Google updated its ad platform policies this week to “reflect the latest evolutions in technology and meet our partners’ needs and users’ expectations.” Doesn’t sound too controversial, right? Well, read on, friend!
The juicy piece of the update reads:
At Google, we have already been using these signals responsibly to fight against spam and fraud for years. Now, with new innovations like PETs to mitigate risks, we see an opportunity to set a high privacy bar on the use of data like IP. We can do this by applying privacy-preserving protections that help businesses reach their customers across these new platforms without the need to re-identify them. And because we’re looking to encourage responsible data use as the new standard across the web, we’ll also partner with the broader ads industry and help make PETs more accessible.
Basically, Google is saying, with the advent of PETs (privacy-enhancing technologies), there is more of an opportunity to use IP addresses in CTV ad-targeting. (And maybe elsewhere?)
The UK’s Information Commissioner’s Office (ICO) responded loudly with concerns that the change essentially means it’s OK to “fingerprint”—a type of online tracking that relies on collecting unique device attributes, like IP addresses (!), which aren’t easily erased or controlled by users.
Obviously, Google’s blog post doesn’t explicitly say “fingerprinting.” But the ICO argues that allowing IP addresses to be used with PETs could effectively enable fingerprinting under the guise of privacy.
Why This Matters:
Device fingerprinting involves gathering information about a device’s hardware and software (e.g., browser type, operating system, IP address, etc.) to create a unique ID. Unlike cookies, fingerprinting is harder for users to control or erase, which speaks to ICO’s privacy concerns.
Google’s position, however, is that PETs, like on-device processing, can effectively obscure or anonymize data, like IP addresses, making them safe to use for targeting. Google is framing IP addresses (plus PETs) as an important tool for reaching audiences and measuring campaigns on platforms like CTV.
Marketecture’s Ari Paparo highlighted the competitive reasoning behind Google’s policy change, describing it as “giving themselves a hall pass for using IP addresses in CTV, as long as it is obscured using PETs.” He noted that Google’s CTV business is behind competitors—think The Trade Desk—which already use IP addresses. “This is an opening” for Google, he adds.
(If you thought that Apple was the only company capable of weaponizing privacy to grow its ad business, think again!)
Experts React:
Here are some of the more insightful tweets about the policy change and the ICO’s response:
Our Take:
Government agencies are good at framing privacy concerns about technology companies, aren’t they? Terms like “surveillance advertising” or “fingerprinting” resonate with the public. They are jarring and scary. The headlines speak for themselves. (See here and here.)
If you take a step back and breathe, Google would argue that its emphasis on PETs reflects a privacy-forward approach to using data signals like IP addresses more responsibly.
This raises an important question: as privacy technology improves, could that also allow tech companies to collect and process traditionally “sensitive” data under the belief that these new tools make it safer to do so? If the security tech is better and widely available, probably.
