At the beginning of 2020 Google announced that it will be blocking third-party cookies in Chrome browser within two years. In June 2021 Google announced that it is delaying its plans to phase out third-party cookies in the Chrome browser until 2023, a year or so later than originally planned. Chrome’s user base is so large that the change will have significant impacts on the digital advertising ecosystem. Currently, third-party cookies have an important role, for instance, in targeting and measuring advertising and preventing ad fraud.
Immediately after Google’s announcement there were speculations about what will replace third-party cookies in the future. In this post, we’ll open up Google’s vision on the topic a bit. But let’s start with a little recap of what even is a cookie?
What is a cookie?
A cookie is a small text file that is stored on a user’s device by an Internet browser. Cookies are used, for example, to store user information when moving from one web page to another. First-party cookies are stored directly in the website you’re visiting. In addition, the website may use external services that store their own cookies. These are called third-party cookies. Cookies do not contain users’ personal information and as such are not used to identify individual users. Some cookies expire at the end of a site session, while others remain longer on your device.
Cookies are used for many different purposes. Cookies allow you to use the functions of the website and to provide the best possible user experience. For example, when a browser has information about a visitor’s choice of language and device, it is possible to provide them directly with the appropriate language and device-specific page version, thus facilitating the use of the site. Cookies also allow, among other things, different tracking tools, as well as personalized content, offers, functionalities, and ads on a per-visitor basis.
Google’s idea is to replace cookies with browser-based open standards, the “Privacy Sandbox” project has been launched to find their final forms. The open-source initiative was launched August 2019. It’s unquestionably said to be Google’s response to the growing pressure to improve privacy, ensure free advertising-funded content, and possibly block other parties’ cookies. According to Google, the goal is to create a secure standard for personalization while respecting user privacy. Google says that reaching this goal requires new approaches to ensure relevant advertising in the future too.
The Privacy Sandbox project aims to minimize the information that is shared between websites and advertisers and to store a larger part of the visitor information on the visitor’s device only. Google’s project envisions targeted advertising and measuring conversions through Application Programming Interfaces (APIs) in a browser environment. A total of at least five different interfaces have been designed, each meeting different needs. These interfaces would be used by all stakeholders.
Google Interface proposals (API)
Situation may change fast, text updated 2.3.2021
- FLoC API (Federated Learning of Cohorts) - would be a new way that browsers could enable interest-based advertising on the web, in which the companies who today observe the browsing behavior of individuals instead observe the behavior of a cohort (or “flock”) of similar people. Google will make FLoC-based cohorts available for the public in March. By Q2, advertisers can start testing FLoC-based cohorts in Google Ads.
- Turtledove API (Two Uncorrelated Requests, Then Locally-Executed Decision On Victory) - would allow not only the targeting of advertising but also the re-targeting of advertising. Turtledove is to be put into practice with FLEDGE (The First Locally-Executed Decision over Groups" Experiment). It is intended to implement ad auction decisions in a browser instead of a server. FLEDGE contains proposals from several different actors:
To fight spam, fraud, and DoS (denial of service):
- Trust token API – This interface would allow publishers to authenticate real users without tracking technology, meaning it would be Google’s alternative to CAPTCHA. The Trust token API would classify users into trusted and untrusted groups using a browser ID. A browser ID would not allow an individual visitor to be tracked but would only classify visitors as belonging to either group.
- Aggregated Reporting API – The interface would allow the collection of data related to the performance of campaigns without user tracking. The information would include e.g. Reach, Views, Ad Impressions, and more in one report. The interface would allow data to be stored in a browser and passed on to the advertiser's systems.
- Conversion measurement API – The interface would allow you to track clicks and conversions for ad campaigns. The browser should return the information to the advertiser (or their advertising technology partner), but in a very limited format to protect the user.
- WEB ID - The purpose would be to preserve and extend identity federation on the web (e.g. Sign-in with X) safeguarding the visitor’s privacy and preventing the potential for abuse.
Google has announced its willingness to work together openly to ensure that the Privacy Sandbox -project benefits all stakeholders. Google also wants general feedback and suggestions on Application Programming Interfaces (API).
Critics have speculated that Google would just like to have more control over digital advertising. At least in principle, the move is a deliberate and sensible approach that leverages strengths – a vast ecosystem combined with powerful data collection and management capabilities – to maintain Google’s dominance.
A shared digital identifier, which would also be available to industry, has been predicted as the ultimate goal of the Google Privacy Sandbox project. In March 2021, however, Google confirmed that once third-party cookies are phased out, they will not build alternate identifiers to track individuals as they browse across the web, or will not use them in their products.
Long way to go
Although there have been some rapid changes in Chrome browser updates (like blocking fingerprinting), Google has stated that this type of project is a complex process and, based on experience, changes in the ecosystem are time-consuming. It requires reflection, discussion and input from many stakeholders for a long time. The Privacy Sandbox proposals have changed significantly over the past year and are likely to change in the future. While many of the proposals are strong and have potential, there is still a long way to go.