Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022.
“Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers,” said David Temkin, Google’s director of product management for ads privacy and trust.
“Advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies offer a clear path to replacing individual identifiers.”
The changes, which could potentially reshape the advertising landscape, are expected only to cover websites visited via Chrome and do not extend to mobile apps.
At the same time, Google acknowledged that other companies might find alternative ways to track individual users. “We realize this means other providers may offer a level of user identity for ad tracking across the web that we will not,” Temkin said. “We don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions.”
Over the years, third-party cookies have become the mainstay driving digital ad business, but mounting concerns about data privacy infringement have led major browser vendors such as Apple, Mozilla, Brave, and Microsoft to introduce countermeasures to pull the plug on invasive tracking technology, in turn forcing Google to respond with similar privacy-first solutions or risk losing customer trust.
FLoC and FLEDGE for Privacy-Preserving Ad Targeting
For its part, the search giant — in an attempt to balance its twin roles as a web browser developer and owner of the world’s largest advertising platform — early last year announced plans to eliminate third-party cookies in Chrome in favor of a new framework called the “Privacy Sandbox,” which aims to protect anonymity while still delivering targeted ads without resorting to more opaque techniques like fingerprinting.
To that effect, Google has proposed a continually evolving collection of bird-themed ad targeting and measurement methods aimed at supplanting third-party cookies, chief among them being Federated Learning of Cohorts (FLoC) and TURTLEDOVE, which it hopes will emerge the standards for serving ads on the web.
Leveraging a technique called on-device machine learning, FLoC essentially aims to classify online users into groups based on similar browsing behaviors, with each user’s browser sharing what’s called a “cohort ID” to websites and marketers, who can then target users with ads based on the groups they belong to.
In other words, the data gathered locally from the browser is never shared and never leaves the device. By using this interest-based advertising approach, the idea is to hide users “in the crowd,” thereby keeping a person’s browsing history private and offering protections from individualized tracking and profiling.
TURTLEDOVE (and its extension called “FLEDGE“), on the other hand, suggests a new method for advertisers and ad tech companies to target an ad to an audience they had previously built without revealing other information about a users’ browsing habits or ad interests.
Google is set to test FLoC-based cohorts publicly later this month, starting with Chrome 89, before extending the trials with advertisers in Google Ads in the second quarter.
Concerns About Control, Privacy, and Trust
While these privacy-preserving plans mean less personal data is sent to third-parties, questions are being raised about how users will be grouped together and what guardrails are being put in place to avoid unlawful discrimination against certain groups based on sensitive attributes such as ethnicity, religion, gender, or sexual orientation.
Outlining that the change in underlying infrastructure involves sharing new information with advertisers, the Electronic Frontier Foundation (EFF) equated FLoC to a “behavioral credit score,” calling it a “terrible idea” that creates new privacy risks, including the likelihood of websites to uniquely fingerprint FLoC users and access more personal information than required to serve relevant ads.
“If you visit a site for medical information, you might trust it with information about your health, but there’s no reason it needs to know what your politics are,” EFF’s Bennett Cyphers said. “Likewise, if you visit a retail website, it shouldn’t need to know whether you’ve recently read up on treatment for depression. FLoC erodes this separation of contexts, and instead presents the same behavioral summary to everyone you interact with.”
Also of note is the scope and potential implications of Privacy Sandbox.
With Chrome’s widespread market share of over 60% across desktop and mobile devices, Google’s attempts to replace the cookie have been met with skepticism and pushbacks, not to mention attracting regulatory scrutiny earlier this year over worries that “the proposals could cause advertising spend to become even more concentrated on Google’s ecosystem at the expense of its competitors.”
The initiative has also been called out for being under Google’s control and fears that it may only serve to tighten the company’s grip on the advertising industry and the web as a whole, which critics say will “force more marketers into their walled garden and will spell the end of the independent and Open Web.”
In response, Google noted it has taken into account the feedback about browser-centric control by incorporating what it calls a “trusted server” in FLEDGE to store information about an ad campaign’s bids and budgets.
All said and done, third-party cookies aren’t the only means to deliver ads on the web. Companies that collect first-party data, counting Facebook and Google, can still be able to serve personalized ads, as can ad tech firms that are embracing a DNS technique called CNAME cloaking to pass off third-party tracking code as coming from a first-party.
“Keeping the internet open and accessible for everyone requires all of us to do more to protect privacy — and that means an end to not only third-party cookies, but also any technology used for tracking individual people as they browse the web,” Google said, adding it remains “committed to preserving a vibrant and open ecosystem where people can access a broad range of ad-supported content with confidence that their privacy and choices are respected.”