Digital Intelligence
11 min

Breaking Down Google’s Privacy Update: Cross-Site Tracking

Simon Poulton Vice President | Digital Intelligence

In an announcement on Wednesday, Google explicitly stated that it would not build or use alternate identifiers to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022.

“Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers,” said David Temkin, Google’s Director of Product Management for ads privacy and trust.

The announcement certainly generated a lot of headlines, but this is not a radical departure from Google’s current position. While the previously-announced removal of third-party cookies represents a significant change for advertisers, Google is really just solidifying the scope of its privacy safeguards and indicating where it’s going when it comes to tracking and targeting.

What’s changing: Introduction to Federated Learning of Cohorts (FLoC)

In their announcement, the search giant also reiterated that its web products will be driven by the Federated Learning of Cohorts (FLoC) API. With FLoC, Google will utilize first-party data to probabilistically generate cohorts aligned with modeled interests and propensities. Advertisers will then be able to target their ads to these cohorts, rather than the individual user.

This means Google will still technically be able to deliver targeted ads, but do so in a more anonymized, less creepy way. Additionally, the changes are expected only to cover websites visited via Chrome and do not extend to mobile apps.

What do these changes mean for your brand?

Leveraging on-device machine learning (literally a model that will run on an individual’s device), Google’s FLoC model claims to provide a degree of privacy to individual users: it allows advertisers to still serve relevant ads while keeping each user’s browsing private. While the update is minimal, it could be an adjustment for advertisers who rely heavily on Google Ads for revenue.

Remarketing within the Google ecosystem will theoretically be unaffected, but the future of cross-channel remarketing is still an open question. We think it’s likely it will still be possible through another Google Privacy Sandbox proposal called TURTLEDOVE (more details below), based on the same kind of probabilistic modeling.

As an alternative to third-party cookies, FLoC is a major part of Google’s commitment to its Privacy Sandbox, the company’s ongoing initiative to set new standards for targeted advertising, emphasizing consumer privacy. The biggest impact of the new information is on other advertising platforms and tech solutions that have been working to develop alternative viable identifiers that concurrently meet rising consumer expectations for privacy. Google has signaled those will not be supported in the future across their browser and product offerings.


Attribution challenges

With rising concerns over consumer data protection, tech and browser companies have been working tirelessly to eliminate outdated cookie-based tracking models while also preserving their own ad revenues. 

The FLoC model represents the future of ad measurement for Google and an attempt to have it both ways: give advertisers the data they need to attribute and measure data while maintaining the privacy of individuals online. The company even claims that advertisers can get nearly the same return on investment from FLoC as they would through cookie-based tracking: “Our tests show that advertisers can expect to see at least 95% of the conversions per dollar spent when compared to cookie-based advertising,” the company said previously. That testing was a simulation; real data on FLoC’s efficacy won’t be available until the origin trials start with Chrome 89, expected to roll out this month.

However, FLoC also has the potential to make cross-channel data and attribution more challenging for marketers, particularly for programmatic ads. Since FLoC is Chrome-based, it won’t be a part of a larger multi-channel advertising ecosystem. It also raises the question: if Google’s AI and ML are distributing customers into FLoC cohorts, will the individual user data be available to Google?

For brands, the solution remains the same: invest in first-party data—through email signups, CRM data, rewards programs—and develop a customer data strategy. That’s especially important for ecommerce brands, who are still by and large not prioritizing email collection and might be in danger of being outmaneuvered by competitors who take the time now to prioritize first-party data. 

Forward-thinking brands will focus on building out their own communities, collecting their own customer data they will still be able to use in Google’s ecosystem. Leaning into privacy can form a key brand attribute and differentiator—as anyone who has recently encountered an Apple commercial can attest.

What does it mean for the future?

Publishers and advertisers have relied on third-party cookies for better results for so long that targeted advertising, particularly for programmatic ads on the open web, faces significant challenges once they go the way of the dinosaurs. And that’s why, on one hand, ad tech companies like The Trade Desk and LiveRampand—as well as other consortiums like IAB and Advertising ID Consortium—have been working to create universal user ids to target the users even after the removal of cookies, referred to as universal IDs.

What Google has done is picked its most viable solution. The options currently being explored by multiple platforms can be broadly characterized as probabilistic or deterministic models:

  • Probabilistic: Probabilistic IDs combine some first-party data with additional user behavior to model likely propensity and interest groups a user should be included in. The sum total of this data is used to form identifiers that can’t be traced back to individual users. FLoC is based on probabilistic modeling using Google’s own first-party data, the largest first-party data set in the world. 
    • Pros: Privacy is at the heart of this solution. There is no PII shared and on-device IDs are cohort-based so there is no ability to stitch this to PII even if you wanted to. It is therefore viewed as being very “future resilient” as it is unlikely to be impacted by privacy legislation.
    • Cons: The jury is still out on accuracy compared to third-party cookies, and it’s unlikely Google will release data here for some time. Additionally, there is limited support from other browsers in the ecosystem, which may limit the ability to utilize these cohorts exclusively to Chrome (although this begs the question: how exactly will Unified ID 2.0 work with browser limitations on user identity resolution?).
  • Deterministic: This version of universal IDs, on the other hand, relies on some form of constant identifiers—such as a login or a phone number associated with an account. While this may seem like the better solution, these universal IDs also run up against a couple of difficult-to-overcome challenges: they can only work with known, as opposed to unknown audiences, so they need access to a critical mass of consent from any given user base to be effective. The Trade Desk et al. is currently at work on Unified ID 2.0 as an alternative to third-party cookies. It uses PII (such as an email) that has been hashed and salted, then can be utilized for deterministic ad targeting.
    • Pros: Maintains a deterministic, 1:1 approach to user targeting and allows for the persistence of granular interest scopes that probabilistic solutions may not allow for. This is seen as a way to mitigate “data leakage” while still preserving a user’s identity for targeting.
    • Cons: Still uses PII, and is unlikely to be resilient to future privacy changes. This should be viewed as a band-aid and it’s unlikely to weather legislative limits placed on PII. For example: a GDPR-esque opt-in law could cripple this function.

It’s important to note that not all universal IDs will work after the cookiepocalypse. While universal IDs may be a temporary solution, ongoing privacy restrictions and data legislations will probably lead to their demise.

It’s possible we will see publishers form pools to consolidate data and almost certain that log-ins will increase across the web. But the Privacy Sandbox still features many potential paths for the future of data privacy on Google. Brands need to focus on resilience and diversifying their media mix to ensure they’re not overly dependent on a single network.

The increased market power of “walled gardens”

Unlike cookies, which are not owned and managed by a single authority, APIs such as FLoC are owned by Google. Should FLoC go mainstream, we predict that much of the open web will gradually transform into a series of walled gardens, with their own rules, tracking, and privacy safeguards.

Google’s privacy-preserving ad targeting is for the birds: FLoC, TURTLEDOVE, and FLEDGE 

By classifying online users into groups based on similar browsing behaviors with a “cohort ID” with FLoC, marketers can target users with ads based on the groups they belong to. Simply put, the data gathered locally from the browser is never shared and never leaves the device. By using this interest-based advertising approach, Google is able to keep a person’s browsing history private and offer protections from individualized tracking and profiling.

Chrome plans to make FLoC-based cohorts available in March through origin trials, which will allow developers to safely experiment with web features, and to begin testing them with advertisers in Google Ads in Q2.

But Google is also working on other, parallel tracks, all bird-themed (because why walk when you can fly). TURTLEDOVE (and its extension, FLEDGE) is billed as a new way for advertisers and ad tech companies to target an ad to an audience they’ve already built without revealing other information about a users’ browsing habits or ad interests and covers remarketing. The core tenets of TURTLEDOVE are that:

  • The browser, not the advertiser, holds the information about what the advertiser thinks a person is interested in.
  • Advertisers can serve ads based on interest, but cannot combine that interest with other information about the person — in particular, with who they are or what page they are visiting.
  • Websites the person visits, and the ad networks those sites use, cannot learn about their visitors’ ad interests

This proposal takes into account some of the industry feedback Google has received, including the idea of using a “trusted server,” as defined by compliance with certain principles and policies, that’s specifically designed to store information about a campaign’s bids and budgets. Chrome intends to make FLEDGE available for testing through origin trials later this year with the opportunity for ad tech companies to try using the API under a “bring your own server” model.

TL;DR: Our perspective on Google’s changes and the future of data privacy

Privacy headwinds will continue to increase, and we’ll see a greater focus on walled gardens looking to maintain user journeys within their walls (we’re already seeing this with features like Instagram checkout) and an increasing focus on probabilistic modeling—not just from a targeting perspective, but also in terms of measurement. Indeed, cross-channel deterministic attribution is simply no longer possible, and the future here will be framed by advances in MMM modeling combined with built-in incrementality testing.

Overall, things are going to get harder within the programmatic ecosystem before they get easier. While TURTLEDOVE may be fantastic at isolating certain cohorts, it may struggle with others, including more niche groups, because FLoC won’t expose cohorts with under 1000 users. On top of this, we will see increased conversion modeling within these platforms (already happening in DV360 and Google Ads) and it will likely be much harder to trust data that exists within a silo as it gets more difficult to see the complete picture.

First-party data is definitely going to become more important regardless of the path that advertisers and ad tech platforms take. Brands need to make investments in capturing user information early in their journey and look to diversify the methods we’re using to engage them. 

The brands that find a way to capture that information successfully will ultimately prevail in being able to target their consumers more effectively. Don’t just collect emails with promotions or late-stage offers; instead, explore how to build community and value propositions that incentivize email collection across the customer journey. Interactive virtual events, activities, and access to other community-focused incentives should be a major focus for brands across verticals prioritizing first-party data.

Digital Intelligence Google Update


Write a response…

Related Posts

Think Like A Challenger

Subscribe to keep up to date on the latest innovations in digital marketing and strategies our Challenger Brands leverage for success.