FLoC’s GDPR Woes Highlights Google’s Lack of Transparency

Niamh Carroll 25 March, 2021 

With the deprecation of third-party cookies fast-approaching, many looking for an alternative had looked to Google’s Federated Learning of Cohorts (FLoC) solution. However, the proposed FLoC API now appears to be falling foul of Europe’s GDPR regulations. Google has suspended its planned origin testing of FLoC in Europe, raising yet more questions about what will replace third-party cookies. 

Both advertisers and publishers must avoid the same mistakes that were made with third-party cookies and prioritise transparency for consumers, says Matt Barash, SVP Global Publishing and Platform Partnerships at Zeotap. Barash argues that independent solutions could end up winning out in this current climate. 

The inevitable has happened: Google’s Federated Learning of Cohorts (FLoC) initiative, touted as its solution to the deprecation of third-party cookies, has found itself being challenged by GDPR and the ePrivacy Directive.

As we write, news has just broken that proposed origin testing of FLoC in Europe has been put on hold (Chrome trials were due to begin this month). While Google later reiterated that this was temporary and that they are “100 percent committed to Privacy Sandbox in Europe”, the delay raised a number of questions to which European adtech players will be all too familiar. 

There are likely two key challenges at the heart of this. Firstly, when a user is placed in a FLoC cohort, who’s responsible for controlling and processing their data? Secondly, how is proper user consent captured in these instances? 

The fact that there are not yet any clear answers underscores the importance of having privacy built into the DNA of any solution that aims to fill the void left by third party cookies. In fact, Google said this much itself in its announcement earlier this month.

At the end of the day, this is all a question of confidence. On both the advertiser and publisher sides, the industry needs to be sure that the solutions they’re betting dollars (or indeed, Euros) on are compliant – otherwise we end up with the same issues of consumer trust that we had with third-party cookies. In other words, we will have uprooted the entire ecosystem for nothing. 

In order to achieve that confidence, anyone providing an ad tech solution needs to be transparent, and that’s where the emerging independent solutions may have an advantage: there are no ‘black boxes’ here, unlike some of the walled gardens. It’s incumbent on us as new solutions to stay true to that transparency if publishers, advertisers and consumers are to rebuild the confidence that was lost.  

While we await further clarification from Google as to what this means for EEA publishers and advertisers, I would advise any player in the space to apply real scrutiny to the privacy and compliance credentials of the solutions they’re considering and begin to evaluate universal identity options as soon as possible.

Some will have done the work, but with the complexity of the hoops to jump through, not every solution will be able to say the same – ask the questions and test now to avoid vulnerability later.

2022-08-25T17:54:46+01:00

About the Author:

Go to Top