On January 14, Google announced that it would be dropping third-party cookies on its platform by 2022. The plan will bring Google in line with other web browsers who are taking action to protect user privacy. The new plan comes after Apple’s user protection and Mozilla’s Firefox began blocking tracking cookies by default. Microsoft is also looking into blocking cookies for its Edge browser.
The new plan contradicts Google’s stance in August, where the company declined to end the use of third-party cookies on its browser. Google stated that blocking the cookies, which track users from site to site for advertising purposes, would instead encourage the use of another tracking method, called browser fingerprinting, which uses small details about a browser to assemble a profile. Rather than block cookies, the company announced the Privacy Sandbox, a “set of open standards to fundamentally enhance privacy on the web.”
In a blog post, Google stated, “[a]fter initial dialogue with the web community, we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete.” Google hopes to start testing this by the end of 2020 and to complete this initiative within two years.
“Users are demanding greater privacy–including transparency, choice and control over how their data is used–and it’s clear the web ecosystem needs to evolve to meet these increasing demands. Some browsers have reacted to these concerns by blocking third-party cookies, but we believe this has unintended consequences that can negatively impact both users and the web ecosystem. By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control. We believe that we as a community can, and must, do better.”
Google will follow Apple and Mozilla, starting with Chrome. Google Chrome will “limit insecure cross-site tracking in February, by treating cookies that don’t include a SameSite label as first-party only, and require cookies labeled for third-party use to be accessed over HTTPS.” Google is also working on creating ways to “detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage these kinds of deceptive and intrusive techniques.”