Moving the Web Beyond Third-Party Identifiers
from the privacy-and-cookies dept
(This piece overlaps a bit with Mike’s piece from yesterday, “How the Third-Party Cookie Crumbles”; Mike graciously agreed to run this one anyway, so that it can offer additional context for why Google’s news can be seen as a meaningful step forward for privacy.)
Privacy is a complex and critical issue shaping the future of our internet experience and the internet economy. This week there were two major developments: first, the State of Virginia passed a new data protection law, the Consumer Data Protection Act (CDPA), which has been compared to Europe’s General Data Protection Regulation; and second, Google announced that it would move away from all forms of third-party identifiers for Web advertising, rather than look to replace cookies with newer techniques like hashes of personally identifiable information (PII). The ink is still drying on the Virginia law and its effective date isn’t until 2023, meaning it may be preempted by federal law if this Congress moves a privacy bill forward. But Google’s action will change the market immediately. While the road ahead is long and there are many questions left to answer, moving the Web beyond cross-site tracking is a clear step forward.
We’re in the midst of a global conversation about what the future of the internet should look like, across many dimensions. In privacy, one huge part of that discussion, it’s not good enough in 2021 to say that user choice means “take it or leave it”; companies are expected to provide full-featured experiences with meaningful privacy options, including for advertising-based services. These heightened expectations—some set by law, some by the market—challenge existing assumptions around business models and revenue streams in a major way. As a result, the ecosystem must evolve away from its current state toward a future that offers a richer diversity of models and user experiences.
Google’s Privacy Sandbox, in particular, could be a big step forward along that evolutionary path. It’s plausible that a combination of subscription services, contextual advertising and more privacy-preserving techniques for learning can collectively match or even grow the pie for advertising revenue beyond what it is today, while providing users with compelling and meaningful choices that don’t involve cross-site tracking. But that can’t be determined until new services are built, offered and measured at scale.
And sometimes, to make change happen, band-aids need to be ripped off. By ending its support for third-party identifiers on the Web, that’s what Google is doing. Critics of the move will focus on the short-term impact for those smaller advertisers who currently rely on third-party identifiers and tracking to target specific audiences, and will need to adapt their methods and strategies significantly. That concern is understandable; level playing fields are important, and centralization in the advertising ecosystem is widely perceived to be a problem. However, the writing has been on the wall for a long time for third-party identifiers and cross-site tracking. Firefox blocked third-party cookies by default in September 2019; Apple’s Safari followed suit in April 2020—Firefox first made moves to block third-party cookies as far back as 2013, but it was, then, an idea ahead of its time. And the problem was never the cookies per se; it was the tracking they powered.
As for leveling the playing field for the future, working through standards bodies is an established approach for Web companies to share information and innovate collectively. Google’s engagement with the W3C should, hopefully, help open doors for other advertisers, limiting any reinforcement effects for Google’s position in Web advertising.
Further, limits on third-party tracking do not apply to first-party behavior, where a company tracks the pages on its own site that a user visits, for example when a shopping website remembers products that a user viewed in order to recommend other items of potential interest. While first-party relationships are important and offer clear positive value, it’s also not hard to imagine privacy-invasive acts that use solely first-party information. But Google’s moves must be contextualized within the backdrop of rapidly evolving privacy law—including the Virginia data protection law that just passed. From that perspective, they’re not a delaying tactic nor a substitute for legislation, but rather a complementary piece, and in particular a way to catalyze much-needed new thinking and new business models for advertising.
I don’t think it’s possible for Google to put privacy advocates’ minds at ease concerning its first-party practices through voluntary action. To stop capitalizing totally on its visibility into activity within its network would leave so much money on the table Google might be violating its fiduciary duty as a public company to serve its shareholders’ interest. If it cleared that hurdle and stopped anyway, what would prevent the company from going back and doing it later? The only sustainable answer for first-party privacy concerns is legislation. And that kind of legislation will struggle to be feasible until new techniques and new business models have been tested and built. And that more than anything is the dilemma I think Google sees, and is working constructively to address.
Often, private sector privacy reforms are derided as merely scratching the surface of a deeper business model problem. While there’s much more to be done, moving beyond third-party identifiers goes deeper, and deserves broad attention and engagement to help preserve good balances going forward.
Filed Under: 3rd party cookies, cookies, identification, privacy
Companies: google
Comments on “Moving the Web Beyond Third-Party Identifiers”
Used to have Protection.
https://en.wikipedia.org/wiki/Consumer_privacy
The Biggest problem has been getting the FED to do something.
There are a few agencies that are SUPPOSED to help us, but that stopped.
There is another problem.
When you buy something beyond the basics. A part for your car, a belt for the lawn mower, a Flash light. the System thinks you NEED MORE of the same. its been this way for Many years. Buy something over mail order, or even call SEARS to have a part sent, and the system thinks you need LOTS of mail showing all the parts and products you may Need.
With the Internet, if you buy 1 toy for your kid, you will get Spammed on Every site to buy MORE toys.
The system isnt designed to Know what you want, but it knows what you Did buy.
Re: Used to have Protection.
The problem is that so many people don’t care about privacy in the first place. No, I’m not talking about the digital native generations. I’m talking about the older generations that allowed the digital natives to grow up without any expectation of privacy at all.
Those older generations know full well what a world without privacy can create, yet they allowed faceless websites to snort up anything and everything they could. They question a school employee demanding info the state requires, (income information for reduced lunch programs comes to mind), but will gladly give facebook all the hints needed to recreate that very same information and then some. They will complain about cameras in stores / public places, yet gladly tag themselves and others in photos. They will whine about constant advertising for crap, yet gladly sign up for every store loyalty card they can find and partake in Amazon’s convenience when ever they can.
As more people gave up their privacy, it became harder for those who chose to keep theirs to do so. Employers now expect control over your personal devices via their apps. (Example: Timeclocks that constantly track your GPS coordinates.) Depending on the state / locality, some government affairs now require internet access + tracking to utilize. Schools demand access to social media accounts, and will demand the accounts creation if they don’t exist under penalty of failing the class if the student doesn’t comply. (I’ve had that experience myself.) Now, we are seeing "digital driver’s licenses" and "major illness immunity passports" forcibly making their way into the lives of the general public.
There’s no wonder why privacy is dead in the US: Those who should have stood against it refused to, expecting others to do it for them. Guess what? Everyone else had the same expectation. Now, privacy is dead because it was always someone else’s responsibility.
Re: Re: Used to have Protection.
Some of that seems true, as you are talking to one of the older gen, hello.
But you need more info.
1. the GOV. didnt back up the NOT USED FOR ID clause in social sec.
Which TONS of companies and Credit agencies LOVED. so we are talking allot longer then you 20 years of internet.
WE Older tech people have watched this happen. I even sent a letter to the State AG, to ask WHY no one was Stopping the corps with SS#.
The Problem WE HAVE, I did with FB, was their DEMAND for real names, Which I fought. But there is another SIDE of all this.
Get this. the idea that ALL our info is out there. what can they do? Between the corps and gov. using it to monitor us AND THEN those that want to Fake our info. The Banks are having a FUN TIME. you can take a CC, and hand it to a stranger, thats going to the other side of the country, and LET him have fun, for about 3-6 hours, he will be able to use it. AND you can DENY IT ALL. Just make sure he brings back a 40+ year old scotch.
Re: Used to have Protection.
"The Fed", by the way, is the Federal Reserve System, not the federal government.
https://www.investopedia.com/terms/f/federalreservesystem.asp