Google Is Replacing Third-Party Cookies, But Is Better Privacy the Clear Outcome?

Less tracking means a more privacy-focused online experience, but does Google really value user trust over ad dollars?

In 2020, Google announced that over the next two years the tech giant would phase out the use of third-party cookies in an attempt to enhance user privacy online. This initiative takes into account opinions from the greater online community including users, publishers, and advertisers to build a privacy-focused browsing experience while still maintaining an ad-supported internet.

This small step for Google is a giant leap for user privacy, especially considering that Google Chrome is one of the world’s most popular web browsers, making up over half of all global web traffic. But does this shift truly indicate that Google values our privacy, or that, regardless of motivation, better privacy will be the outcome? 

We break down how it all works below, and stay tuned for our forthcoming article where we ask Dashlane experts to share the challenges and tradeoffs of digital marketing while maintaining security and privacy principles. 

Far less scrumptious than it sounds, a third-party cookie is a code that tracks a user’s online behavior across the internet. The “third party” in this scenario is likely an advertiser who’s able to compile data on a user, including the purchases they make and the sites they browse. Third-party cookies are the reason you see ads for the yoga pants you browsed on multiple sites—an example what’s called “ad retargeting.” Additionally, if you click on a social media plug-in to, say, share a quote directly from an article on your Twitter feed, the social platform is likely dropping a cookie on your device to continue to track your behavior. And no, you do not need to be logged in to your social media accounts to be tracked this way; advertisers have developed other ways to identify users, including device fingerprinting

Third-party vs. first-party cookies

Not all cookies are created equal. By contrast, first-party cookies are dropped onto your browser when you visit a site, but that only enables the website’s host to track your behavior within that site. Often, the user experience is enhanced by first-party cookies because they enable a site to remember your info and preferences—what you’ve already added to your shopping cart, for example—but they don’t share it with third-party advertisers. 

This feels a bit like déjà vu

In 2013, Firefox and Safari blocked third-party tracking. Announcing their plan almost a decade later, Google is slow to catch up—but they have their reasons. In this post from 2020, Google argues that blocking third-party cookies has unintended negative consequences, like encouraging insidious workarounds including device fingerprinting. 

Why phase out third-party cookies now? 

Of course, advertisers who rely on third-party cookies for their business model may be sent back to the drawing board if this type of tracking were to disappear. The biggest concerns, however, are from a user-privacy perspective and are directed at tech behemoths like Google and Facebook, whose revenue is dependent on tracking user behavior. Third-party cookies have enabled a lucrative form of advertising. So why is Google vowing to switch gears? 

In 2019, lawmakers in Europe ruled that cookie “consent banners”—which pop up on a website telling users that third-party cookies have already been dropped on their device or browser—are not legal. Users instead need to consent to cookies before they’ve been dropped. Globally, user privacy and the need for transparency are top of mind now more than ever when it comes to navigating the internet. 

Google’s alternative to third-party cookies

While third-party tracking has enabled a large portion of their business model, it’s not Google’s only source of ad revenue, nor is it their biggest. According to Jason Aten in his article for Inc., Google’s search advertising accounts for 84% of their entire ad revenue, and 70% of their total revenue. 

And their proposed alternative to third-party cookies isn’t quite as privacy-focused as some might have hoped. Federated Learning of Cohorts (FLoC) is a new technology that tracks and collects user data within the Chrome browser rather than on Google’s servers, a major privacy concern with third-party cookies. FLoC creates a profile of users based on online behavior within the browser, then groups them with thousands of other users in a “cohort” or “flock” (FLoC! Get it?). Advertisers can then target cohorts, but not individuals. With FLoC’s method of tracking, IDs associated with an individual user’s browser are anonymized, so online activity cannot be traced directly to one user by Google or by the advertisers they sell data to. 

So…everyone wins? 

Not quite. Google has already lost some users’ trust by testing FLoC on their browsers without informing them. In fact, you can check to see if you’re one of them here

Tech blog How To Geek points out that other browsers including Firefox, Brave, Vivaldi, Safari, and Microsoft Edge will not use or have disabled FLoC. The blog also points out several privacy concerns, including that grouping users in this way will make it easier for trackers to identify individuals through device fingerprinting, which uses multiple pieces of information from a browser to identify you. All in all, many are skeptical. 

And what does it mean for advertisers? Third-party advertisers are likely to have to rethink marketing strategies, yet initial testing of FLoC has given Google the confidence that advertisers don’t need to track individual behavior to see results. Time will tell.

For more on this topic, stay tuned to our blog for a roundtable interview with some marketing experts at Dashlane!

    Rachael Roth

    Rachael Roth is a content creator with over a decade of experience in print and digital media. She is a longtime contributing writer for Dashlane's blog and is the Assistant Editor and Copywriter for NYC & Company, New York City’s CVB and marketing organization.

    Read More