Google originally announced that it will join Safari and Firefox web browsers, which are blocking Third-Party Cookies by default, in blocking Third-Party Cookies in its Chrome web browser in early 2020. Regulatory pressure pushed the window into 2023. In a recent blog post published on 27 July 2022, Google Privacy Sandbox vice president Anthony Chavez announced that Google is delaying again blocking Third-Party Cookies to 2024, this time due to the full testing of technological solutions of alternatives.
Google Chrome Third-Party Cookies and privacy laws
Third-party cookies are small, encrypted files that track a website user's movement from website to website, collect the user data, and make the user profile for making analytics, providing data for marketing platforms and social media integration. Cookies are stored by the user's browser. If you are using Google's Chrome web browser, Chrome stores Third-Party Cookies. In return for benefits on your website, Third-Party Cookies collect personal data from your end-users which is traded and sold in the digital advertising industries and employed for profiling and real-time bidding in the advertisement industry.
The problem for website users is that Third-Party Cookies collect personal data, such as IP addresses, details about devices, emails, addresses, private information about health, sexuality, family, religious beliefs, and much more. Moreover, these cookies also collect sensitive information such as Google searches in the last five years, your profile on dating and similar apps, your credit card transactions, and so on. When combined, this data could be used for creating a very detailed user profile and even for predicting user behavior.
User privacy concerns led to the creation of digital privacy laws worldwide. The General Data Protection Regulation (GDPR) is the first and the strictest privacy law in the world. The GDPR took effect on May 25, 2018, and aims to protect the personal data of users in the European Union.
California Consumer Privacy Act (CCPA) was the first data privacy law in the US, which took effect on January 1, 2020. It was followed by the Virginia Consumer Data Protection Act (VCDPA), which will go into effect on January 1, 2023; Colorado Privacy Act (CPA), which will go into effect on July 1, 2023; and others.
Scan your website for free and see what cookies, including Third-Party Cookies, your website uses:
According to most privacy laws, users must give cookie consent to collect and process their personal data. Since most people don’t want to share their personal data with websites, therefore they choose to turn off third-party cookies on their favorite browser. Some browsers, such as Safari and Firefox, are already blocking third-party cookies by default.
Google also decided to phase out Chrome third-party cookies. However, Google’s initiative to phase out third-party cookies has been met by resistance from marketers and advertisement agencies who use third-party cookies extensively for their business.
So, what are the alternatives to third-party Google cookies in Chrome?
Google Privacy Sandbox
In August 2019 Google launched Privacy Sandbox. Google states that Privacy Sandbox “will improve people’s privacy across the Web and apps on Android. The proposed solutions will limit the tracking of individuals and provide safer alternatives to existing technology on these platforms”.
FLoC
The Privacy Sandbox initially proposed using an algorithm in the browser, called Federated Learning of Cohorts (FLoC), to analyze users’ activity on the web and generate an ID that is “privacy-preserving” and could be used by advertisers for targeting users. Google claimed that FLoC preserves privacy more than cookies, but the Electronic Frontier Foundation described it as “the opposite of privacy-preserving technology” since adding users into groups, or flocks, would create a “behavioral credit score: a tattoo on your digital forehead that gives a succinct summary of who you are, what you like, where you go, what you buy, and with whom you associate.”
Google has already decided not to test FLoC in Europe fearing that it won’t comply with the GDPR, specifically due to the question of who will be designated as a data controller and a data processor. Prior to FLoC being put in use, the browsers DuckDuckGo and Brave stated that they will block FLoC by default. Thus the FLoC technology does not seem to be an alternative to third-party cookies.
Trust token API
Another Google initiative to replace third-party cookies in Chrome is the so-called trust token API. Trust tokens are used to combat fraud since they can discriminate the real users from the bot or a malicious third-party pretending to be a human. These tokens are non-personalized and cannot be used to track users. They present a balance between preserving privacy and enabling the online advertising economy. Trust token is a new API that allows a website to transmit just a limited amount of information from one website to another by issuing cryptographic tokens just to trusted users. When a website evaluates a user and assigns it to a real person, the website trusts the user and can issue the browser a batch of tokens, which can be later "spent" while accessing the website. Otherwise, the user would be unknown or less trusted. The browser stores trust tokens itself and can use them on other websites to evaluate the user's authenticity. The trust token API enables the trust of a user in one context to be conveyed to another context and could help combat fraud and spamming, without collecting users' personal data.
Crucially, the trust tokens are indistinguishable from one another, so they could not be used for tracking users through them.
There were issues with the Competition and Markets Authority (CMA), the competition regulator in the UK, and the US-based Electronic Frontier Foundation (EFF), regarding the users' privacy regulatory procedures when using FLoCs.
When Google switched from FLoCs to trust token API, the general opinion regarding personal data security shifted. In February 2022, the CMA has approved the Privacy Sandbox initiative as an alternative to third-party cookies in Chrome, but promised to keep a close eye on Google as it secures final Privacy Sandbox commitments. Google reached an agreement with the CMA on how it develops Privacy Sandbox in Chrome, which will include consulting and updating the CMA regularly about the ongoing processes.
When the regulatory issues of Privacy Sandbox are being solved, Privacy Sandbox API is in a trial process now. Google will start a trial of its Privacy Sandbox technologies with many Chrome users outside Europe in 2022. It will then gradually increase the trial population throughout the year 2023 for users who wish to participate in the trial.
Google now expects Privacy Sandbox APIs to be tested and launched by the end of 2023.
Is There a Need for CookieScript CMP when Third-Party Cookies are Going Away?
CookieScript Consent Management Platform manages user consent for personal data processing including third-party cookies as well as other website tracking technologies. Even if technologies are changing, consent for collecting and processing personal data will be needed anyway. In September 2020 Google launched Google Consent Mode, which is already in use and lets websites collect anonymous data and display contextual advertisements if the user does not give his consent to statistics and marketing cookies.
If any personal data is collected via trust tokens, this means that according to the majority of data privacy laws in the world, businesses would still need to get the explicit consent of users before using them on your website.
CookieScript CMP allows managing Google Consent Mode and other user consents, and will continue managing user consents to be privacy laws compliant independently of the technologies developed.
Frequently Asked Questions
Are third-party cookies in Chrome going away?
Yes, third-party cookies are indeed going away. Safari and Firefox web browsers are already blocking third-party cookies by default for years, and Google's Chrome will stop using them by the end of 2023. Google is developing a Privacy Sandbox strategy as an alternative to third-party cookies. Google Consent Mode was launched in September 2020 and is in use now, enabling your website to run all Google services without accepting advertising or tracking cookies.
What are Google cookies?
Cookies are small, encrypted files, stored on your browser, that track a website user's movement from website to website. They help that website remember your visit information, username, language settings, and other preferences, which increases your browsing experience.
Where are my cookies on Google?
On your Android phone or tablet, open the Chrome app. Tap More button, and then Settings, found at the top-right corner of the web page. Tap Site settings and then Cookies, and turn Cookies off. Read more about browser cookie management.
Does my website use third-party cookies?
If your website uses use any kind of analytical or marketing platform or social media integration, such as Google, YouTube, Facebook, or LinkedIn, third-party cookies will be present on your website. You can scan your website for free to see all cookies in use.
Are third-party cookies legal?
Third-party cookies collect personal data from website users. Most privacy laws, such as GDPR, CCPA, LGPD, and others require website owners to inform users of cookies, their provider, purpose, and duration, as well as to get explicit consent to use cookies prior to they are set. If you are informed about third-party cookies and consent to use them, then they are legal.
Why is Google getting rid of cookies?
Cookies collect personal data from website users and track users from website to website. The majority of the privacy laws require to inform users of cookies and get explicit consent to use cookies prior to they are dropped. People are concerned about their private data and do not always give Cookie Consent. Other browsers, such as Safari and Firefox, are already blocking third-party cookies by default. Thus, Google intends to replace cookie tracking technology in Chrome.