In its latest report to the CMA on the progress of its Privacy Sandbox project, Google has admitted that some significant functionality barely works and that it won’t even commit to using the technology to power its own ad systems. This frank admission of failure appears to put yet another nail in the coffin of a project that has been endlessly delayed by legal challenges and the competition-distorting nature of Google’s designs.
The most glaring admission of defeat comes from Google’s own testing of its Sandbox Attribution Reporting API (ARA), which is intended to measure the effectiveness of digital advertising. According to their own numbers, as many as 85% of advertising conversions reported by the system were inaccurate by 60-100% when compared to the same conversions as measured by cookies. This level of error would imply that the system is effectively useless as a tool for meaningful measurement of results.
Fig 1: Effectiveness of Google’s Attribution Reporting API (ARA) for view through conversion (VTC) tracking. APE represents Absolute Percentage Error. (Source: Google Marketing Platform Non-O&O/Display ARA E2E CMA Test Study)
Perhaps more shockingly, Google also admits in the report that it doesn’t intend to solely use Privacy Sandbox itself if and when the technology were to be deployed. According to the report, ‘Google intends to use a portolio approach to addressability, which will include the Privacy Sandbox technologies’ (p3, General feedback). For Google to admit that its Sandbox is inadequate for its own needs, whilst attempting to force it on an unwilling industry, seems to be the height of hypocrisy.
The CMA declined to issue its customary report for the period covered by Google’s latest document. Importantly, this marks the first quarter Google has not been told it is in compliance with the CMA Commitments requiring it to revise the designs of its Sandbox in a manner that would not distort competition. Google has continually refused to listen to ICO and CMA feedback which has repeatedly rejected Google’s assertion that distinguishing between first and third-party storage files is a meaningful criteria to evaluate privacy risks.
However, its clear to any reader that – even putting aside the competition issues inherent in the technology – that it remains a fundamentally flawed project.