Global tech giant Google recently announced plans to phase out support for third-party cookies in Chrome. The move is an update of Google’s initiative announced in August 2019, called the Privacy Sandbox, to develop a set of open standards to enhance privacy on the web.
“Our goal for this open-source initiative is to make the web more private and secure for users, while also supporting publishers,” the company said earlier this month.
Cookies are a tool within browsers that allow website operators to save data about users. Third-party cookies are placed by advertisers. A website can use a number of different third-party cookies to collect user information.
With Apple also implementing anti-tracking features in its browser Safari, Google’s crackdown represents the latest blow to the digital marketing and adtech industry which had so far relied on such cookies and trackers for targetting and boosting their businesses. How will the new policy change the game for such digital marketers? Before we answer that, let’s see why the changes are such a big deal.
Are Third-Party Cookies Bad For Privacy?
A first-party cookie gets stored on a user’s device when they visit any website. This cookie stores data related to the user’s interaction with the website, such as items added to cart, login data, form data, and much more. However, third-party cookies are created by external content providers such as advertisers, digital marketers and content discovery platforms. These give access to user data and activity related to one website with other parties.
Third-party cookies and trackers are the basis for how ads target users based on their preferences and web browsing activity. An innocuous example is being shown ads for a particular flight, after having searched for it, or Amazon shopping recommendation ads that pull data from your activity.
As such these cookies and trackers are not bad, but they do lead to user data being rampantly shared across domains and this could lead to leaks from any unsecured servers or locations. Secondly, many advertisers surreptitiously track users, which is also leading to privacy issues.
Data privacy has been one of the topmost concerns of web users across the globe, there has been a lot of public outcry around this. With allegations of ads on Google and Facebook being able to swing elections in many countries, ads have come under the scanner over the past year.
Besides, Google was accused of allowing ads for weapons, anti-vaccination campaigns and other controversial issues in the US. Over the past year, the focus on political ads has also increased with Google banning them, and Twitter limiting their use.
“The fact that Google will drop support for these third-party cookies, which are typically used to track users across the web doesn’t come as a surprise, given Google’s announcements around privacy in Chrome, including its proposed privacy sandbox,” Shomiron Das Gupta, Founder of DNIF told Inc42.
DNIF is a Mumbai-based startup that helps companies detect and fight cybercrime.
Related Article: Google To Curtail Third-Party Cookies To Tackle Privacy Criticism
While Google’s decision is also seen as responding to pressure coming from rival browsers i.e. Mozilla Org’s Firefox or Apple’s Safari, concerns are being raised about how it plans to phase out over the next two years.
“Any initiative that barges into the privacy of individuals should be stopped. This privacy penetration creates from the simplest ‘hassle’ to ‘real trauma’ depending on the time of the violation,” Ramkumar Ramachandran, a data privacy expert, who works with Ascentant Corporation told us.
What Is Google’s Plan To Replace Trackers?
Third-party data is often misused and Google’s proposed Privacy Sandbox and the federated learning approach has outlined a path forward for the industry to respect user privacy and is a welcome move towards individual data protection.
The ad industry standard for data-sharing real-time bidding protocol, for example, is under review by data protection authorities under the General Data Protection Regulation or GDPR in the EU.
Furthermore, ad providers resort to practices like fingerprinting. “Browsers took it upon themselves to protect user privacy, with many popular browsers choosing to implement third-party cookie blocking, but without providing an alternative for ad providers to achieve their goals. This had the inadvertent effect of turning ad providers to resort to more opaque profiling techniques such as fingerprinting,” said DNIF’s Das Gupta.
With fingerprinting, ad providers get access to information that can vary between users, such as what device they have or what fonts they have installed and more to generate unique identifiers that can then be used to track the user across websites.
“Businesses are very likely to encounter factors that may give an open window to cyber-attacks and hackers while using web browsers during any transition period,” said Praveenkumar Yadav, research analyst at market research firm Straits Research.
“Security should be kept on the forefront while using web browsers. Web browsers record search inquiries and maintain a complete record of every search entry you make,” he added
While cookies could be cleared by a user, fingerprints cannot be cleared by users, leaving them without a choice to reset. This move by Google aims to limit insecure cross-site tracking. Cookies that don’t include a SameSite label will be treated as first-party only, and cookies labelled for third-party use can be accessed over HTTPS only.
This move will make third-party cookies more secure and give users more precise browser cookie controls. Google is also developing techniques to detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage such deceptive and intrusive techniques.
However, for businesses that rely on such practices to generate revenue, these changes will have negative consequences.
“There are major concerns over the use of 3rd party cookies for tracking user behaviour and being able to narrow down to unique users however, 3rd party cookies though considered evil by many aren’t really so bad,” said Siddharth Pednekar, VP strategy and media, BC Web Wise.
These cookies serve an important role in measuring ad performance and detecting and curbing ad frauds. Data management platforms and programmatic advertisers use third-party cookies extensively to serve ads that are relevant to users. “Not supporting third-party cookies completely will make it difficult to buy audiences and even measure ad performance effectively,” Pednekar added. BC Web Wise is Mumbai-based digital marketing platform.
The challenges for publishers in the adtech world is to find a ‘legal’ way of processing personal data amid a host of new regulations such as GDPR. With India passing the Personal Data Protection Bill, there are local regulatory challenges as well.
“If startups compromise on ad practices due to ‘challenges’ it may lead to fines and bankruptcy. Give some ‘real’ benefits to prospective customers, instead of using ads to attract low-quality users. To be honest, many startups want instant gratification rather than sustained success, so it’s tough to make them listen to the alternatives,” added Ascentant’s Ramachandran.
Is Google Creating A Walled Garden For Advertisers?
Unlike Firefox and Safari, Google Chrome has taken a more systematic approach to removing support for third-party cookies gradually, allowing a two-year window and coming up with a privacy sandbox. This, the experts say, will help ad tech companies develop alternative techniques before support for third-party cookies is phased out.
Internet service providers (ISPs) will still be able to track IP addresses and user accounts from which the person is browsing the internet.
However, a few browsers have partially solved this challenge by implementing privacy features that can be automatically enabled once you switch on to private browsing mode. For example, Firefox has introduced a new feature called the “Tracking Protection” feature, that can control the use of web trackers. Opera, on the other hand, has introduced an in-built VPN service that creates a secure connection with one of its server locations, offering security and online privacy to the users.
In order to avoid security threats and issues, developers and marketers can also use alternative web browsers. There are various web browsers available online that offer secure browsing and additional extensions to make your job easier. The extensions are similar to the ones offered by Google’s Chrome.
One alternative is the use of first-party cookies and login-based profiling and a combination of them. Ad serving tools are likely to gain more importance in such a situation, facilitating information exchange. “However some of these initiatives are likely to allow further more pinpointing of users and identifying them. Stringent encryptions norms and restrictions on segmenting beyond a minimum audience size will be required to ensure user privacy,” Pednekar told Inc42.
From a media buyer’s perspective, the change is looked at as a challenge to ad targeting within Chrome. “However, I am sure that Google doesn’t want to force the death of the cookies too quickly thereby attract antitrust attention.” Das Gupta added. He said that it’s in Google’s interest to accelerate the phase-out, as the decline of cookies is good for the walled gardens that Google has created for its ad network.
In other words, Google will have access to all first-party data and third-party advertisers will need to get on Google’s ad network to receive the data that will help them target the right users. Is Google simply tightening its
“It also could be a misguided judgment that browsing on the private web can protect users from being tracked by other websites,” said Straits Research’s Yadav.