-based consumer data privacy laws. How will these changes impact what Google is doing?
A lot of these are playing out over time. Some of these are new regulations and some of them are changing interpretations of existing regulations. So for example, there are regulations involving kids in ads or that at least affect kids in ads. One example is the UK’s Age-Appropriate Design Code. There are successor regulations that will apply in a broader geographical context and there are discussions of doing the same in the US. Another regulation that has existed for some time is EU’s Data Protection Directive, which is one of the factors [that led to] a website ... telling you to accept cookies. That, too, is an ever-evolving set of interpretations, and an ever-evolving set of legal frameworks. We’re tracking all of that.
[In general,] I think anything that drives forward a user-favorable way of interacting with the web is something that we’re on board with. We of course are also interested in preserving effective advertising. One thing to think about with these is: are the results of these regulations protective of users? Do they add friction to the user? We hope that ... we can ultimately get to a place where the internet works a little bit like the way it used to: click on a website, go to another website, click on another website, go to another website. Right now, it’s a little different from that with all the consents and the opt-ins, but opt-in as a philosophy for gaining trust from the user – and not just opt-in, but opt-in that users understand – we see as important.
Beyond the lawmaking component, enforcement agencies are cracking down on anti-competitive business models and data practices that might be illegal. Earlier this year, the UK’s Competition and Markets Authority (CMA) even launched an investigation into Google’s Privacy Sandbox browser changes. How is Google approaching that situation?
In terms of the CMA ... it’s not just that there’s a regulation and we need to comply and we can provide input on it. There’s a general concern about the Privacy Sandbox and CMA wants to make sure that everyone’s on a level playing field and that we’re not advantaging Google Ads and that there’s not some kind of unfair linkage between Google Ads and Chrome. We operate fairly separately – I want to emphasize that.
The important thing here is that we’re actually working with the CMA collaboratively. They will be participating in the assessment of the Sandbox as it goes forward. For example, they’re going to take a look at what we are doing with testing. What are the results of testing? What tests are we [using] to determine advertising effectiveness of the Privacy Sandbox? That’s part of it. And they’re also asking [us to clarify] our use of data. We made a set of announcements earlier this year. Effectively, the CMA commitments encode those – we’re very comfortable with those ... They’re part of our commitment to not track users fundamentally and to separate what goes on at Google from the rest of the web. So you’re looking at a model there where there’s a certain amount of collaboration and consultation. Other parties can weigh in. And this is sort of novel. And hopefully it helps.
Our interests are aligned [with CMA] in that we want the entire web and all of adtech to be on a level playing field here ... Privacy Sandbox – and its design, its intentions – needs to be something that supports the web as it is, not just the big players. What makes the web so valuable is that there are millions and millions of websites. And our incentives, I think alone among big tech, are aligned with a thriving and open web.