Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Google beefs up privacy promises as it prepares to upend its ad model

March 3, 2021, 2:01 PM UTC

Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.

Google is primarily an advertising company that has achieved dominance by tracking most web users’ activities and using what it learns to direct relevant ads at them. Now it’s trying to change its ways—and a lot of people are really mad at it.

Google said at the start of 2020 that its widely used Chrome browser would within two years phase out support for third-party cookies—the markers that a panoply of companies leave in your browser when you visit a website, in order to profile you for marketing purposes. Apple’s Safari and Mozilla’s Firefox browsers have already started blocking third-party cookies.

As Google, alongside Facebook, constitutes half of the web’s big bad ad duopoly, privacy activists were immediately skeptical. Meanwhile, publishers and ad-technology firms were so furious that they triggered an antitrust investigation in the U.K., claiming Google’s replacement technology—being developed through a project called Privacy Sandbox—would entrench Google’s “monopoly control of online commerce.”

So, on Wednesday, the company made a renewed effort to get the various players in its ecosystem on board with its decision—and to announce a significant extra privacy move on its own part.

No more individual tracking

In a blog post, Google advertising privacy chief David Temkin began with a big pitch to the privacy crowd: Other ad-tech companies may be preparing to replace third-party cookies with other ways of identifying individual web users, but Google will not follow suit.

This isn’t just an announcement about Chrome; it’s about the ad-tech tools Google offers for use across all browsers.

“Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products,” Temkin wrote.

“We realize this means other providers may offer a level of user identity for ad tracking across the web that we will not—like PII [personally identifiable information] graphs based on people’s email addresses,” he continued. “We don’t believe these solutions will meet rising consumer expectations for privacy, not will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long-term investment.”

Google’s own successor to third-party cookies is a technology called federated learning of cohorts, or FLoC, which groups users into interest-based “cohorts” in a way that—Google claims—effectively keeps individuals anonymous.

Privacy activists such as the Electronic Frontier Foundation have claimed otherwise, warning that FLoC would still allow third parties to deduce an individual’s interests. Wednesday’s announcement appears to be a bid to say that ain’t so.

No sacrifice

As for advertisers—arguably Google’s most important constituents—the company said in January that its tests of FLoC showed “advertisers can expect to see at least 95% of the conversions per dollar spent when compared to cookie-based advertising.” It also said advertisers could start testing FLoC-based cohorts in Q2.

Wednesday’s post reiterated these points, promising “a future where there is no need to sacrifice relevant advertising and monetization in order to deliver a private and secure experience.”

“That’s why we’re 100% committed to powering our web products with the Privacy Sandbox, and encourage the industry to continue partnering with us in developing and adopting these privacy innovations,” Temkin wrote.

Time will tell if advertisers continue to stick with Google’s targeting services or ignore its warning about “rapidly evolving regulatory restrictions.”

In Europe, it may be a smart bet to acknowledge the growing impact of laws such as the EU’s General Data Protection Regulation (GDPR) and two-decade-old ePrivacy Directive (a.k.a. “the cookie law”), a new version of which is being finalized after years of legislative gridlock.

Europe’s top court has ruled, for example, that tracking cookies is only kosher if users actively consent to allowing them into their browsers. And while a lack of resourcing has hampered enforcement of the GDPR thus far, companies are starting to get heavy fines for passing on sensitive information about individuals to third parties.

However, the ad-tech firm Criteo—which is backing a post-cookie tracking technology called Unified ID 2.0 that identifies people based on their email addresses—responded defiantly to Google’s regulatory warning.

“Google’s announcement today that they will not create their own PII-based identifier does not in any way change or impact Criteo’s plan and roadmap,” it said in a statement.

“As we have said before, we continue to invest in our first-party media network, as well as cohort-based and contextual advertising, which allow marketers to effectively engage with their customers in a privacy-safe and consented manner.”

This article was updated to include Criteo’s statement.