Google Ads will now use a trusted execution environment by default

If the digital advertising ecosystem is to reach a new stage of privacy awareness, advertisers must better manage their first-party data.

One aspect of this evolution is the idea of ​​trusted execution environments (TEEs), which are new cloud-based ad exchanges that help match first-party and browser data sets for targeting and measurement. Because the owner of the first-party data is the only entity authorized to access and derive insights from the TEE, there is less risk of data leakage or data sharing between companies, which is typical with software technologies.

On Thursday, Google Ads announced a new TEE-based feature called Confidential Matching. Confidential Matching uses TEE built on Google Cloud infrastructure to create an isolated compute environment for ad targeting and measurement.

Confidential Matching will now be the default setting for all uses of Customer Match advertiser first-party data across the Google Ads platform, including through the Google Ads Data Manager. The solution is free for all Google Ads customers and does not require advertisers to enter into a separate agreement with Google Cloud.

How it works

As Kamal Janardhan, senior director of product management and ad measurement at Google Ads, said, TEE’s confidential matching mechanism works a bit like a house where only the advertiser has the key.

“You have an encryption key that is owned by the advertiser, so no one, especially the infrastructure provider or Google Ads, which is the entity that facilitates the infrastructure, has access to any of the data,” Janardhan said.

Existing Google Ads customers do not need to change anything to start using this feature. Google Ads will automatically apply the new TEE-based security features once an advertiser connects their first-party audience data.

Janardhan added that in a few months, the security features will also be applied to Google Ads Enhanced Conversions for the web. Enhanced Conversions is an optimization feature that sends hashed signals from an advertiser’s conversions, such as landing page clicks, to Google Ads to provide clearer attribution and more effective campaign optimization. Google Ads does this by supplementing the advertiser’s data with its own logged-in data to improve attribution.

But most importantly, advertisers don’t get any user-level information when the audiences or actions they’ve measured are linked to specific Google identifiers, Janardhan said. Advertisers only get aggregated conversion reporting, which is all that’s really required for measurement, she added.

Because confidential matching is intended only for first-party data, it is not compatible with matching using third-party cookies.

Advertisers can, however, use first-page audience data derived from third-party identifier matches, such as LiveRamp’s RampID or The Trade Desk’s UID2 — as long as such signals are based on data collected in the context of the first page and clients share the data directly with the advertiser. And Google Ads would have no visibility into what ID solution was used to create that audience data, Janardhan said.

She also added that while the confidential matching product and Chrome Privacy Sandbox use TEE for similar purposes, the Google Ads solution is not directly related to Chrome’s Privacy Sandbox initiative.

Supporting best practices

Google hasn’t been doing its best when it’s been working alone lately, so it’s partnering with the IAB Tech Lab’s Privacy Enhancing Technologies Working Group to develop best practices for using TEEs.

As Janardhan said, part of TEE’s best practices includes certifying that the solution is working as intended and that advertiser data is being used only for its intended purpose. Google Ads provides this certification through reports provided to advertisers through the platform’s user interface.

Google Ads also makes the TEE architecture publicly available, with the source code available under an open-source license on GitHub.

“The reason we put the code on GitHub and started the (Tech Lab) partnership is expediency,” Janardhan said. “We wanted to get (attestation features) to customers as quickly as possible, so this reference architecture could allow you to build it yourself if you wanted to.”

When asked if Google Ads envisions ad tech companies using the architecture to build TEE-based alternatives to Google Ads or other ad platforms, Janardhan said that “vision-wise, she’s open to all those flavors.”

However, she added that the goal of making the TEE architecture open source and partnering with the IAB Tech Lab is to promote industry best practices for broader TEE adoption.

“This technology (would) establish standards for how data is handled safely,” she said. “Advertisers could enter their data, and you don’t learn anything new just because you’re a particular (technology) provider.”

The solution also places an emphasis on injecting first-party data into Google Ads Data Manager in a way that doesn’t require any technical effort or investment from the advertiser to make it available to advertisers of all sizes, she added.

“The idea that you should pay for privacy is actually a disservice to the advertising business model,” she said. “It needs to be built into the system, and it needs to be done in an open ecosystem way.”