What Happens When the Web’s Cookies Crumble

Adriana Lee
·4 min read

Having previously revealed the upcoming demise of cookies in its platform, Google pledged this week that it won’t swap in a similar web tracker. But that doesn’t mean there are no other plans in the works.

“Instead, our web products will be powered by privacy-preserving APIs, which prevent individual tracking while still delivering results for advertisers and publishers,” wrote David Temkin, Google’s director of product management, ads privacy and trust, in a blog post. APIs, or application programming interfaces, refer to tools that allow different technologies or programs to work together.

More from WWD

The revelation dashed hopes held out by some parties, including advertising tech companies, that the search giant would take up alternatives such as “hashed” emails or email-based identifiers.

Ad-tech stocks hyperventilated, falling to record lows to the tune of billions of dollars across firms such as The Trade Desk, Live Ramp and Criteo. Analysts largely believe ad-tech will be fine in the long term, but the jitters speak to how big the stakes are for advertisers and their brands.

It’s no secret that cookies, the small bits of data placed in computers that enable user tracking, have been the lynchpin of ad targeting and retargeting for years — even if some brands don’t fully understand all the implications.

“When I ask a lot of companies, ‘How are you using cookies?,’ a lot of lawyers and even business people don’t really understand it. It was just something that was set up years ago,” Jennifer Urban, a partner at the law firm of Foley & Lardner, told WWD. Urban has drilled into the issue as it relates to legislation like the California Privacy Protection Act.

“And if you were not in Europe [which enacted GDPR privacy regulations], you may not have a cookie policy,” she added, “or no one really did a deep dive on what all these different cookies are actually doing on your website.” She pointed out that different types have different uses, and some of them could run afoul of certain state-level laws.

The common scenario of ad targeting based on interests, where people are tracked online across multiple sites by outside vendors, could be considered a “sale” of data. And that could be viewed as a violation.

Such concerns have intensified scrutiny on Google, due to the sheer size of its ads business and traction of its Chrome browser. Not only is the tech goliath the undisputed leader in the digital advertising market, according to NetMarketShare, its web browser accounts for more than 69 percent of the world’s internet browser market share for desktops and laptops.

In 2019, Google promised to move away from third-party cookies, and now the company has a two-year plan to eliminate them from its ad products and Chrome.

So what will it do instead?

To accomplish its stated vision of a “privacy-first web,” Google’s main focus is on its Privacy Sandbox initiative — a model that presumably protects consumer privacy, while meeting crucial advertiser requirements, by identifying data patterns and aggregate-level reporting over groups of users.

It also touts FLoC, short for “Federated Learning of Cohorts.” That’s an official-sounding name that essentially refers to grouping people together based on interests, instead of identifying individual users.

“Advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies offer a clear path to replacing individual identifiers,” Google’s Temkin continued. “In fact, our latest tests of FLoC show one way to effectively take third-party cookies out of the advertising equation and instead hide individuals within large crowds of people with common interests.”

But the Electronic Frontier Foundation called FLoC “a terrible idea.” In its Deeplinks blog, the organization took issue with the concept of labeling people and grouping them into buckets.

While that sidesteps privacy issues, it “could exacerbate many of the worst non-privacy problems with behavioral ads, including discrimination and predatory targeting,” the foundation wrote.

Meanwhile, Google also notes that its moves will only affect its own platforms, as it promises to continue support for “first-party relationships” — or direct connections — between its ad partners and their consumers.

Either way, it’s clear that change is coming. And some executives see it as an opportunity, like Mario Ciabarra, chief executive officer of Quantum Metric. The digital experience and predictive analytics platform, which filters data from over 20 percent of the world’s internet users, serves companies like Lululemon, Neiman Marcus and others.

Ciabarra believes that in the future, when consumer online behavior can’t be granularly tracked, brands “will need to deliver highly personalized and perfect experiences on digital that cater to their audiences, much like they did in physical stores,” he said.

In essence, without the ability to rely on user tracking, the quality of digital experience and content will be critical. And naturally, those who offer the best experience will stand out.

“What’s happening on mobile with Apple privacy restrictions is the same as what Google is doing — and what other major browser vendors have already implemented,” he said. “Android will follow suit for sure.”

And with privacy at the forefront of the industry’s digital transformation, he sees “momentum for brands to get behind their experiences, rather than rely on high cost ad spends,” he said.