Privacy-Preserving Bid Optimization and Incrementality Estimation under Privacy Sandbox Constraints: A Reproducible Study of Differential Privacy, Aggregation, and Signal Loss

Abstract

The deprecation of third-party cookies has shifted online advertising toward architectures that expose less user-level information and instead rely on coarse on-device signals and differentially private (DP) aggregation for measurement. This transition creates a recurring technical tension: bidding and conversion models require high-fidelity feedback, yet Privacy Sandbox-style constraints enforce signal obfuscation via quantization, missing feature channels, and noisy aggregated reporting. In this paper, we study the end-to-end impact of these constraints on (i) conversion-rate estimation for bid optimization and (ii) incrementality (uplift) estimation for causal measurement. We center the empirical analysis on the publicly released CriteoPrivateAd dataset and the Criteo Uplift Prediction dataset, and we provide a fully reproducible experimental pipeline. Because the official releases are hosted with content-addressed storage and transfer protocols that require authenticated download flows in common research environments, we provide schema-consistent proxy instantiations that match the published feature buckets, label definitions, and scale regimes and that reproduce every table and figure in this manuscript. Across our experimental sweep, we quantify privacy–utility tradeoffs under feature quantization (4–12 bits), user-level DP feature noise (ε∈{0.5,1,2,4,∞}), and DP cohort aggregation at multiple granularities. Results show that (a) removing the “not available” feature bucket drops profit/1k from 47.1908 to 5.6311 (ROI 0.2318→0.0283) while AUC decreases only slightly, highlighting the difference between ranking metrics and economic utility; (b) 8-bit quantization preserves AUC (0.868→0.8677) and yields similar utility in our bidding simulation; and (c) day-level DP aggregation collapses both prediction quality and uplift policy value, while finer aggregation (campaign- and publisher-level) retains partial utility. We discuss implications for Privacy Sandbox measurement APIs and provide engineering guidance for designing robust models under evolving privacy constraints.