Google Tightens Controls Over Cookie-Based Tracking on Chrome

Google today officially unveiled new privacy updates to its Chrome browser, revealing that it’s releasing new controls for monitoring and blocking online tracking, and increasing its own ability to see when cookies are being used by third-parties to track users across the web. The announcement, made at the tech giant’s Google I/O developer conference, confirms rumours which have circulated over the past month that Google would follow in the footsteps of Apple and Mozilla in restricting the ability of third parties to track users across the internet.

Ben Galbraith, senior director of product at Google, said the company is working to release a new set of “easy to use controls” to give users more transparency and control over how they’re tracked online. No specific details were given on what exactly this new privacy dashboard will allow users to do, but Galbraith said more information will be revealed over the coming year.

To enable this, Google is creating a clearer distinction between first and third-party cookies, and here Galbraith gave more specifics.

“Today, when we as developers set a cookie, it’s visible by default in both first-party and third-party contexts,” said Galbraith. “This enables tracking, and it also leaves cookies that were really intended for use only by the same site exposed more broadly by default”. This system has left browsers reliant on guesswork to understand what cookies are being used for, and to be able to give users clarity over how they’re being tracked online.

“Moving forward, Chrome will make all cookies limited to first-party contexts by default, and will require developers to explicitly mark a cookie as needing third party visibility, which creates a clear distinction between first-party and third-party cookies, and enhances web safety,” said Galbraith. Developers will now have to be clear when cookies are being used by third-parties, making it easier for Google to keep users informed over who is tracking them.

Galbraith also said Google is cracking down on “browser fingerprinting”, where developers use certain information to link users with a specific browser, allowing them to then track the user through the browser. “We see these efforts as subverting user choices about tracking,” said Galbraith, who added that more details will be given in the next few months.

The updates represent a more relaxed approach to privacy than Google might otherwise have chosen to take, as industry rumours suggesting that Google might introduce its own version of Apple Safari’s ‘Intelligent Tracking Prevention’ (ITP).

ITP, launched back in 2017, uses machine learning to identify which domains have the ability to track users across the web. Any cookies stored by these domains are usable in a third-party context for 24 hours, after which they are partitioned: stored, but unable to be used in a third-party context. If a user hasn’t visited the original domain in 30 days, the cookies are purged.

ITP has caused headaches for some in the industry. Retargeting specialist Criteo said the changes contributed to falling revenues over the subsequent year, and had to adjust its business model to cope.

But if Google made similar changes to Chrome, they would likely have a much bigger impact. Safari owns 17.5 percent of the web browser market across all devices according to Net Market Share, while Chrome owns 63.3 percent.

However, these fears might be eased now that we have concrete details about Google’s plans for Chrome. It seems, for now at least, that Google won’t be blocking cross-site tracking by default, and is instead giving users better tools for controlling privacy settings themselves. The total impact the changes have will be dependent on how users respond to the new controls offered to them, but those who rely on cookies for ad targeting will certainly be thankful that ITP restrictions aren’t set as default.

Google was perhaps always likely to be more cautious than its competitors with any changes it made, since as some have noted, the company is stuck between a rock and a hard place. On the one hand, the company faces pressure from privacy campaigners and policy makers alike to tighten privacy on its web browser, and must make sure its policies are compliant with privacy laws like Europe’s General Data Protection Regulation (GDPR), and California’s Consumer Privacy Act.But at the same time, any restrictions on cross-site tracking could come under scrutiny from competition authorities. If cookie-based tracking becomes more difficult, yet more ad spend is likely funnelled towards businesses with rich first-party data-sets, of which Google is the biggest. Galbraith may have been eluding to this when he said Google was being mindful of “taking care to preserve the health of the web ecosystem” when considering its changes.

As such, this announcement might be seen as Google’s first steps towards increasing privacy protections on Chrome, rather than its final word, and as such marketers will need to look ahead to a world without cookies.

One possible solution that has been proposed is for Google to create a ‘universal identifier’ within Chrome which consumers can opt in or out of, and which advertisers could have access to. However, the Wall Street Journal reported earlier this week that Google has considered creating such a tool, but has decided not to, for now at least, due to the complexity of the solution and the renegotiation of existing contracts which would be required.

Subscribe to Weekly VAN Newsletter

Ad TechDataLegalMeasurementMediaPrivacyProgrammaticTechUncategorizedUS