Google Chrome cracks down on tracking cookies. But who should make the rules?

Google Chrome cracks down on tracking cookies. But who should make the rules?
featured image

This article originally appeared in Digital Content Next on May 17, 2019.

Google has joined the likes of Apple Safari and Mozilla Firefox on the privacy front by offering users of Chrome the chance to disable or remove third-party tracking cookies. Last week, the company announced three protections that will soon be coming to the world’s most widely used web browser:

  1. In order to access consumers, developers will be required to specify – with attributes – which cookies contain user tracking and cross-site capabilities.
  2. Chrome users will be able to access this information and delete all cookies without affecting those which are active on a single domain (e.g., login, settings, site preferences).
  3. The browser will “aggressively restrict” fingerprinting techniques used by websites to identify browsers without a tracking cookie, though Google is vague on what this entails.

In today’s environment, it shouldn’t come as a surprise that one of the biggest players in online advertising and data-tracking is coming down hard on third parties (even if they don’t have a stellar track record with tracking). Let’s take a critical look at this new direction, starting with the positives.

The good

In the past, measures to crack down on data privacy abuse have swung between ruthless and milquetoast. Safari’s Intelligent Tracking Protection (ITP) has been called “nuclear” [by pundits for crippling trackers right out of the box, a measure that users rarely bother to disarm.

As a cornerstone of the digital ecosystem, Google understands the importance of data tracking for online publishers, acknowledging on its blog that cookies “play an important part of the web experience today,” It went on to add:

“Blunt solutions that block all cookies can significantly degrade the simple web experience that you know today, while heuristic-based approaches—where the browser guesses at a cookie’s purpose—make the web unpredictable for developers.”

Chrome’s new privacy features differentiate themselves by providing, in outline, a standard for transparency that eliminates guesswork and ostensibly leaves users in charge of their web experience.

This approach is both more balanced and precise than the wide bat swung by some competitors. These approaches challenged publishers to take inventory of the cookies they drop, and to use them in a more responsible way.

But not everyone is convinced that Google should wield its power over the web this way.

The bad

With a natural vested interest in its own data-driven products and services, some wonder whether the new privacy standards will apply to Google itself. While the company insists that they will, its power to act otherwise points to a larger problem.

We have heard time and time again that “data is currency,” and that’s true. Organizations depend on it for every step of the business cycle, from lead acquisition to customer service. However, with customer bases collectively exceeding half the global population, tech giants like Google  and Facebook have as much data as they could possibly want.

Even assuming the best of intentions on their behalf, we still must ask: Should privacy standards be determined and enforced by the very organizations who stand to benefit the most from them?

The battle for control

The drive for more and more data has given rise to the advertising crisis as we know it today. In the face of invasive third-party trackers, malvertising, performance issues, data breaches and other privacy infringements, consumer trust is at an all-time low.

One thing is increasingly clear: The industry needs oversight, and many contenders have stepped up to fill the vacuum. From emerging legislation like GDPR and CCPA, to Google, Mozilla, and other browsers, publishers have no shortage of authorities trying to dictate their relationship with clients—both consumers and brands/advertisers.

Awash in downgraded content, poor segmentation, and privacy agreements galore, end users are the casualties of this struggle, and the battle for privacy governance has quickly become a case of too many chefs spoiling the pot.

So, here’s a thought: What if organizations were equipped to set their own rules? And instead of concentrating power in the hands of Silicon Valley giants, what if the relationship between businesses and advertisers could be self-governed?

A better way forward

Publishers and media organizations are on the cusp of winning the future of digital. With historical direct relationships with brands and ownership of coveted first-party data, there’s never been a better time to take control of the digital revenue channel. The first step to winning is knowing the parties that contribute to your supply chain and verifying compliance with publisher policies covering data, security, quality and performance.

In most cases, more than 90% of their code is third-party generated and the veil of mystery surrounding a third-party’s identity has been a significant obstacle to content moderation. If Google did one thing right with the new Chrome updates, it was forcing developers to identify the purpose and scope of their cookies to the end user.

As long as businesses can vet the partners executing on their platforms, vulnerable and abusive code can easily be censured, creating a better digital supply chain for users, ad exchanges and publishers alike.

In this future, Digital Vendor Risk Management (DVRM) can arm organizations with the information they need to govern their digital assets. With built-in regulatory compliance, DVRM not only identifies risks, but ensures that the proper response is taken in any jurisdiction.

The best solution for customers and the best solution for business always go hand in hand. Rather than bringing them under an iron fist, DVRM creates a sustainable digital ecosystem by empowering businesses to protect their customers while driving revenue.