Yesterday’s announcement from Google that it’s pushing back its deadline for killing off third-part cookies in Chrome wasn’t altogether unexpected. The scale of the extension however – pushing the deadline back by at least a year and a half – is longer than many had anticipated.
But how is the industry reacting to the news? Is the deadline long enough for advertisers, ad tech, and publishers to properly prepare? And what has ultimately driven Google’s decision?
Did Google announce this change because of regulatory pressure? Because they weren’t going to make the initial deadline? Because they need to make the proposals more private and work better in general? Will this change create more uncertainty? Should we all breathe a sigh of relief, for now? Do we still need to be laser-focused on building a more private advertising ecosystem? The answer to all of these questions is YES.
Google has made it clear in the W3C forums that they will not remove support for 3rd party cookies until viable alternative solutions are accessible. They were optimistic to believe that they could reach consensus on solutions within the original two-year timeframe. We are pleased that they stuck to their commitment and listened to the feedback from the industry and regulators).
With Chrome’s prolonged stay of third-party cookie execution, publishers and the industry have a chance to build sustainable solutions that balance privacy with performance. The immediate net result is that this will help publishers maintain CPM stability for the next couple of years and quell some of the more immediate concerns around readiness. Having said that, we risk losing momentum if players in the ecosystem view this as an opportunity to re-prioritise or shift focus. We should take advantage of the gift of time to develop solutions that address the necessary use cases in a privacy-compliant, user transparent way.
While we will not take our foot off the cookieless gas, this does enable us to dig deeper into Apple’s upcoming iOS15 changes, which could pose more widespread revenue risks than open CPMs.
Many ad tech companies and greyhat publishers will “cheer this news” but CPRA goes into effect January 1, 2023, & the enforcement period starts July 1, 2023. UK regulators have no control over California Privacy laws. You’ve been warned.
When CPRA goes into effect, an entire new regime for sharing user data in California (and therefore the U.S.) will be required. Tons of aspects of CCPA are strengthened when it comes online.
“Do not sell” evolves to be “Do not share” too…
CPRA includes increased penalties for mishandling consumer data for anyone under 16 (improves & strengthens COPPA, which applies to only under 13), plus expanded right of private legal action, plus a variety of other absolutely serious frameworks that can’t be ignored just because Google shifted a product deprecation timetable.
Also, the expansion of controller-processor-like responsibilities that requires vendors/contractors to assist consumer requests “down stream”- coupled with sharing restrictions – in my strong opinion, 2023 will see more consumer class action privacy lawsuits than ever before.
If you don’t understand deletion audits and user data sharing restrictions that are already law (and just currently in the implementation period ramp up), you’ve got some time to catch up, but not much time. The California Consumer Privacy Protection Agency has already held their first meeting…
And don’t count on Google holding your hand through what you should be allowed to share or what will put you out of compliance with CPRA, they’ve now left the industry in the woods to figure out that the wolves are already inbound.
It’s clear with this announcement that Google wants to ensure addressability is still possible in the future of advertising, and it comes as no great surprise. The move gives the industry, including Google, more time and space to figure out the best combination of solutions that work for the specific goals of different advertisers.
At MiQ we still firmly believe that the end result will be a combination of solutions that involve both deterministic authenticated data and scalable anonymous or cohort data across the open and closed web, so we will continue to connect and test all of these areas on behalf of our clients.
We know from our testing to date that cookieless solutions can provide more scale and more intelligence , all while providing stronger consumer privacy protections. This only proves that cookies are nearly past their time anyway; so in many ways, moves like this one from Google are not going to excessively slow down the development of alternatives.
Google has pushed back the deprecation of third-party cookies until 2023, explaining that the ad ecosystem of the open internet needs more time to develop solutions that will support freely available content. Overall, this does not change the inevitable: third-party cookies have already been deprecated in Safari, Firefox, Edge and Brave, and they will be deprecated in Chrome as well.
Google’s timelines should not affect the work that we or others are doing to develop privacy-first solutions that will both protect the consumer but also allow the open internet to thrive. The industry must continue to work together and test privacy-first solutions that will enable safe, data-driven advertising into the future – this news just gives the industry more time to refine technical approaches and drive greater adoption prior to the transition. PubMatic has been investing heavily behind the transition away from third-party cookies for several years and will continue to do so.
An interesting move from Google, prioritising giving time to companies to prepare over their own needs – not least on protecting Chrome from Safari and Android from IOS. There is open water here between Apple and Google on privacy as highlighted in Apple’s recent advert.
This has to be good news as it gives companies adequate time to test and prepare for the new world. Yet It also leaves many data and tech companies in limbo as they will find it hard to show they are ready for the cookieless future until that day arrives. It will also delay the adoption of some of the very technologies that will replace the cookie. For those that have invested the most in preparing for the future this will be seen as a bad day as it allows the tardy to catch up.
Why the change of heart? The CMA and the EU will claim a victory here yet the real driver I feel was how poorly beta testers were reporting on FLOC and how privacy activists felt it actually did not protect privacy as it aided fingerprinting. Expect the next iteration of FLOC to address fingerprinting and (as Apple has done) the use of IP address particularly (a core component of most fingerprinting).
There are two sides to this announcement. On one hand, this news may come as a relief to publishers and platforms that were struggling to meet the original ‘early 2022’ deadline. This timeframe was simply unrealistic for many, there is still a lot of work to be done and this push-back gives the industry more time to prepare.
At the same time, this delay should not slow down the work that we, as an industry, have been doing to create and migrate to a more efficient and privacy-compliant identity infrastructure. We need to continue to strive to make the Open Web a better place for publishers, advertisers and consumers. No matter the deadline, we cannot ignore the privacy and inefficiency issues associated with third-party cookies. Change is still needed more than ever. The good news is that now we have more time to get it right.
This is not a great day for consumer privacy. Despite the increasing public pressure and pending court cases, Google has decided to kick the data protection can down the road. However, this does not remove the urgency to find ethically and commercially sustainable alternatives to third-party data: if the industry rests on its laurels and fails to innovate, it will be in an even worse position when the ban takes place. There is still a need to help privacy-preserving solutions lift off the ground and get scale – with the short-term goal of reactivating Apple’s valuable user base.