In January, Google announced its Chrome browser would begin phasing out support for third-party cookies. Chrome is by far the most popular browser in the world, and its elimination of cookies will effectively kill off this key advertising and data-tracking tool for good.
While this looks like a win for privacy on some level, what happens next could end up being much worse for everyone’s privacy, said Elizabeth Renieris, a fellow at the Harvard Berkman Klein center and a data protection and privacy lawyer.
“They’re not really changing underlying tactics [of how they track us], they’re just channeling it all through Google,” Renieris told Digital Trends. “How privacy-preserving is this, actually? What’s Google’s motivation for doing this? Is it to preserve privacy? Potentially, but probably not.”
“We should always be suspicious about Google/Alphabet’s moves to consolidate and de-platform technologies like cookies,” said Christopher Chan, director of content at Cut.com to Digital Trends. “At least we knew how cookies worked. Instead, Google will shore up its surveillance power with even less oversight and accountability, black-boxed behind its proprietary technology. Not good news at all.”
How the cookie crumbles
Third-party cookies are little bits of code that websites place onto our computer hard drives. These track our movements around the web and are helpful for advertisers to target customers. But as a multitude of data leaks and privacy scandals have given the public a view into exactly how much data is collected, often non-consensually, this advertising method now has a bit of a stink about it.
The advertising industry, to its credit, seems to have seen this coming. In 2012, the Interactive Advertising Bureau gave a presentation in which it declared that “the cookie was crumbling.” This piece of web architecture had become essential to advertisers, but had only ever been intended for temporary storage, and the whole model was broken for everyone involved. The speakers also noted that the practice of data collection was “widely fragmented” — including if someone wanted to opt-out of being tracked — and could cause “anxiety and lack of trust” on the consumer side.
Renieris confirmed that cookie tracking is still very fragmented: there are a lot of black boxes, false impressions, and fraud, she said. Mobile tracking is different than browser tracking, and a lot gets lost in translation right now. “The downside to this is that it’s hard to trace who has your data,” she said. The upside though, is no one really has a full picture of who you are. A consumer’s privacy is accidentally protected in this way.
That could all change when Google takes over everything about tracking web movements. Now, everything will have to go through Google. This will certainly solve the issue third-party trackers currently have of being an opaque, haphazard and broken infrastructure that makes it difficult to tell who has the data and where it’s going. Now it’s extremely clear who has all the data: Google will.
This means Google will now have full functional, filled out profiles on every single movement and purchase that every one of its billions of users makes across the internet.
“The first thing we do when we sign up for a platform is sign away all of our rights under the terms of service,” said Chan. “The mode of production for Google and Facebook is to just hoard as much data as possible with idea that it’s worth something in the future.”
“Tacking is one of the biggest threats to privacy,” Renieris said. “This just feels like they’re repurposing and repackaging cookies.”
Attempts at privacy
In August 2019, Google announced a “Privacy Sandbox”: an initiative the company said was aimed at developing “open standards to fundamentally enhance privacy on the web,” and argued that third-party cookies were only one part of the problem.
“This is our strategy to re-architect the standards of the web, to make it privacy-preserving by default,” Justin Schuh, Google’s director for Chrome engineering, told TechCrunch when the announcement hit. “There’s been a lot of focus around third-party cookies, and that certainly is one of the tracking mechanisms, but that’s just a tracking mechanism and we’re calling it out because it’s the one that people are paying attention to.”
The Electronic Frontier Foundation quickly called this out, calling it “privacy gaslighting,” and coming down firmly on the side of banishing third-party cookies. Google announced it would be doing so in January.
In a statement to Digital Trends, the U.K.-based ProPrivacy called Google’s announcement “a win for digital privacy,” but said that consumers would still be better off taking their privacy into their own hands. “It is worth noting that while blocking third-party cookies from within Chrome will improve privacy for consumers, it will not prevent Google from tracking users and serving them adverts,” wrote Ray Walsh, digital privacy expert. “As a result, it is likely that Google’s decision will ultimately allow the tech giant to further monopolize the advertising market, forcing more advertisers to come through it directly.”
It is this monopoly that Renieris said she’s concerned about: Europe is currently litigating “in the direction” of making cookie-tracking companies reveal what’s in their black boxes. Google, she surmised, is simply trying to get ahead of this by eliminating the black boxes entirely.
“When Google announced privacy sandbox, they didn’t frame it in terms of individual privacy,” she said. “They framed it in terms of the ad ecosystem.”
If it’s clear that Google is responsible, and they genuinely are a privacy preserving company and business, that’s good, Renieris said. But, “There’s good reason to be skeptical.”
