The so-called cookie apocalypse will be delayed for over a year: Google has announced a new timeline towards the final farewell to the use of third-party cookies in its systems, moving the date from February 2022 to a period of between half and the end of 2023. Mountain View colossus therefore needs more time to study alternative solutions to cross-website trackers, also considering the difficulties encountered with FLoC technology, and to finalize the initiatives of the Privacy Sandbox.

Google’s announcement: postponed the third-party cookies block

“It takes more time across the ecosystem to eliminate support for third-party cookies“, writes Vinay Goel, Chrome’s Privacy Engineering Director, in the article explaining the company’s latest news on the issue.

Although there has been “significant progress” in the Sandbox Privacy initiative, Google has decided to “continue working with the web community to create more private approaches to key areas, including ad measurement, delivery of relevant ads and content, and fraud detection”.

At present, “Chrome and others have offered more than 30 proposals and four of these proposals are available in proofs of origin”: for Chrome in particular, Google’s goal is to provide “the key technologies implemented by the end of 2022, so that the developer community begins to adopt them”.

Therefore – except “our commitment to the UK’s Competition and Markets Authority (CMA) and in line with the commitments we have offered” – the new time target set by Goel is to gradually delete third-party cookies on Chrome “for a period of three months from mid-2023 until the end of 2023”.

More time needed for the Privacy Sandbox

A key word in the speech of the Privacy Engineering Director is “responsibility”, more than ever necessary given the sensitivity of the issue, which directly concerns privacy on the web and involves users, which are increasingly demanding greater transparency and control over how their data are used.

For this reason Google has thought about the initiative Privacy Sandbox, which aims to create “web technologies that protect the privacy of people online and offer companies and developers the tools to build thriving digital activities to keep the web open and accessible to all, now and in the future”.

In particular, Privacy Sandbox is a package of standards and technologies for advertising tracking that have a dual purpose: to make available to publishers (in the original publisher text, ie sites that host ads, nda) and advertisers effective tools to continue to monetize data (crucial to keep the Web open and accessible), and at the same time protect the privacy of people online, bypassing and discouraging more alternative and invasive tracking solutions such as fingerprinting.

But this goal can only be achieved with a collaborative path shared by the entire web community, which should “come together to develop a set of open standards to fundamentally improve privacy on the web”.

Cooperation with both the web community and national regulatory authorities

An ambitious and complex work, which requires “responsible rhythms“: for this reason, Google has decided to move the previous self-imposed deadline for the farewell to cookies by almost two years (February 2022), bringing the deadline to the end of 2023.

The new timing will allow Google to “carry on the public discussion on the right solutions and continuous confrontation with regulators“, and should ensure publishers and advertising industry the right time to migrate their services, an element “important to avoid compromising the business models of many web publishers, which support freely available content”.

At the same time, says Vinay Goel, “by providing a technology that preserves privacy, we as an industry can help ensure that cookies are not replaced with alternative forms of individual tracking and discourage the rise of secret approaches, such as fingerprints“.

How the public process of proposals development works

The article also describes the standard development process that follows each proposal on the privacy theme – consistent “with the way other open Apis and Web technologies are developed” – and that is articulated in a public path divided into several stages, with extensive discussion and testing periods. In particular, the following:

  • Discussion

Technologies and their prototypes are discussed in forums such as Github or W3C groups.

  • Test

Technologies are rigorously tested in Chrome through numerous “source tests, which allow transparency and feedback”. For example, says Goel, “we received substantial feedback from the web community during the origin test for the first version of Floc; we plan to conclude this origin test in the coming weeks and to incorporate input, before moving on to further tests on the ecosystem”.

  • Ready for adoption

Once the development process is completed, successful technologies are ready to be used on a large scale. They will then be launched in Chrome and ready for widespread use on the Web.

Cookies on Chrome, the new Google timeline

When this public development process will be completed, and in respect of the company’s commitment to the CMA, Google’s new plan for Chrome is to “gradually delete support for third-party cookies in two stages”:

  • Stage 1, starting at the end of 2022

After completing the tests and launched the APIs in Chrome, Google will announce the start of phase 1, during which “publishers and the advertising industry will have time to migrate their services“. In the company’s predictions, this phase should last nine months and “we will carefully check the adoption and feedback before moving on to phase 2”.

  • Stage 2, from mid-2023

Chrome will phase out support for third-party cookies for a three-month period that will end at the end of 2023, according to forecasts by Vinay Goel.

The more detailed program will be published and updated regularly on privacysandbox.com, so as to “provide more clarity and ensure that developers and publishers can plan their testing and migration programs”.

Google’s commitment in defending privacy

In addition to progress in developing alternatives to third-party cookies, Google continues to promote another key Sandbox Privacy goal to “combat hidden tracking as the device’s fingerprint”. For example, says the article, recently the company has published “an update on our plans for reducing user agent strings, a project that aims to reduce the possibility of using this data to take fingerprints and track users on the web”.

According to Vinay Goel, “Privacy Sandbox will provide the best privacy protections for everyone“, and ensuring that the ecosystem can support “activities without keeping track of people on the Web, we can ensure that everyone continues free access to content”.

Given the importance of this mission, reiterates Chrome’s Privacy Engineering Director, “we need to take time to evaluate new technologies, collect feedback and reiterate to make sure they meet our goals for both privacy and performance, and give all developers time to follow the best path for privacy”.

What Google’s announcement means (and the possible reasons behind the delay)

Many advertisers have been concerned about the effects of implementing Google’s privacy initiatives and, above all, the blocking of third-party cookies for their metrics and their customers.

The new timeline means “that there is an opportunity for search marketer concerns to be heard by Google and that there is more time to prepare for major changes, including the search for technological solutions that will adapt when cookies are withdrawn, as a first-party data strategyparty or data extraction from other sources,” notes Carolyn Lyden.

But there may also be other more “practical” reasons behind this delay, because in recent months Google had received much criticism for its initiatives in view of the post-cookie era, especially for the FLoC mechanism (anonymized clusters of users with similar characteristics), which have raised a fuss of controversy.

For example, in April WordPress had proposed to block by default this targeting system – a potential devastating effect on the Google project, whereas over 40% of sites in the world use WordPress as CMS – and only a few weeks ago the experts of Digiday had found a software code to block the Floc present in the sites of the Amazon ecosystem (in addition to the marketplace, also Wholefoods.com, Zappos.com and Woot.com).

Moreover, no less problematic were the regulatory considerations, because the tracking of Floc would not be in line with the directives of the European GDPR (and in fact there are no EU States involved in the initial phase of testing)and similar concerns have also been raised in other parts of the world. Also in Europe, Google is experiencing other problems, such as the new antitrust investigation of the EU Commission on potential anti-competitive advertising practices.

Precisely the pressures of governments, therefore, seem to be able to push Google to extend the time initially planned to end the era of third-party cookies, which is causing so much anxiety in the digital advertising industry.