Google's quiet CTV Play

I’m Alan Chapell. I’ve been working at the intersection of privacy, competition and advertising for decades and I’m now writing for The Monopoly Report. If you have a tip to share in confidence, ping me at my last name at Gmail or find me on Twitter or Bluesky.

Our latest Monopoly Report podcast is out with Jules Polonetsky and Doug Miller of the Future of Privacy Forum - we talk about the need for standards for data clean rooms.

Google’s change of heart on Fingerprinting

A few week’s ago, Google quietly announced a significant shift in their policy with respect to the use of probabilistic IDs within Google’s ecosystem. And soon after, the UK ICO took issue with the change.

For over a decade, Google’s policy was as follows:

The policy generated considerable confusion amidst inconsistent enforcement (e.g., the policy apparently didn’t apply to Flashtalking). But one thing Google DID manage to do was cement the notion that fingerprinting was “bad” - despite the fact that there really isn’t a widely agreed upon definition of the term fingerprinting.

Like most controversies in digital media, there’s usually a back story. With that in mind, here are a few relevant dates:

• In 2011, the W3C launched the Tracking Protection Working Group where the major browser vendors — at the urging of FTC Chair Jon Leibowitz — had agreed to work on a new privacy standard known as “Do Not Track” (DNT). I covered those events in previous versions of TMR newsletter. As browsers become increasingly frustrated with the perceived unwillingness of industry to submit, browsers took things into their own hands - which included blocking cookies.

• In August of 2012, the FTC announced a $22.5 million settlement with Google for “circumventing the Safari browser’s default cookie-blocking settings”. While the fine made headlines, the FTC for some reason didn’t actually preclude Google from monkeying with browser settings going forward. Nonetheless, Google used that enforcement action as rationale for proclaiming that THEY wouldn’t engage in fingerprinting - and the they wouldn’t condone it on their platforms and networks. Announcing a policy that nobody else is allowed to do the very thing that you just got caught doing is peak Google.

• May 2015, the the self-reg group NAI reportedly released a guide for members, explaining how its Code of Conduct would apply to the use of non-cookie technologies. (Note: I’m currently NAI board chair and was a member of the board in 2015). The goal of the NAI’s Beyond Cookies guidance was to help provide consumers with privacy controls for tracking that did not involve HTTP cookies given the browser community’s hostility to data driven advertising via cookies.

For nearly a decade, our industry has had in place a set of standards for data driven advertising without HTTP cookies that has been both: (1) somewhat well used (particularly if you include cross-device), and (2) blessed by an industry association that includes Google on it’s board. Nonetheless, the practice has been demonized by Google and prohibited by their platform terms.

That is, until 2025…

The WHY in three letters… CTV

Why did Google make this policy change? Google claims the shift was driven by two changes to the landscape:

• Changes to privacy enhancing technologies (PETs) - This rationale strikes me as a pretense. Don’t get me wrong… There’s certainly been lots of work in “on-device processing, trusted execution environments, and secure multi-party computation” around here. I’m hopeful that we will see more PETs being operationalized in ad tech. But I’ll also note that the three PETs listed by Google here are also used by the Privacy Sandbox and some data clean rooms - neither of which really need fingerprinting techniques in order to work. Also, the industry already had some PETs in place via the NAI Beyond Cookies guidance - a document that Google has implicitly rejected.

• Rise of new ad-supported devices and platforms - OK. But this isn’t really new, is it? The only thing I can say that is consistent about the digital media space is the fact that we are CONSTANTLY seeing new ad-supported device and platforms. Remember when mobile was the new ad-supported device/platform? (Btw, Google’s still plaining to kill the Android Ad ID, right?) Anyway, my point here is that this ALSO comes off as a pretext.

In fairness to Google, they do specifically call out CTV as one of these new ad-supported platforms. And I think that’s a good deal of the answer here. I wish they could just come out and say that. But everything with Google is revealed piecemeal and under a vail of fog. It’s like I’m back in college…

Anyway, my sense is that Google doesn’t want to cede the “open” CTV space to TTD or any of the others. Many of you agree with that position.

2025: the year privacy and competition break up?

Editors note: Over the last few years, the balance between privacy and competition law received more and more coverage - particular in digital media circles. I’m not big on predictions, but I do think 2025 will be the year we start to realize that the two concepts may have trouble co-existing under certain conditions.

Part of me wonders if part of Google’s goal here is to point out the impracticality of the positions being taken by the UK regulators (and other regulators as well). The Competition and Markets Authority (CMA) and Information Commissioner's Office (ICO) have each staked out a position when it comes to google and tracking technologies - partly in connection with the Privacy Sandbox. The ICO says that Google needs to be doing more to reign in bad practices and the CMA is wary of Google exercising to much control over competitors in a way that harms competition. Reconciling the positions may prove to be a rather difficult needle to thread.

What can we take away from this? (Other than exhaustion)

It’s a muddled mess (which mostly works in Google’s favor). Google is just so good at this game.

Let’s say you’re a C-level executive at a brand, agency or ad tech company trying to build out a strategy. Here’s the state of play:

1. 3P cookies in Chrome are going away, except they aren’t really.

2. While nobody agrees on the definitions, using fingerprinting techniques are really bad even with notice/consent, but they’re no longer prohibited…. EXCEPT that we’re fairly confident that IP protection (and Apple's "iCloud Private Relay") are still moving forward.

3. Google may or may not be moving ahead with TPC deprecation and/or the Privacy Sandbox and if they ARE doing those things they might be subject to a browser choice prompt.

4. The regulators in charge of enforcing these addressability issues either lack an appreciation of the nuances in play (as is the case with the ICO statement in my view) or (as in the case of the CMA as discussed here) has all but admitted defeat and exiled itself to Endor.

So… how are we doing getting the ID less solutions to operate effectively at scale?

What is likely to happen next?

I’d look out for another announcement this February where Google states:

1. That the IP protection component of the Privacy Sandbox will move up in the timeline.

2. That fingerprinting may only be used for isolated measurement scenarios; and/or…

3. That Google has built out a choice mechanism for CTV (at which point, Google will decry anyone without one).

Alan’s Hot Takes…

Here are a few additional stories that hit me over the past week:

• Apple’s Siri probably isn’t using your commands to target ads – Ad tech execs are often all too eager to demonize our critics as tin foil hat wearing crazies. But when it comes to Apple (and Google), why is everyone so willing believe what’s alleged in a class action claim? Lot’s of reasons to be critical of Apple - not sure this is a particularly good one. If someone can find proof that Apple was using Siri commands to enable targeted ads, I’d love to see it. My favorite aspect of this case is that it gives one hope that there are actual consequences to spoiling evidence during a legal proceeding.

• Meta’s AI generated bot profiles - Is this really new? I remember similar techniques were used by most online dating sites back when I was single. Jokes aside, let me ask: is the problem the fact that the AI bots don’t quite work yet, or is the problem that most people want to believe their connecting and networking with humans? At some point, the use of AI generated profiles completely blows up the notion of a unique user. If/when that happens, privacy might be the least of our concerns.

• TikTok Ban arrives a SCOTUS’ doorstep - Matt Schettenhelm lays out the various scenarios. My guess is that the Supreme Court temporarily kicks the can via an administrative injunction. It will be really interesting to see President Trump’s response if they don’t. I for one can’t WAIT to see the episode of Shark Tank with TikTok CEO Shou Zi Chew.

• Wanna meet the digerati? - If you’re in NYC on Jan 16, try to attend the TD Foundation annual gala. It’s filled with OG digital media peeps - so lots of great networking. But it’s also for a fantastic cause. If you’ve NEVER been to a TD Foundation event, DM me. Sixth person to reach out gets a free ticket on me.

If there’s an area that you want to see covered on these pages, if you agree/disagree with something I’ve written, if you want tell me you dig my music, or if you just want to yell at me, please reach out to me on LinkedIn or in the comments below.