Google Announces New Cookie Controls for Chrome
During the Google I/O developer conference in Mountain View on May 7th, Google made headlines by announcing several changes to how Chrome plans to improve user controls and built in developer guidelines to help improve users' privacy protections. Though Google left many of the specifics relatively vague in its blog post, stating "[They] will preview these new features later this year." the tech behemoth did clarify a few key areas of focus:
1. Developers will need to start specifying the reason for which a cookie is used by leveraging the SameSite attribute. This will allow the browser to more easily understand whether a cookie is meant for use on only a first party website for things like remembering logins or shopping cart choices vs. third party websites for things like personalized advertising or cross-domain consent.
2. By default, Google will consider non-specified cookies as only relating to the first party websites helping to ensure that developers are only deliberately sharing information stored in cookies to third parties. This also comes with added security benefits to reduce the risk of cross-site injection.
3. Chrome will be more assertive in restricting fingerprinting. Fingerprinting is a method of identifying a user through both hardware and browser settings, generally used in tracking individuals across the web.
These updates to the Chrome browser follow similar moves made for Apple’s Safari and Mozilla’s Firefox browsers in recent years; however, ad tech vendors and privacy advocates both have taken greater note as Chrome currently holds over 60% market share of the web community. Some considerations relating to how these changes will impact companies and consumers are discussed in further detail below.
How will consumers control their consent?
Given the Google blog post remains vague about what the privacy tools to come will look like, this does raise an interesting question around whether consumers will be able to make granular selections of which types of ads or which ad vendors they wish to interact with moving forward. Browser controls are generally and all-or-nothing selection meaning, if a user were to prevent third-party personalization cookies, this could have significant impacts for many publishers.
In addition, Google has made repeated public disclosures and is actively working with IAB EU in the new Transparency and Consent Framework (TCF) which allows data subjects to consent to a defined list of purposes for processing their data. The TCF acts as a protocol allowing ad tech vendors, publishers, and consent management providers to pass data subjects choices to ensure their rights are respected. One of stipulations in passing this choice, or consent string, is that a third-party cookie is used to store this information. Since Chrome is now requiring the explicit declaration of the use of a cookie moving forward, this brings up a concern about whether this protocol will continue to be the easiest in facilitating the passing of consent over the web.