27 July 2021

Google delays the Cookiepocalypse

Cookie 2021

Update - As we were going live with this article, Google published an updated timeline for the Privacy Sandbox.

A few weeks ago, an important announcement was made by Google regarding their plans to deprecate third party cookies. In it, they officially pushed back plans from the original 2022 target date to postpone what’s collectively being referred to in the industry as, cookiepocalypse, until 2023.

Interestingly, Google had only just confirmed the 2022 target as recently as March this year. So, whilst perhaps this may have been an ambitious deadline, Google (at least publicly) appeared to be convinced they could make it happen. They had even given the nod towards a suitable alternative for third-party cookies in the form of FLoC (Federated Learning of Cohorts), which we have posted about previously.

So why the sudden back flip?

We believe a number of factors are at play, which might be pushing Google to buy more time and seek alternatives to their initial proposals.

Firstly, concerns and skepticism surrounding FLoC have been widely discussed within the industry as early as January this year. Since only a select number of Google partners were included in the early research and testing of FLoC, it’s been difficult to validate Google’s claims as to the effectiveness of FLoC as a stand in for third party cookies. One such claim being that, “advertisers can expect to see at least 95% of the conversions per dollar spent when compared to cookie-based advertising”.

Secondly, FLoC hasn’t been received with a lot of fanfare in the wider advertising industry:

Google is enthusiastic about FLoC, but nobody else seems to share the same enthusiasm. Source: The Wedding Singer

Leaving Google’s Chrome to go it alone as the standalone FLoC browser.

Thirdly, General Data Protection Regulation (GDPR) which is a European Union legal framework created to protect user privacy, may pose another speed hump in a list of challenges ahead for FLoC. The problem seems to boil down to some semantic details as outlined by AdWeek:

“Specifically, there is uncertainty as to which party - either the publisher or the web browser - would constitute a “data controller” and a “data processor” (a key requirement under GDPR), especially without prior consent from a user.”

This is because the whole idea behind FLoC is that a central server is not privy to a user’s every move across the web (in the same way that third-party cookies often are), instead the browser processes browsing behaviour and assigns users with a cohort ID, the cohort ID is then shared with the ad networks. This way, the only information shared with a centralised server is an actual cohort ID, according to Google this will provide users with enhanced privacy, as it will facilitate hiding user behaviour amongst a crowd of other similar users.

While Chrome has up to 50% of the browser market share (sometimes more in specific markets), the risk is that without wider industry support, including adoption, legal approval or even proactively blocking FLoC-ability, the claimed 95% effectiveness of FLoC as an alternative to third party cookies may actually turn out to be an exaggeration. This all leads to the obvious question, is FLoC actually ready for prime time?

Google may also be seeking to curtail negative publicity

Google has been enthusiastic about promoting the privacy benefits of FLoC when compared to traditional third party cookie usage. The aim of FLoC is to give insights that are similar to what third party cookies enable, but not replace third party cookies with another similar form of cross site identifier. On the surface this sounds reasonable, but dig a little deeper and the more cynically inclined may see initiatives like FLoC playing to the advantage of a company like Google.

This is because Google has a massive user footprint, which means they are in a comfortable position to still extract user insights from signed on users who have made themselves known to the company in some form. Shutting down third party cookies may actually kill off competition under the guise of protecting privacy.

Anyone wanting to derive insights similar to those that third party cookies previously provided, may be forced to share their own business and customer information with tools like Google’s walled garden.

So, Google may be attempting to avoid appearing as a monopolistic player. Given that Facebook is currently facing an anti-trust lawsuit of its own right about now, the tech giant may be attempting to curtail the risks of being drawn into any potential lawsuits. By extending the deadline to 2023, this may give them some breathing room while they re-think the FLoC approach and evaluate feedback to date.

The Interactive Advertising Bureau (IAB) in Europe has also run aground

While the industry is still scrambling to solve the third party cookie dilemma, it’s not just FLoC that may be in trouble before it’s even out the door. The IAB’s Tracking Consent Framework (TCF) was recently found to fail GDPR standards after a review by the Belgian Data Protection agency. It was flagged as not meeting the GDPR principles of transparency, fairness and accountability, and following the lawfulness of processing.

It also found that the TCF did not provide adequate rules for the processing of special category data (e.g. health information, political affiliation, sexual orientation etc), yet it does process that type of data.

According to the IAB’s own website, “The TCF creates an environment where website publishers can tell visitors what data is being collected and how their website and the companies they partner with intend to use it.”

And so, it would appear that in a world of increasing privacy legislation and scrutiny, trying to have your cake and eat it may just be backfiring at the moment, especially when placed under the microscope for further examination so to speak.

Where to from here?

Unfortunately, the path from here remains clear as mud, or not clear at all. Louder is keeping a close eye on developments, but the latest delay to third-party cookie deprecation doesn’t really change our prior recommendations, the direction the privacy ship is sailing in or, for that matter, how your business should adapt to the coming changes.

Louder strongly recommends focusing on your first party data. To do so, start by adopting tools such as Google Analytics 4, begin looking at the feasibility of server-side tagging and explore how you can leverage walled gardens such as Google’s Ads Data Hub to fill the missing gaps that already exist thanks to most major browsers (Google Chrome - being the last major hold out) already blocking third party cookies in most contexts.

Louder is here to help you and your business through this transitory period, so feel free to get in touch.



Resources:



About Gavin Doolan

Gavin Doolan is a consultant at Louder specialising in web analytics technology and integrations.