Operation TURTLEDOVE: How Could TURTLEDOVE and FLEDGE Change Remarketing?

Estimated Reading Time: 10 minutes

Much has been discussed recently about Google’s FLoC proposal and the initial testing phase it has entered. While FLoC is one method from the Privacy Sandbox which can be used to serve targeted advertising in a world without third-party cookies, another proposal, TURTLEDOVE, provides an alternative approach meant to satisfy the classic “remarketing” use case. 

For those unfamiliar with the proposal, TURTLEDOVE stands for Two Uncorrelated Requests, Then Locally-Executed Decision on Victory. While TURTLEDOVE is more of a conceptual proposal, its first iteration, FLEDGE, is the technical first experiment meant to begin satisfying targeting requirements. Let’s dig in further to explore the proposal and what we as marketers need to know.

FLEDGE – First Locally-Executed Decision Over Groups Experiment


Deliver personalized advertising based upon previous interactions a user has had with an advertiser or ad network in a privacy-safe way. 

Core Concepts

  • “Interest Group” – a collection of people whom an advertiser or their ad network believes will be interested in seeing some type of ad
  • Three type of Interest Group owners
    • An advertiser (classic remarketing)
    • A publisher (monetization of their users/first-party data outside of their own ecosystem)
    • Ad tech (platforms creating audiences based upon activities of users across the web indicating users are in the market for some type of product/service)
  • Buyers are interest group owners (i.e. those buying an ad impression)
  • Sellers are the party running an ad auction (i.e. the publisher who owns the ad inventory where the impression will happen)
  • Ad bidding and selection process happens in the browser as opposed to ad servers

Traditional “Pre-Privacy” Solution

Today, this type of personalized targeting relies on the use of cookies (both first-party and third-party). The first of the use cases is the classic remarketing use case. A user views a particular product on a website and adds that product to their shopping cart but does not purchase. The company then shows ads for that product, and potentially includes a special promotion, in order to influence them to return and complete their purchase. 

When a user enters the website, a first-party cookie with a unique identifier is set up that collects behavioral information for users of the site. Based on this information, you can create an audience group of individuals with the defined observed behavior to create a list of users (and their associated cookies) whom you want to target. This list of users is synced with advertising platforms in use and also running on the website. These advertising platforms are maintaining a table matching their third-party cookie IDs with your first-party IDs to be able to then identify the defined group within their system running across many other sites on the web. As users are interacting with other publisher websites containing ad inventory, the advertising networks are able to use their third-party cookie IDs to identify specific users (in our created remarketing audience) and allows you to target those users accordingly with ads for the products they have abandoned.

Other examples of this type of targeting would be when advertising technology companies create audiences which indicate a group of users they believe are in the market for a type of item. Through the use of third-party cookies and their tags being loaded/injected into many sites across the web, they are able to build profiles of users based upon sites they visit and products they are viewing. Thanks to these browsing behaviors, they can then create lists of users (and their associated cookie IDs) whom they believe to be interested in a particular type of product. 

As an advertiser, you can then target users, through the ad technology networks, by defining audience activities that you want to show your ads to. For example, maybe you want to show your ad to users who have read an article on a certain subject and also have viewed products in your category within the past two weeks. Ad networks which have this observed behavior can then allow you to target users who have done these specific actions. All of the targeting and audience creation is done through the use of cookies today.

When third-party cookies go away, there is no “key” value which can join first-party audience identifiers with identifiers for those same users across other websites. These traditional targeting methods therefore are not able to be accomplished without a privacy-safe alternative. The TURTLEDOVE / FLEDGE proposals are a proposed first-step in solving for this use case without third-party cookies.

How the “Post-Privacy” Solution Works

Core Components

  • Ads are able to be targeted against interest groups instead of individual IDs
    • Browsers record interest groups that have been joined
    • The placement of a browser in an interest group is done via an operation on the website being visited. Placement in an interest group requires permission of the site being visited and the interest group owner.
      • Interest group owners can be 
        • An advertiser (classic remarketing) 
        • A publisher (monetization of their users/first-party data outside of their own ecosystem)
        • Ad tech (platforms creating audiences based upon activities of users across the web indicating users are in the market for some type of product/service)
      • Interest group duration is capped at 30 days unless membership is “refreshed” by re-placing the user in the group – would require the user navigating to a page(s) where placement is occurring
    • Interest group information stored on the browser includes the group, group owner, ads to be shown to that group, and additional metadata to be used in the on-device auction (bidding information/logic)
    • Browser provides protection against micro-targeting by only rendering an ad if it is being shown to a sufficiently large number of people (k anonymity threshold). This applies only to the rendered creative.
  • Sellers run auctions (process determining which ad to be shown for each impression) on-device in the browser
    • Sellers are the party running an auction
    • Buyers are interest group owners
    • Sellers determine which buyers can participate and which bids from the buyer’s interest groups are eligible to enter the auction
    • Sellers responsible for the auction logic – determination of highest “desirability score” (function of bid price and metadata)
    • Sellers perform reporting on the auction outcomes
  • Buyers provide ads and buying functions
    • Buyers are interest group owners
    • Buyers choose if they want to participate in an auction
    • Buyers pick a specific ad and enter it in the auction along with the bid price and metadata associated
    • Buyers perform reporting on the auction outcome
    • Browser fetches trusted bidding signals using server end-points defined in the interest groups
    • On-device bidding occurs
  • Browsers render the winning ad
    • Rendered in a “Fenced Frame” – new mechanism allowing for a document to be embedded but unable to communicate with the surrounding page (privacy goal being that sites cannot learn about their visitors’ ad interests). Also will not allow network access in the future.
  • Event-level reporting provided (for now)
    • Logging and reporting on the auction outcome is sent to both the seller and the buyer
    • Temporarily these functions can send event-level reports to their servers. Eventually reporting needs to be done in such a way that reporting cannot be used to learn the advertising interest group of individual visitors.

Current Status of the “Post-Privacy” Solution

There are many different moving parts to this proposal. Some of which are more currently viable than others with some still in the conceptual design phase. Chrome’s stated intent is to allow for early experimentation with a “Bring Your Own Server” model for the process of providing buying data for on-device decisioning. Ultimately, this will need to shift to a “trusted server” approach. This early experimentation is expected to be available in 2021.

Relevant Privacy Regulatory Considerations

While this approach will not rely on cookies and will preserve user anonymity by offering protections to only target/profile against a group as opposed to an individual, it still involves the accessing of the user’s device. The core component here, placing a user in an interest group, requires placing information in the user’s browser. Conceptually, it would follow that this would still fall in the scope of ePrivacy Directives and associated consent requirements for EU users. Since the data shared/processed theoretically with a third party is not individual in nature, it could conceivably fall outside the scope of “personal information” as defined in the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), as well as “personal data” as defined in General Data Protection Regulation (GDPR). As such, there may not be restrictions under those pieces of legislation. That said, there are special call-outs for profile data which could fall in this scope. It will be interesting to see how regulatory bodies interpret and the guidance provided with respect to consent and opt-out surrounding this proposal.

What an Advertiser Can Do Today to Prepare

As these solutions are still in development, there are not a lot of tactical actions to be taken today to prepare for this solution. 

The one major difference between how this type of advertising personalization happens today vs. how it will work once these solutions become available is the pre-planning that will be necessary in order to place a user in an interest group. Today, remarketing audiences can be created based upon past observed actions. You can create these audiences on the fly and place a user within the audience after they have interacted with your website. 

With the TURTLEDOVE/FLEDGE approach, users must be placed within the interest group when the interaction happens. This includes sending information to the browser about potential ads to be displayed to the user. This requires significantly more pre-planning of media and creative. You should begin identifying the user activities on your digital properties that you use to re-target users (product views, cart abandons, etc.) and the nature of current ads which are most effective. You will need to deeply understand what is more effective in order to effectively prepare interest groups and user audiences in the future. 

Further Reading

Contact InfoTrust

Learn more about InfoTrust's analytics and consumer data governance services by reaching out to our partnerships team.


  • Lucas Long

    Lucas Long is co-author of the Amazon best-selling book, Crawl, Walk, Run: Becoming a Privacy-Centric Marketing Organization. He is also the Director of Privacy Strategy at InfoTrust, working with global organizations at the intersection of digital strategy, privacy regulations, and technical data collection architecture. Through these efforts, Lucas helps companies understand their limitations for data enablement due to privacy challenges and design optimal ways to accomplish core use cases in a compliant manner.

    When not discussing the intricacies of GDPR and cookie laws with clients, Lucas enjoys traveling and exploring new cultures, one bite at a time. Based in Barcelona, he is also a presenter, featured at industry events organized by Google, the Digital Analytics Association, the American Marketing Association, and the Journal of Applied Marketing Analytics.

    View all posts
Originally Published: April 29, 2021

Subscribe To Our Newsletter

April 29, 2021

Other Articles You Will Enjoy

Finding the Light: Keys to Competitive Advantage in the Privacy-Centric Era

Finding the Light: Keys to Competitive Advantage in the Privacy-Centric Era

It’s no secret that the 21st century to date has been a boon for advertising. With consumers flocking to the internet for all of…

12-minute read
Chrome Delays Third-Party Cookie Deprecation: What Advertisers Need to Know

Chrome Delays Third-Party Cookie Deprecation: What Advertisers Need to Know

Forgive me if you’ve heard this before … Google Chrome is delaying the deprecation of third-party cookies. After the initial timeline of 2020 (We’re…

5-minute read
AdTech DNA Simplifies the Complex for Global Advertisers

AdTech DNA Simplifies the Complex for Global Advertisers

As a global advertiser, knowing what is happening across your organization is an endeavor wrought with complexity.  Are your advertising technologies implemented correctly?  Do…

3-minute read
Facts and Fiction: Third-Party Cookie Deprecation

Facts and Fiction: Third-Party Cookie Deprecation

With third-party cookie deprecation in Chrome just around the corner (now set for the start of 2025), organizations understandably have many questions and misconceptions…

9-minute read
Safeguarding Tomorrow: The Importance of Evaluating Compliance Risk Today

Safeguarding Tomorrow: The Importance of Evaluating Compliance Risk Today

It happens every day: marketing purchases a new platform with the promise of helping the organization meet and exceed business targets. When it comes…

7-minute read
A South Asian First: Sri Lanka’s Personal Data Protection Act

A South Asian First: Sri Lanka’s Personal Data Protection Act

I know I covered India’s DPDPA first, but, as it turns out, Sri Lanka beat them to the punch. Sri Lanka’s Personal Data Protection…

6-minute read
The Privacy Risk of AI: Automated Decision Making and Compliance Considerations

The Privacy Risk of AI: Automated Decision Making and Compliance Considerations

As third-party cookie deprecation is quickly approaching, many platforms are introducing AI capabilities promising greater utility with less data. Organizations can rely on features…

7-minute read
Lessons and Learnings from the Cookieless Now Summit London

Lessons and Learnings from the Cookieless Now Summit London

Today’s marketing and advertising environment can often feel like chaos. Google Chrome deprecating support for third-party cookies, although no true date for when. A…

12-minute read
Understanding First, Second, and Third-Party Data

Understanding First, Second, and Third-Party Data

You’re likely already seeing first-party and third-party terminology everywhere you look if you work in analytics, marketing, and all-things digital. But have you heard…

6-minute read

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ option.name }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.