Third-party cookies have been living on borrowed time, given their increasing rejection by the major browsers. And today Google announced support for third-party cookies in its Chrome browser would be phased out “within two years.”
The company seeks to replace them with a browser-based mechanism as part of its “Privacy Sandbox” initiative. The Privacy Sandbox was introduced last August, following an earlier announcement at Google I/O. The initiative is arguably a response to increasing privacy pressure and partly a response to the rise of cookie-blocking by others.
Balancing personalization and privacy. Google’s stated objective is to create “a secure environment for personalization that also protects user privacy.” Google says this requires “new approaches to ensure that ads continue to be relevant for users, but user data shared with websites and advertisers would be minimized by anonymously aggregating user information, and keeping much more user information on-device only.”
The company argues that “large scale cookie blocking,” such as being done by Firefox and Safari, encourage tracking techniques like fingerprinting and undermine the publisher ecosystem by making ads less relevant, thereby reducing their revenues. The less precise the audience targeting, the lower the ad revenue.
Audience targeting strategies. The Privacy Sandbox system envisions targeting and conversion measurement happening within the browser environment through “privacy preserving APIs.” Google says that for ad targeting it’s “exploring how to deliver ads to large groups of similar people without letting individually identifying data ever leave [the] browser.” The company explains this is based on techniques and technologies such as Differential Privacy and Federated Learning. The latter would allow interest-based targeting at large-group scale to avoid revealing any individual’s information.
Conversion measurement. Here Google is more vague, saying, “Both Google and Apple have already published early-stage thinking to evaluate how one might address some of these use cases.” Reportedly, conversions would also be tracked inside Chrome and advertisers would be able to get conversion data through an API but without identifying any individual user.
Finally, Google said that starting in February, it’s going to treat cookies “that don’t include a SameSite label as first-party only, and require cookies labeled for third-party use to be accessed over HTTPS.” It’s also going to work to stop fingerprinting and other types of “covert tracking.”
Why we care. Google’s move, together with Firefox and Safari, is a major change (and challenge) for the industry. Google says it’s trying to find “a middle way” that empowers users but enables the advertising ecosystem to function effectively,” compared to what it considers the more blunt approach of Apple’s “Intelligent Tracking Prevention.”
Critics will accuse Google of trying to assert more control over digital advertising. However, for the approach to work, Google will need to build consensus among a broad community of publishers, advertisers, technology companies and even Apple and Mozilla. In principle, at least, it’s a thoughtful and reasonable approach that also plays to its strengths — a vast ecosystem coupled with powerful data collection and modeling capabilities — and will preserve its dominant position in the digital ad market.