3 reasons why Google wants to block 3rd party cookies
At the start of this year, Google Chrome announced on their Chromium blog that they would be phasing out support of third-party cookies. However, rather than an outright block, the browser will slowly withdraw support 'within two years'.
Third-party cookies are seen as invasive and annoying by users - but they underpin the current 'ads for content' model that the internet runs on. By delaying the block, Chrome hopes to have the time to develop an alternative solution or integrate third-party technology to stop websites from suffering huge losses in revenue when the block comes in.
On their blog, Google announced that the move was intended to give its users more privacy and security.
But, Google relies on third-party cookies for some aspects of its business. By blocking third-party cookies it appears to be sacrificing some advertising revenue in favor of giving users a more private and secure experience.
As with browsers that have already blocked access to third-party cookies, there are some questions over the motives behind the move. People accuse Apple of wanting to smother the web in favor of a walled-garden App Store that makes publishers and commerce sites pay a revenue share.
So, if third-party cookies form such a crucial part of Google’s advertising model, we’re examining the reasons why Chrome is set on removing them from the online ecosystem.
Third-party cookies don’t belong to the main domain opened on users’ browsers. They can be loaded by third-party ad servers on a publishers’ website. Third-party cookies are then accessible on any website that supports third-party cookies and are technically supported by all browsers. but Mozilla Firefox, Safari, and soon Chrome will block them.
So, when you access a site like Theguardian.com, they will create a first-party cookie to remember your preferences, but an ad server like ad.doubleclick.net will also create a third-party cookie. The third party’s server sends a request from the web page to the file being requested is different depending on the use, but it can be an actual ad or just a tracking pixel, which is invisible to the user but acts as a tracking cookie.
Other websites, the third parties in the story can then also access the information stored in this cookie.
So, why now for the ban?
A Mozilla study showed 20% actively opt-out, but if they make opt-out the default, only 20% actively opt back in User pressure to remove third may be more about the user perception that these cookies are insidious and the tracking is too intensive than actually responding to specific user demand.
Also, Google Chrome is basically the last major browser not to block third party cookies. Apple made the move to Intelligent Tracking Prevention 2.2 (ITP) to seal up the digital loopholes and much more effectively block third-party cookies. Mozilla’s privacy-focused Firefox browser has followed suit and made improvements to its Enhanced Tracking Protection to give users more privacy.
If Chrome waits later than 2022, it will risk losing users to other browsers and gaining a reputation as the browser that is most lax about its users’ privacy.
The requirements to disclose and gather consent for third parties brought about by the EU’s updated privacy rules have led to the adoption of tools such as IAB Europe’s Transparency and Consent Framework.
Through allowing third-party cookies, Chrome is effectively letting a huge network of advertisers access user data. Visit one website and your information can be accessed by a whole network of sites that have access to the advertiser's cookie.
At the moment, under GDPR, this is acceptable. But the rules are hard to follow to the letter of the law. To comply with GDPR, publishers are supposed to ‘indicate all third-parties that install or that could install cookies, with a link to their respective policies, and any opt-out forms’.
But the issue is this puts the responsibility onto the publisher to check what the third parties declare corresponds to what they are actually using cookies for. It creates too many weak points in the chain that could leave publishers vulnerable, even if they are complying with the regulation.
Rather than keep exposing publishers to this, blocking third-party cookies makes user privacy simpler, Google is giving themselves the time to make changes before tightening of regulation forces them to.
Google’s ad revenue is partially dependent on third-party cookies, but their network of first-party data is so extensive, they suddenly become the only option for many advertisers.
According to eMarketer Inc, The Google-Facebook duopoly accounts for 60% of U.S. digital ad spending. This is mainly because their network of first-party data is so extensive. Maps, Youtube, Google home. This is all first-party information that Google can use to serve targeted ads.
Eliminating third-party trackers simply maintains Facebook’s and Google’s ability to track consumers and gather enormous amounts of data about us while also preventing many of their advertiser competitors from doing the same.
The Association of National Advertising and the American Association of Advertising Agencies has publicly stated that the move threatens healthy competition.
So, while Google’s move to block third-party cookies may be positioned as purely motivated by user privacy, there are many compelling reasons for them to bring in the block. It keeps them competitive in a more privacy-focused ecosystem, it prevents regulation telling them they have to block them, and it makes their advertising network even more valuable for advertisers.
The challenge is now to see how the rest of the ad tech ecosystem responds to find alternative solutions that would give smaller companies the same - or better - tools to monetize their content and audiences.
Watch this space.
Third-party cookies are seen as invasive and annoying by users - but they underpin the current 'ads for content' model that the internet runs on. By delaying the block, Chrome hopes to have the time to develop an alternative solution or integrate third-party technology to stop websites from suffering huge losses in revenue when the block comes in.
On their blog, Google announced that the move was intended to give its users more privacy and security.
‘Our goal for this open-source initiative is to make the web more private and secure for users, while also supporting publishers.’
But, Google relies on third-party cookies for some aspects of its business. By blocking third-party cookies it appears to be sacrificing some advertising revenue in favor of giving users a more private and secure experience.
As with browsers that have already blocked access to third-party cookies, there are some questions over the motives behind the move. People accuse Apple of wanting to smother the web in favor of a walled-garden App Store that makes publishers and commerce sites pay a revenue share.
So, if third-party cookies form such a crucial part of Google’s advertising model, we’re examining the reasons why Chrome is set on removing them from the online ecosystem.
What exactly are third party cookies?
A first-party cookie has to be set by a punisher’s web server or JavaScript on their website. This cookie is then only accessible by the domain that created it. They’re supported by all browsers and help the browser remember things like usernames, language preferences, and shopping carts.Third-party cookies don’t belong to the main domain opened on users’ browsers. They can be loaded by third-party ad servers on a publishers’ website. Third-party cookies are then accessible on any website that supports third-party cookies and are technically supported by all browsers. but Mozilla Firefox, Safari, and soon Chrome will block them.
So, when you access a site like Theguardian.com, they will create a first-party cookie to remember your preferences, but an ad server like ad.doubleclick.net will also create a third-party cookie. The third party’s server sends a request from the web page to the file being requested is different depending on the use, but it can be an actual ad or just a tracking pixel, which is invisible to the user but acts as a tracking cookie.
Other websites, the third parties in the story can then also access the information stored in this cookie.
So, why now for the ban?
User demand
Ask the average user if they want cookies tracking them across websites and they will say no. But they don’t always know exactly how to deal with them. Browsers allow users to block 3rd party cookies already, but the majority don’t opt-out.A Mozilla study showed 20% actively opt-out, but if they make opt-out the default, only 20% actively opt back in User pressure to remove third may be more about the user perception that these cookies are insidious and the tracking is too intensive than actually responding to specific user demand.
Also, Google Chrome is basically the last major browser not to block third party cookies. Apple made the move to Intelligent Tracking Prevention 2.2 (ITP) to seal up the digital loopholes and much more effectively block third-party cookies. Mozilla’s privacy-focused Firefox browser has followed suit and made improvements to its Enhanced Tracking Protection to give users more privacy.
If Chrome waits later than 2022, it will risk losing users to other browsers and gaining a reputation as the browser that is most lax about its users’ privacy.
Growing regulation
There is no singular overarching law regulating online privacy worldwide. Instead, a patchwork of regional, federal, and state laws apply in various jurisdictions.The requirements to disclose and gather consent for third parties brought about by the EU’s updated privacy rules have led to the adoption of tools such as IAB Europe’s Transparency and Consent Framework.
Through allowing third-party cookies, Chrome is effectively letting a huge network of advertisers access user data. Visit one website and your information can be accessed by a whole network of sites that have access to the advertiser's cookie.
At the moment, under GDPR, this is acceptable. But the rules are hard to follow to the letter of the law. To comply with GDPR, publishers are supposed to ‘indicate all third-parties that install or that could install cookies, with a link to their respective policies, and any opt-out forms’.
But the issue is this puts the responsibility onto the publisher to check what the third parties declare corresponds to what they are actually using cookies for. It creates too many weak points in the chain that could leave publishers vulnerable, even if they are complying with the regulation.
Rather than keep exposing publishers to this, blocking third-party cookies makes user privacy simpler, Google is giving themselves the time to make changes before tightening of regulation forces them to.
The value of walled gardens
Google’s ad revenue is partially dependent on third-party cookies, but their network of first-party data is so extensive, they suddenly become the only option for many advertisers.
According to eMarketer Inc, The Google-Facebook duopoly accounts for 60% of U.S. digital ad spending. This is mainly because their network of first-party data is so extensive. Maps, Youtube, Google home. This is all first-party information that Google can use to serve targeted ads.
Eliminating third-party trackers simply maintains Facebook’s and Google’s ability to track consumers and gather enormous amounts of data about us while also preventing many of their advertiser competitors from doing the same.
The Association of National Advertising and the American Association of Advertising Agencies has publicly stated that the move threatens healthy competition.
"It would threaten to substantially disrupt much of the infrastructure of today’s Internet without providing any viable alternative, and it may choke off the economic oxygen from advertising that startups and emerging companies need to survive."
So, while Google’s move to block third-party cookies may be positioned as purely motivated by user privacy, there are many compelling reasons for them to bring in the block. It keeps them competitive in a more privacy-focused ecosystem, it prevents regulation telling them they have to block them, and it makes their advertising network even more valuable for advertisers.
The challenge is now to see how the rest of the ad tech ecosystem responds to find alternative solutions that would give smaller companies the same - or better - tools to monetize their content and audiences.
Watch this space.
