First, Google introduced a set of privacy features in their Chrome web browser. Then, the company came up with the Privacy Sandbox initiative and announced an intention to kill off third-party cookies. But after a few years, Google is changing its mind and will give users the choice whether to allow for tracking with third-party cookies or not.
Below we take a look at the major announcements from Google Chrome over the past couple of years and what it means for the future of AdTech.
Google Chrome’s Privacy Features: Transparency, Choice, and Control
On May 7th, 2019, at the Google I/O conference, Google announced that they would introduce a set of new privacy and transparency features to their Chrome browser.
Transparency, choice, and control over personalized digital advertising — this is what Google Chrome’s new privacy features aim to address.
Back then, the exact rollout date was unknown, but was thought that the new changes would come into effect in Q4 2019.
Eventually, these privacy changes came into force in February 2020.
The goal was to strengthen online privacy by giving users more control, choice, and transparency when it comes to personalized online advertising.
The announcement followed in the footsteps of other popular browsers such as Safari and Firefox which had introduced similar, but more severe, privacy controls.
Transparency
Google introduced an open-source browser extension that provides users with more transparency into which companies are involved in the ad-servicing process, including intermediaries like ad networks, demand-side platforms (DSPs), and supply-side platforms (SSPs).
The browser extension can also be used across different browsers, explain to Internet users why the ads were displayed to them, and show them a snapshot of ads they were served recently.
The company designed an open API that AdTech companies can also use to present users with this information.
Choice and Control
Google delivered two new privacy features in Chrome that provide users with more choice and control over online advertising.
The first one allows users to see which cookies are stored on their Chrome browser and enables them to block and delete certain cookies.
The new cookie controls relate to third-party cookies, which are typically used for online ad targeting, measurement, and attribution. These changes had little or no impact on first-party cookies, which remember what you added to your shopping cart and keep you logged in to websites and accounts.
Also, cross-site cookies will need to be sent over HTTPS to prevent hackers from accessing, storing, or modifying them when they are passed from server to server.
The second one aims to prevent device fingerprinting, but Google didn’t explain how this feature would work or when it would be introduced (more on this below).
We explain what device fingerprinting is and how it works in one of our previous posts.
On October 20, 2022, Google rolled out My Ad Center, a simple dashboard for users to manage their ad-personalization preferences. The product is an updated version of Ad Settings linked with other ad-related services and one of the original Transparency, Choice and Control privacy features.
Google Chrome’s Cross-Site and Same-Site Cookies
On Wednesday, October 23, 2019, Google Chrome released a detailed blog post explaining the changes to how cookies would be handled in the future.
To allow users to delete third-party cookies but keep first-party cookies alive, website developers have to make changes to how cookies on their website are set.
In short, they have to include a new “SameSite” attribute (specifically, SameSite=None) when setting a cookie to tell Chrome which cookies are to be used only by the current site or current URL that the user is on, and which ones are cross-site cookies.
Developers also have to add the `Secure` attribute as cookies will only be set via HTTPS.
Even though this attribute applies to Chrome, which was the first browser to support this attribute, it shouldn’t cause any issues in other browsers that don’t support it.
You can read more about same-site cookies here.
Setting cookies in this way will eventually help Chrome understand which ones are first-party and which ones are third-party.
In the future, Chrome could then ask users if they want to block third-party cookies. If the user says ‘yes’, then cookies created with `SameSite=None` will be blocked.
Google’s Privacy Sandbox
On August 22, 2019, Google announced a new initiative, the Privacy Sandbox, that aims to make the web more privacy-friendly, but still allow online advertising to work in a limited capacity.
The Privacy Sandbox takes a different approach to user privacy than Safari and Firefox.
Instead of blocking third-party cookies altogether, the Privacy Sandbox provides a secure environment for personalization while still protecting user privacy.
Here are the key things to know about the Privacy Sandbox:
- It’s an open solution, and Google has asked for feedback and input from other web browsers, publishers, and advertising technology (AdTech) companies on how to advance it.
- It is being positioned as a new web standard, rather than a new privacy feature.
- It allows ads to still be relevant for users, but only anonymous and aggregated data are available to AdTech companies and advertisers. Also, a lot more user data will stay on the device, instead of being passed on to AdTech companies.
- Google acknowledges that it may take many years for the Privacy Sandbox to be fully developed.
Google is quick to reiterate that blocking third-party cookies completely without providing a solid alternative (like what Safari and Firefox have done) is detrimental to the future of the Internet (and the back pockets of publishers). It also acknowledges that users are demanding more control over their privacy.
It seems that at the moment, the Privacy Sandbox is a great solution to a number of challenges facing the online advertising industry.
Google To Kill Off Third-Party Cookies by 2022
On Tuesday the 14th of January, 2020, Google made an announcement that most people in the online advertising industry never thought they would hear — Google is going to kill off third-party cookies by 2022.
But all hope is not lost.
This announcement follows in the footsteps of their previous initiatives (listed above) and is the next step in Google Chrome’s ongoing commitment to making the web a more privacy friendly place, while still allowing companies (including Google) to earn money from online advertising.
Here is the summary of that announcement:
- Google Chrome plans to stop supporting third-party cookies by 2022.
- It will run a series of trials in 2020 to see how conversion measuring and personalization can work without using third-party cookies. This will involve using the Privacy Sandbox (see above).
- The personalization element will likely be interest-based personalization on an aggregated level, rather than 1:1 personalization that has stood as the holy grail for advertisers and marketers for over a decade.
- The ultimate goal will be to replace third-party cookies used for ad selection and measurement with the Privacy Sandbox.
As they’ve stated previously, Google doesn’t see strict privacy features, like those seen by Safari and Firefox, as the way forward for the Internet and online advertising.
Google feels that these approaches only encourage companies to create workarounds and develop techniques like device fingerprinting, which further diminish user privacy and provide little or no control. This is a valid and accurate point.
Google Delays Its Decision to Kill Off Third-Party Cookies by 2 Years
On Thursday, June 24, 2021, Google Chrome announced that it would be extending its plan to shut off third-party cookies by an extra 2 years.
1. Google Chrome, advertisers, AdTech companies, and publishers need more time to discuss, work on, and test the Privacy Sandbox standards and APIs.
Although progress has been made to Google’s Privacy Sandbox in the W3C Business Group, there’s still a way to go before the final version is released in its entirety.
2. Google has been facing pressure from various antitrust investigations.
Various governments and antitrust regulators around the world have opened investigations into Google’s business practices, including its AdTech business.
The UK’s Competition and Markets Authority (CMA) recently opened an investigation into Google’s intent to eliminate third-party cookies from its Chrome browser and introduce its Privacy Sandbox.
In this announcement, Google said that it would work with the UK’s CMA and the UK’s privacy regulator, the Information Commissioner’s Office (ICO), to ensure it meets the commitments it proposed as part of the antitrust investigation.
This particular antitrust investigation from the UK’s CMA would have also contributed to Google’s decision to extend the deadline.
Google Delays Phasing Out Third-Party Cookies…Again
On Wednesday, July 27, 2022, Google Chrome announced that it won’t start phasing out third-party cookies until the second half of 2024.
Google Chrome cited it requires more time to evaluate and test the new Privacy Sandbox standards before shutting off third-party cookies in Chrome.
The Next Step Toward Phasing Out Third-Party Cookies in Chrome
On December 14, 2023, the company informed about their preparation to block third-party cookies by default for 1% of Chrome users.
Half a month later, on January 4, Google rolled out Tracking Protection, a feature for limiting cross-site tracking. The Tracking Prevention restricts website access to third-party cookies by default.
Back then, Google still believed that they would be able to phase out third-party cookies in the second half of 2024 and address the UK’s Competition and Markets Authority concerns.
Google Will Not Complete Third-Party Cookies Depreciation During the Second Half of Q4 2024
On April 23, 2024, Google updated the status of Privacy Sandbox for the Web and announced its plan to discontinue supporting third-party cookies.
The company recognized that it needed more time to reconcile “divergent feedback from the industry, regulators, and developers” on the topic of a cookie-less advertising environment.
Also, due to the CMA’s review of the industry’s feedback, Google announced that it is unable to finish third-party cookies depreciation during the second half of Q4.
Back then, Google assumed that reaching an agreement in both fields would be enough to proceed with third-party cookie deprecation, which could start in early 2025.
However, learnings from Privacy Sandbox testing disclosed that there are four big fields to address:
- Increased DSP and SSP integrations to improve publisher results
- More categories of solutions providers to unlock advertiser and agency demand
- Expanded feature support by ad tech to enable more volume
- Scaled model training to optimize performance outcomes
One month later, Google made a final announcement on phasing out third-party cookies.
Google Won’t Kill Third-Party Cookies
On July 22, 2024, Anthony Chavez, VP at Privacy Sandbox, wrote in his blog post that the Privacy Sandbox APIs have the potential to deliver high online privacy and an ad-supported internet at the same time.
However, the transition to a cookie-less future still requires significant work from the AdTech industry and will change the way publishers, advertisers, and everyone involved in online advertising operate now.
Considering this, Google won’t kill third-party cookies. Instead, the company decided to give users more control over their preferences regarding cookies.
Chrome browser will:
- Let people make an informed choice applicable across their web browsing.
- Adjust to user preferences at any time.
Before the rollout, Google will engage industry participants and regulators into discussion over the new features.
An important update was made also on the future of the Privacy Sandbox: Google upholds its position and will further develop the Privacy Sandox APIs.
To offer additional privacy enhancements, Google introduced IP Protection into Chrome’s Incognito mode.
What Could Phasing Out Third-Party Cookies Mean for AdTech?
The fact that Google wanted to stop supporting third-party cookies in Chrome could have a huge impact on the AdTech industry.
Here’s what could stop working:
Audience buying based on third-party data: This could affect most of the DMPs on the market selling third-party audiences (e.g. Oracle Bluekai and Lotame) or mapping offline data to online identifiers on the web (e.g. LiveRamp etc.)
Data activation on web: Using cookie syncing to identify and target users (e.g. by exporting an audience to a DSP for media buying).
Retargeting on web: This could affect companies like Criteo, whose stock crashed 20% on the day of the announcement, and DSPs with a significant portion of spending on retargeting campaigns.
Attribution: In particular view-through attribution (attributing ad views to conversions).
Plus, other third-party tracking technologies for the web that use third-party cookies.
Safari and Firefox’s privacy features have reduced the availability of third-party cookies by around 30% to 40%. Once third-party cookies would disappear from Google Chrome, this would bring the figure close to 100% due to Chrome’s worldwide popularity.
Now, AdTech companies will have an opportunity to use the Privacy Sandbox APIs to retrieve clicks and conversion data. The data, however, will be anonymized to make it harder to attribute a given click or conversion with a given user.
It’s important to note that these changes will only impact the Chrome web browser (on desktop and mobile devices).
Other areas of digital advertising won’t be affected by this change, such as:
First-party cookie tracking: Tracking users via cookies within the domain of the website they are browsing, such as those used by Google Analytics, Piwik PRO and other web marketing tools using first-party cookie identifiers.
Retargeting and tracking on iOS and Android: Advertisers will still be able to retarget and track users across native mobile apps on iOS and Android using mobile identifiers — IDFA (Identifier for Advertising for iOS) and AAID (Google Advertising ID for Android).
Offline data onboarding using emails/phones: Uploading offline data and using it in Facebook’s Custom Audiences from customer lists and Google Ads Customer Match won’t be impacted.
Final Thoughts
All of Google’s announcements are signs that the Internet is heading towards a more privacy-friendly future.
AdTech has seen this coming for a long time with initiatives such as the GDPR and ITP, but has done little to create future-proof ways of delivering personalized advertising that respects user privacy. Instead companies have decided to ignore the problem and invent workarounds.
AdTech vendors may not be willing to change, but the web browsers that help serve their ads certainly are.
