The Drum Awards Festival - Extended Deadline

-d -h -min -sec

Google Third Party Cookie Data & Privacy

Amid ID gridlock, Google indicates no hard deadline for Chrome cookie changes


By Kate Kaye, The Drum

November 17, 2020 | 8 min read

Google and ad tech players are jostling to develop ways to maintain personalized web targeting and campaign measurement that preserves accuracy without cookies. There’s no sign of industry agreeing on one standard solution, and some worry Google will only increase its power in the process.

Chrome if you want to.

The timing of Chrome’s kiss off to third-party cookies will have a great deal of impact

When Google announced its plans to shut out third-party cookies in its popular Chrome browser by 2022, it kicked into high gear the ad industry’s efforts to replace cookies with a privacy-safe alternative. At stake is nothing short of how the ad-supported open web functions. While there are several players offering ways to ID people without cookies, the industry is nowhere near agreeing on one universal standard everyone uses. And even Google, a prominent participant hoping to guide new ways to track users across the open web has indicated its 2022 deadline could be extended.

“We do think we are making good progress. We continue to feel very confident,” Chetna Bindra, who leads Google’s product development for third-party cookie replacement, tells The Drum. However, she says Google will only deprecate cookies once it is clear that the industry can continue to enable important use cases without cookies such as nuanced ad targeting, measurement, frequency-capping and ad fraud protection.

Google wants more publishers, please

Though Google and ad tech firms have led development of new identity tech approaches, many publishers and brands have stayed on the fringes. But some argue every component of the ad supply chain should be better represented in the development process. For example, independent publishers might get more involved in order to ensure their concerns such as campaign attribution and publisher yield are fairly addressed by whatever new identity process is created.

An earlier version of this story noted, Bindra suggested a lack of engagement in identity tech development and testing from publishers is holding back Google’s process. However, Bindra says she did not indicate that the lack of robust publisher participation was holding the identity development process back, but rather, “We're hoping for more participation as we come up with a workable solution for everyone that is privacy forward.”

Of course, publishers have a healthy skepticism toward Google, which has sucked away lots of ad dollars that once supported their content more directly. Plus, whether publishers have the resources or wherewithal to get involved in an unsettled cookie-less identity development process right now is questionable, says Rob Beeler, chief executive officer at digital ad consultancy and former AdMonsters chairman. He suggests it is doubtful the industry will have a sustainable replacement for cookies together by 2022.

“To say you know what’s going to work by 2022 means that you know what the regulators are going to say and what companies like Apple are going to say. There’s too much undetermined to say we’ve got this figured out for that.”

Punk, emo and algorithms in Google’s Privacy Sandbox

One of Google’s latest ideas, introduced for testing last month, involves random machine-learning generated groups of users. The ’Federated Learning of Cohorts,’ or FLOC method, is intended to build interest and conversion profiles for personalized ad targeting and measurement that satisfy increasingly restrictive privacy requirements. It’s part of a collection of cookie replacement tools Google wants others to test known as its Privacy Sandbox.

Google has tested this new FLOC approach using public datasets to create targetable groups associated with music interest categories like punk emo, blues rock and psychedelic, as well as movie genres such as documentary, film noir and western. Bindra says a cohort could be comprised of as many as hundreds or thousands of users, with each cohort getting its own single ID.

So, if it all seems a bit like behavioral advertising and lookalike modeling, it is – sort of. But the idea here is to achieve that type of personalization without using cookies, without browsers sharing IDs, without identifying people at an individual level and while maintaining a similar level of accuracy.

Walled gardens don’t need the open web

The thing to remember here is this method and other algorithmic toys in Google’s Privacy Sandbox are all intended to target and measure ads when people are not logged in as identifiable, authenticated users. Google publicly stresses its commitment to keeping the open web free and accessible after cookies die.

However, Google has tons of identifiable, authenticated connections to users through logins for their email, docs and other services. Like other walled gardens such as Amazon and Facebook, Google sells the ability for brands with customer data to connect to those people through matching services. So, while as browser provider and ad seller it’s important for Google to personalize and measure ads aimed at people who aren’t logged in, the walled gardens are less concerned about developing a universal identity standard than others on the ad tech and publisher side that have no identifiable connections to users.

Ultimately, says Evan Hanlon, global chief product officer at GroupM’s media agency Essence Global, companies like Google and other walled gardens with consent-based connections to users don’t need to develop a truly universal identity standard. “There’s no incentive for them to build a common currency,” says Hanlon.

Meanwhile, whatever Google and others settle on for tracking in the open web, some question whether it would be accepted by Apple’s Safari browser. Privacy-centric Apple, which already killed off cookies in Safari and effectively disabled its mobile ad identifier, has largely been absent from the ad industry’s identity efforts.

More control for Google?

It’s the ad tech intermediaries and publishers – the types of companies that have built their businesses on third-party cookie data sharing – that really have to worry about agreement on an ID standard. So, ad tech firms including Criteo, Lotame and The Trade Desk have developed their own universal identity methods.

And some of them worry Google will come out even more dominant as a result of the shift away from cookies.

Before ad tech firm Lotame unveiled its own universal identity product for the open Web in October, the firm’s chief operating officer Mike Woosley wrote that Google’s Privacy Sandbox “will further entrench Google as arbiter; it will extinguish a number of industry players; and it gives the hapless consumer little control.”

Ad tech firm Criteo, which has introduced its own identity approaches, has also expressed concern about Google or other browsers controlling the future of cookieless identity. Pushing industry to fight for an independent identity gatekeeper, the company’s chief technology officer Diarmuid Gill wrote in September, “Today, browsers are proposing a one-sided view of privacy based on their worldview, rather than any cross-industry approach.”

A 2019 report from UK identity tech firm ID5 quantified the concern. It found 89% of ad tech professionals and publishers felt dominance from walled gardens like Google was a major threat to their business.

Will Google gain more control? “If you’re an ad tech provider that doesn’t have direct relationships with publishers or advertisers, you’re definitely going to have that opinion,” says Nii Ahene, chief strategy officer at Tinuiti, which helps performance marketers and e-commerce brands manage and measure media spend on Amazon, Google, Facebook and programmatic platforms.

Ahene says, in the end, advertisers that have their own customer data will be able to measure conversions with or without cookies. “If you’re an advertiser and you know this is the 100,000 e-mails you know you targeted, and then a week later you look at your checkouts which also have emails and addresses and phone numbers, you can determine which took action.”

*This story was updated on 11/19/2020

Google Third Party Cookie Data & Privacy

More from Google

View all


Industry insights

View all
Add your own content +