Google will kill “cookies” in 2024. It’s still not good news for your privacy rights.
By Kate Davis, Fall 2023 AI/Technology Policy Intern
We’ve all been there. After buying a new pair of shoes, a candle for your mom, or that upgraded vacuum cleaner you’ve had your eyes on, the purchase seems to haunt every webpage you visit for weeks on end. If you’re celebrating the holidays this month, it’s likely that whenever you go online, your screen is plastered with ads for gifts you’ve bought your relatives. Ever wonder how big tech companies have such a vigorous hold over your personal data?
“This website collects cookies to deliver a better user experience.” You probably encounter that sentence or one like it several times a day. Since being introduced in 1994, cookies–snippets of code that are saved onto your device after you visit and engage with websites–have taken the digital advertising world by storm. Commonly used for tracking and storing information about your interactions online, some internet cookies have “strictly necessary” purposes, like retaining information about items in your shopping cart. Many of them, however, are used to holistically track your online behavior for the purpose of creating targeted digital advertisements.
Whether it’s to obtain our browsing histories, IP addresses, or even information on where we hover our mouses, advertisers use platforms like Google to input little files–cookies–onto our phones, tablets, and computers. Known as “third party cookies,” cookies that are set by a domain other than the one a user actively visits, these files discreetly follow us as we navigate the web, meticulously keeping tabs on our interests and habits. Next month, however, the primary way advertisers track our data is set to turn on its head.
Sticking to plans announced in 2021, Google Chrome will completely phase out third party cookies by the second half of 2024. With 64% of the browser market share, and leading competitors Safari and Firefox having also put a halt to third-party tracking, it’s safe to say that Google is effectively killing the use of cookies in the digital marketing world. As part of Google’s wider “Privacy Sandbox” strategy, the company claims the move will bolster consumer privacy rights by putting an end to cross-site tracking.
Google is transforming its digital advertising model for the sake of privacy rights? If the sound of that sets off alarm bells, your instincts are on point. Making $224.47 billion in annual ad revenue, the last thing Google would do is harm such an integral cornerstone of its business. Rather than building up new data protections, the company’s move on cookies could end up strengthening tracking, and along with it, the power of targeted digital advertising.
Google claims its replacement for third-party cookies, Topics, preserves user privacy while still allowing relevant content to be advertised. Tracking users’ weekly activity to identify top interests over three-week periods, Google purports that Topics won’t share your behavior across the web in the same technical way as third-party cookies do. What Google isn’t making transparent, however, is that Topics will still record all sites you visit, sort your browsing preferences, and go on to sell that information to advertising partners.
On top of that, instead of a majority of personal data being tracked across companies like it has been with third-party cookies, Google will become your data’s primary custodian. Sparking antitrust investigations by both the EU Commission and UK’s Competition and Markets Authority, Google’s efforts to centralize user data will enable it to refine artificial intelligence (AI) algorithms for ad targeting, likely giving the tech giant an unprecedented competitive advantage.
Research is beginning to uncover the many dangers AI advertising poses for consumers. Machine learning algorithms are capable of identifying unique vulnerabilities and triggers among individuals represented in algorithms’ training data. Exploiting our psychological tendencies for profit, AI ads can target consumers in ways counter to their best interests, encouraging families to rack up unnecessary purchases.
Beyond Google’s shift to Topics, a host of other technologies serving as workarounds to third-party cookie bands are gaining popularity. For example, companies are gradually using first-party cookies combined with pixel trackers to imitate third-party practices, just as a 2019 report indicates Meta did to EU users despite the 2018 implementation of the EU General Data Protection Regulation. Once this sort of first-party data is obtained by trackers, few restrictions exist to limit its use in the trillion dollar data marketplace, where concerningly detailed personal profiles are sold to ad-networks by data brokers in live auctions. From data on your mental health to data on your kids’ online behavior, no federal laws exist on the books to stop data brokers’ privacy infringements.
All in all, there’s one thing you should know about Google’s killing of cookies: the move by no means signifies an end to data tracking. In fact, according to experts, the overwhelming prevalence of fingerprinting–the practice of identifying individual users based on their unique characteristics–already present on platforms like Chrome makes strides toward increasing privacy by private companies alone obsolete. Don’t let tech giants like Google try to convince you otherwise.
In order to actually restore Americans’ agency over their private data and prevent abusive AI tactics in advertising, federal lawmakers are going to need to step up and create a national data privacy standard. Moving away from “notice and choice” frameworks, legislation should enforce actual boundaries on Big Tech’s unchecked collection and management practices for personal data. Public Citizen has previously released some core policy recommendations that include:
- Strict data collection and use limitations
- Data minimization and deletion requirements
- Transparency about business practices
- Purpose specification
- Access, correction, and deletion rights
- Data accuracy
- Confidentiality and security requirements
- Compliance and accountability
Until Americans are granted rightful power over the collection, management, and application of their personal data, the federal government will be perpetually caught in a costly and inefficient state of catch-up when responding to the ever-evolving pervasiveness of Big Tech in our lives.