This article is more than 1 year old
Google: About that whole getting rid of third-party cookies thing – we're gonna need another year or so
Plan to reinvent advertising turns out to be more difficult than expected
Google, which makes the only major browser not blocking third-party cookies by default, has revised its commitment to phase out third-party cookies by 2022.
The super-corp's biscotticide is now scheduled to begin in mid-2023 and run through late 2023.
Third-party cookies refer to tracking files deposited in one's browser when visiting a website that includes code interacting with third-party domains. The firms associated with these domains, typically marketing and analytics businesses, check for the presence of their cookies across different websites and use this information to build marketing profiles and to target ads based on behavior.
In doing so, they deny people privacy, without much friction from Chrome, the window through which much of Google's web ad business operates. Some years ago, Apple, Brave, Microsoft, Mozilla, and Vivaldi began blocking third-party cookies by default in their respective browsers, sensing an opportunity to compete with Google by taking privacy seriously.
That said, Microsoft Edge's default might be called half-hearted, though it uses the term "Balanced" to reflect that Microsoft is okay with some third-party cookies to minimize application misbehavior)
Google's announcement in January 2020 that it would phase out third-party cookies showed that privacy – or at least the marketing of privacy – could no longer be ignored. But unwilling to abandon targeted advertising and ad analytics on the web, the ad giant threw itself into developing alternative ad tech that would provide similar data while ostensibly preserving privacy.
Since then, a series of these proposals – referred to as the Privacy Sandbox – from Google and other ad companies have been floated. The most notable of these has been FLoC or Federated Learning of Cohorts, a scheme to divide internet users into thousands of theoretically anonymous groups based on interests and demographics.
- Google's 'Ask me anything' on Privacy Sandbox was more about questions than answers
- Google's FLoC flies into headwinds as internet ad industry braces for instability
- UK competition watchdog begins probe into Apple and Google's total domination of the mobile landscape
- Browser tracking protections won't stop tracking, warns DuckDuckGo
Initial testing, involving about 34,000 Cohorts, has not gone all that well. Doubts about Google's privacy claims for FLoC persist and other browser makers have distanced themselves from the still-developing technology or outright disavowed it.
Among those willing to give Google the benefit of the doubt, there's still hope that other incubating Privacy Sandbox proposals with bird-themed names like FLEDGE may prove less controversial. But hatching health technical specs that can survive intense scrutiny from security and privacy researchers, not to mention regulators, will take time.
Deadlines fly by
On Thursday, the Chocolate Factory said it doesn't expect to complete its third-party cookie transition until late 2023, almost two years beyond its initial target date. The problem is that the ad tech intended to take over where third-party cookies left off remains half-baked, there's not yet industry consensus on the way forward, and there are legal issues to resolve.
"For Chrome, specifically, our goal is to have the key technologies deployed by late 2022 for the developer community to start adopting them," explained Vinay Goel, privacy engineering director for Chrome, in a blog post.
"Subject to our engagement with the United Kingdom’s Competition and Markets Authority (CMA) and in line with the commitments we have offered, Chrome could then phase out third-party cookies over a three month period, starting in mid-2023 and ending in late 2023."
The UK CMA earlier this year said it had received complaints from marketeers that Google's Privacy Sandbox plan was anticompetitive. And its interest has since expanded to include Apple's App Store.
The timing of Google's cookie killing coincides with the time when California will begin enforcing the California Privacy Rights Act, July 1, 2023. Under the CPRA, Google will have additional privacy and data handling obligations.
Via Twitter, Ashkan Soltani, a privacy researcher and former Federal Trade Commission technologist, expressed disappointment with Google's decision to delay third-party cookie banishment.
"The greatest trick the devil ever pulled was convincing reporters [and] policymakers that you can only have competition by reducing privacy," Soltani said. "Blocking cookies is independent of half-baked ad tracking proposals like FLoC… Google can block cookies [without] the rest of 'Privacy Sandbox'."
Google can. But it has other plans. ®