Link to home page
Link to home

News from the open internet

Opinion

Google never cared about privacy

Cursors flying into a large browser window with an open sky, blocking smaller windows colored in red, blue, green and yellow.

Illustration by Robyn Phelps / Shutterstock / The Current

Among the thousands of Google internal documents made public during the U.S. v. Google ad tech antitrust case, there’s a bit of back and forth between two Google employees from September 2020 that seems to give window into the company’s thinking.

One employee wrote that he received “feedback from PS [Privacy Sandbox], we should avoid direct mentions of sign-in and email consent in our MSA to align with the negotiating strategy where we will not be specific about our alternative approach for measurement and attribution."

The other employee replies, "Start a ping with history turned off." This short exchange is only a small bit of communication between two employees, so we don’t know the full context. With the “history turned off,” no written record of the rest of the communication exists. The resulting secrecy means we do not have more documented discussion about the “alternative approach,” being discussed. But these messages could be a clue about Google’s strategy.

Google owns nine products with over 1 billion monthly active users — all of which typically only function properly only when we're signed in (I wonder why). No other company has nearly as many signed-in users. At the time messages between the two Google employees were exchanged, Apple had announced that an iOS 14 update was scheduled for that month and that the update would make Apple deviceIDs much harder to access. The messages seem to reveal Google's apparent intent to use sign-in for tracking. That would have been big news, were it public. It should be big news now. Perhaps Google wasn’t as concerned about user privacy as it claimed to be. That’s what history suggests.

Chrome cookie deprecation was announced just nine months prior to the quoted chat. Without real concern, the content of that announcement looks like a pretext for an extremely ruthless strategy: crippling nearly every competitor in digital advertising by monopolizing measurement.

Google had done this before and gotten away with it. Almost nobody paid attention in 2016, when Google executed what we now know (thanks again to civil investigative demands for Google internal communications) as Project Narnia: The merger of Google's search and website tracking under a unified Google ID. What an odd thing to do the same year the General Data Protection Regulation (GDPR) becomes law, right? It didn't make enough sense to worry about at the time.

Then, in 2018, when GDPR took effect, Google redacted the DoubleClick user IDs from its bid logs, because — due to Project Narnia — they contained personal information. Every other demand-side platform’s (DSP) user IDs remain in their bid logs to this day, because those user IDs are just random strings of text, not linked to our names or personally identifiable information. With Project Narnia, Google gave itself an excuse to break the entire chain of anonymous ID interoperability, citing privacy concerns. With ID interoperability destroyed, so went the then-thriving market for custom multi-touch attribution. Performance measurement has been based on Google last-touch or nothing ever since.

The threat of Chrome cookie deprecation harmed the ad tech industry much more than has been reported. I was personally told by more than 50 software investors they were staying away from ad tech until (as one put it) "the whole cookie thing shakes out." Most of the ad tech startups that did see investment in the period between 2020 and 2024 were focused on addressing cookie deprecation. We might never know what innovations would have been launched. There have been zero new DSPs of note. The market has been frozen. The primary beneficiary of the freeze was Google, whose annual revenue surpassed $200 billion in 2021 and $300 billion just two years later.

During the same two years, Google assumed the role of privacy regulator, claiming its ad businesses would be subject to the same privacy rules as everyone else. We’d all play nicely together in their Privacy Sandbox.

It was a bit of a tell how the DV360 product team demonstrated zero sense of urgency around making it easier for some buyers to test Privacy Sandbox, let alone releasing test results to prove it worked. The Chrome cookie deprecation delays, the inability of any ad tech expert or observer to convincingly explain how Google could possibly regulate itself — all of these deserve renewed scrutiny, given what we now know.

The topic of ad analytics has been mostly absent from both Google antitrust trials. Yet measurement is where Google has arguably hit competitors hardest. Advertisers’ inability to move away from clicks and last-touch hinders all display. It harms brands that focus on upper-funnel KPIs, it harms publishers that provide quality pages and programs, and it frustrates the hell out of everyone who cares about ad effectiveness. Measurement standards are empirically bad, and they are dominated by Google.

It’s time for industry leaders to assert the truth that measurement is not a privacy issue —Google is wrong. The analytics required to quantify ad effects can be anonymous and aggregated to protect consumers without Privacy Sandbox. The road to ad tech innovation runs through advanced measurement. Too often, it’s blocked by privacy concerns that can be traced back to claims Google made but did not appear to really mean. Ad measurement alone is not invasive. Using privacy as a weapon against its competitors worked for Google for too long, and it’s time to make it stop.

This op-ed represents the views and opinions of the author and not of The Current, a division of The Trade Desk, or The Trade Desk. The appearance of the op-ed on The Current does not constitute an endorsement by The Current or The Trade Desk.