First they introduced a set of new privacy features, then they introduced their Privacy Sandbox, and now, Google Chrome has taken an axe to online advertising by announcing that they will kill off third-party cookies.
Below we look at the major announcements from Google Chrome over the past couple of years and what it means for the future of AdTech.
Table Of Contents
Google Chrome’s New Privacy Features: Transparency, Choice, and Control
On May the 7th, 2019, at the Google I/O conference, Google announced that they would introduce a set of new privacy and transparency features to their Chrome browser.
Transparency, choice, and control over personalized digital advertising — this is what Google Chrome’s new privacy features aim to address.
Back then, the exact rollout date was unknown, but was thought that the new changes would come into effect in Q4 2019.
We now know that these privacy changes will come into force in February 2020.
The goal of these new changes is to strengthen online privacy by giving users more control, choice, and transparency when it comes to personalized online advertising.
The announcement follows in the footsteps of other popular browsers like Safari and Firefox who have introduced similar, but more severe, privacy controls.
Here’s what we know about these new additions to Google Chrome:
Google will introduce an open-source browser extension that will provide users with more transparency into which companies are involved in the ad-servicing process, including intermediaries like ad networks, demand-side platforms (DSPs), and supply-side platforms (SSPs).
The browser extension can also be used across different browsers, will explain to Internet users why the ads were displayed to them, and show them a snapshot of ads they were served recently.
There will be an open API that AdTech companies can also use to present users with this information.
Choice and Control
There will be two new privacy features in Chrome that will provide users with more choice and control over online advertising.
The first one will allow users to see which cookies are being stored on their Chrome browser and enable them to block and delete certain cookies.
The new cookie controls relate to third-party cookies — typically used for online ad targeting, measurement, and attribution — while there’ll be little or no impact to first-party cookies — ones that remember what you added to your shopping cart and keep you logged in to websites and accounts.
Also, cross-site cookies will need to be sent over HTTPS to prevent hackers accessing, storing, or modifying them when being passed from server to server.
The second one aims to prevent device fingerprinting, but Google didn’t explain how this feature would work or when it would be introduced (more on this below).
We explain what device fingerprinting is and how it works in one of our previous posts.
Now that Google has announced it will phase out support for third-party cookies over the next two years (starting from 2020), these cookie controls will only be valid till 2022.
Google Chrome’s Cross-Site and Same-Site Cookies
On Wednesday, October 23, 2019, Google Chrome released a detailed blog post explaining the changes to how cookies would be handled in the future.
To allow users to delete third-party cookies but keep first-party cookies alive, website developers will have to make changes to how cookies on their website are set.
In short, they’ll have to include a new “SameSite” attribute (specifically, SameSite=None) when setting a cookie to tell Chrome which cookies are to be used only by the current site or current URL that the user is on, and which ones are cross-site cookies.
Developers will also have to add the `Secure` attribute as cookies will only be set via HTTPS.
Even though this attribute applies to Chrome, which was the first browser to support this attribute, it shouldn’t cause any issues in other browsers that don’t support it.
You can read more about same-site cookies here.
Setting cookies in this way will eventually help Chrome understand which ones are first party and which ones are third party.
In the future, Chrome could then ask users if they want to block third-party cookies. If the user says ‘yes’, then cookies created with `SameSite=None` will be blocked.
Google Chrome’s Privacy Sandbox
On August 22, 2019, Google announced a new initiative that aims to make the web more privacy friendly, but still allows online advertising to work in a limited capacity.
This initiative is known as Privacy Sandbox.
Privacy Sandbox takes a different approach to user privacy than Safari and Firefox.
Instead of blocking third-party cookies altogether, Privacy Sandbox provides a secure environment for personalization while still protecting user privacy.
Here are the key things to know about Privacy Sandbox:
- It’s an open solution and Google has asked for feedback and input from other web browsers, publishers, and advertising technology (AdTech) companies on how to advance it.
- It is being positioned as a new web standard, rather than a new privacy feature.
- It will likely allow ads to still be relevant for users, but only anonymous and aggregated data would be available to AdTech companies and advertisers. Also, a lot more user data will stay on the device, instead of being passed on to AdTech companies.
- Google acknowledges that it may take many years for Privacy Sandbox to be fully developed and knows that it can’t go it alone.
Google is quick to reiterate that blocking third-party cookies completely without providing a solid alternative (like what Safari and Firefox have done) is detrimental to the future of the Internet (and the back pockets of publishers). It also acknowledges that users are demanding more control over their privacy.
At the moment, Privacy Sandbox seems like a great solution to several challenges facing the online advertising industry.
Google Chrome To Kill Off Third-Party Cookies by 2022
On Tuesday the 14th of January, 2020, Google made an announcement that most people in the online advertising industry never thought they would hear — Google will kill off third-party cookies by 2022.
But all hope is not lost.
This announcement follows in the footsteps of their previous initiatives (listed above) and is the next step in Google Chrome’s ongoing commitment to making the web a more privacy friendly place, while still allowing companies (including Google) to earn money from online advertising.
Here are the main things you need to know about this new announcement:
- Google Chrome plans to stop supporting third-party cookies by 2022.
- It will run a series of trials in 2020 to see how conversion measuring and personalization can work without using third-party cookies. This will involve using Privacy Sandbox (see above).
- The personalization element will probably be interest-based personalization on an aggregated level, rather than 1:1 personalization that has stood as the holy grail for advertisers and marketers for over a decade.
- The ultimate goal will be to replace third-party cookies used for ad selection and measurement with Privacy Sandbox.
As they’ve stated previously, Google doesn’t see strict privacy features, like those seen by Safari and Firefox, as the way forward for the Internet and online advertising.
Google feels that these approaches only encourage companies to create workarounds and develop techniques like device fingerprinting, which further diminish user privacy and provide little or no control. History tells us that this is a valid and accurate point.
Google Chrome Delays Its Decision to Kill Off Third-Party Cookies by 2 Years
On Thursday, June 24, 2021, Google Chrome announced that it would be extending its plan to shut off third-party cookies by an extra 2 years.
1. Google Chrome, advertisers, AdTech companies, and publishers need more time to discuss, work on, and test the Privacy Sandbox standards and APIs.
Although progress has been made to Chrome’s Privacy Sandbox in the W3C Business Group, there’s still a way to go before the final version is released in its entirety.
2. Google has been facing pressure from various antitrust investigations.
Various governments and antitrust regulators around the world have opened investigations into Google’s business practices, including its AdTech business.
The UK’s Competition and Markets Authority (CMA) recently opened an investigation into Google’s intent to eliminate third-party cookies from its Chrome browser and introduce its Privacy Sandbox.
In this recent announcement, Google said that it would work with the UK’s CMA and the UK’s privacy regulator, the Information Commissioner’s Office (ICO), to ensure it meets the commitments it proposed as part of the antitrust investigation.
This particular antitrust investigation from the UK’s CMA would have also contributed to Google’s decision to extend the deadline.
What Does This All Mean for AdTech?
The fact that Google Chrome will stop supporting third-party cookies by 2023 is huge.
And the impact on AdTech will be immediate and severe, unless AdTech companies act now.
Here’s what will stop working:
Audience buying based on the third-party data: This affects most of the DMPs on the market selling third-party audiences (e.g. Oracle BlueKai and Lotame) or mapping offline data to online identifiers on the web (e.g. LiveRamp etc.)
Data activation on web: Using cookie syncing to identify and target users (e.g. by exporting an audience to a DSP for media buying).
Retargeting on web: This affects companies like Criteo, whose stock crashed 20% on the day of the announcement, and DSPs with a significant portion of spending on retargeting campaigns.
Attribution: In particular, view-through attribution (attributing ad views to conversions).
Plus, other third-party tracking technologies for the web that use third-party cookies
Safari and Firefox’s privacy features have reduced the availability of third-party cookies by around 30% to 40%. Once third-party cookies disappear from Google Chrome, this will bring the figure close to 100% because of Chrome’s worldwide popularity.
AdTech companies will need to use the Privacy Sandbox API to retrieve clicks and conversion data, but it will be anonymized to make it harder to attribute a given click or conversion with a given user.
It’s important to note that these changes will only impact the Chrome web browser (on desktop and mobile devices).
This change won’t affect other areas of digital advertising, such as:
First-party cookie tracking: Tracking users via cookies within the domain of the website they are browsing, such as those used by Google Analytics, Piwik PRO and other web marketing tools using first-party cookie identifiers.
Retargeting and tracking on iOS and Android: Advertisers will still be able to retarget and track users across native mobile apps on iOS and Android using mobile identifiers — IDFA (Identifier for Advertising for iOS) and AAID (Google Advertising ID for Android).
Offline data onboarding using emails/phones: Uploading offline data and using it in Facebook’s Custom Audiences from customer lists and Google Ads Customer Match won’t be impacted.
This announcement by Google is just another sign that the Internet is heading towards a more privacy-friendly future.
AdTech has seen this coming for a long time with the likes of the GDPR and ITP, but has done little to create future-proof ways of delivering personalized advertising that respects user privacy. Instead, companies have ignored the problem and invented workarounds.
AdTech vendors may not be willing to change, but the web browsers that help serve their ads certainly are.