Google delays cookie phase-out once again

Image of Iron Brands

Pubblicato il 26 apr 2024 da Iron Brands

Questo contenuto non è ancora tradotto in italiano. Di seguito la versione in inglese.

Google is delaying the deprecation of third-party cookies on Google Chrome once again following regulatory concerns over its Privacy Sandbox.

Google's blog mentions the company's ongoing conversation with the UK Markets and Competition Authority over market centralization, but there is more to the story. Short before the decision, the Wall Street Journal reported that the UK privacy watchdog (ICO) is concerned about possible privacy vulnerabilities in Google Topics which could allow for the identification of users.

But what does this have to do with third party cookies?

A lot, it turns out. Here is all you need to know about the Privacy Sandbox: what it does, what its flaws are, and how it impacts the timeline for the long-delayed cookie apocalypse. Let’s dive in!

  1. A long story short
    1. Topic and the Privacy Sandbox
    2. How does Topics work?
  2. What happens next?
    1. What about other browsers?
    2. The ePrivacy Directive
  3. Conclusions

A long story short

Topic and the Privacy Sandbox

Five years ago Google launched the Privacy Sandbox: an ongoing project to build privacy-preserving technologies that would allow advertisers and websites to gain information for behavioral advertising without infringing on the privacy of Internet users or compromising their identity.

The Privacy Sandbox and the deprecation of third-party cookies go hand in hand. Google is a dominant player (and quasi-monopolist) on the ad tech market and makes enormous amount of money from enabling advertisement. So, the company cannot affort to just phase out cookies- it needs to replace them with something else.

Topics is meant to be this replacement. In a nutshell, Topics is a system that allows the Google Chrome browser to analyze the user’s browser history, find the user’s interests, and disclose them to advertisers that use the Topics API.

How does Topics work?

Every form of targeted advertising starts from profiling: in order to serve a relevant ad, advertisers need to know what products and services you are interested in. With Google Topics, this profiling is carried out directly by your browser.

The core idea behind Topics is that browser-based profiling is more privacy-preserving than tracking cookies because it does not involve an external server and does not require the disclosure of specific websites visited by a user. Additionally, privacy-preserving mechanisms can be built into the browser to limit the amount of information disclosed to advertisers.

Bottom line: in theory, Topics will supply advertisers with data which are detailed enough for targeted advertising, but not fine-grained enough to permit identification.

This is a fine line to tread and several privacy vulnerabilities in Google’s Topics have been known for a while now. That being said, we don't know for sure what flaws the ICO took issue with, as the documents referenced by the WSJ are not public.

This is starting to feel like déja vu. A while ago Google proposed a system similar to Topics, called "Federated Learning of Cohorts" (FLOC). FLoC faced lots of pushbacks because of its privacy vulnerabilities and was eventually scrapped by Google.

Topics is essentially a successor to FLoC and builds upon its core ideas. Will Topics survive the pushback, or will it meet the same fate as FLoC?

What happens next?

It’s hard to say how things will play out. Aside from the ICO’s pushback, there are at least two possible fault points in Google’s strategy.

What about other browsers?

Google needs browsers to buy into the Privacy Sandbox because Topics relies on the user’s browser for profiling. At the moment, Google can count on Chrome- which it owns- and Microsoft Edge. But that still leaves one third of the market out of the Privacy Sandbox.

The biggest browser after Chrome is Safari, with a market share of almost 20%. But Apple will be hard to win over, as the company notoriously prizes its image as a privacy-friendly brand.

The browsers that make up the rest of the market tend to be quite privacy focused. In all likelihood, most of them won’t touch Topics with a ten foot pole.

Bottom line: a substantial portion of the browser market is likely off limits for Google, which may hinder the company’s plan to turn the Privacy Sandbox into the new standard for the ad tech industry.

The ePrivacy Directive

Google will face another challenge specific to the EU market: Topics needs opt-in consent from users under the ePrivacy Directive.

This could be a problem. People don’t like surveillance and often say “no, thanks” when presented with a fair, transparent choice- which Google is legally required to do.

Of course, Google could ignore the Directive (like it is already doing with advertising trackers on Android devices). But trying anything funny with Chrome is a very risky proposition for Google, as Chrome is a gatekeeper under the Digital Markets Act and will be closely watched by EU regulators for the foreseeable future.

So, Google is facing two alternatives on the European market. It can disregard or bend the rules, and risk enormous fines. Or, it can play fair and accept a lot of opt-outs from users.

Conclusions

There is a much more fundamental issue with Topics. Software should benefit the end user, not the developer. Google's plan to turn your browser into a profiling machine shows the company's utter disregard not only towards privacy (which should surprise no one), but towards the very idea of a free and open Internet.

We at Simple Analytics believe in this idea. This is why we built our software with privacy and usability in mind. We provide our customers with all the insights we need, without harvesting a single bit of personal data. If this sounds good to you, feel free to give us a try!