As an alternative to this legal remedy, Apple’s Safari browser and Mozilla’s Firefox currently block third-party cookies as of 2017 and 2019, respectively. In January 2020, Google followed suit and announced their intention of fully phasing out third-party cookies within Google Chrome by 2022 noting users’ greater demands for control and transparency. This announcement follows the “Privacy Sandbox” initiative that Google started in 2019 that outlined Google’s intentions to balance the privacy concerns of users with the concerns of websites that would be harmed if they were left without an alternative form of advertising if cookies were to be eliminated entirely. On March 3,, 2021, Google announced that after third-party cookies are phased out, Google would not replace these cookies with alternative identifiers to serve as trackers. Instead, Google will use Federated Learning of Cohorts (FLoC) which would aggregate individuals of similar interests into cohort groups under an algorithm. Each cohort group would receive targeted advertising specific to their interests. This prevents the use of individual identifiers by keeping browsing history of individual users within the browser and away from third parties. Browsing history is typically used by third-party cookies to determine what ads to show so keeping this information private undermines third-party cookies and renders them ineffective. Moreover, such a policy would be in compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) which requires that large businesses, under California law, must disclose if personally identifiable information will be sold or shared with third parties, something that these cookies primarily do. Similar laws are being considered in other state legislatures. Furthermore, Google claims that FLoC is 95% effective compared to the use of third-party cookies for advertising purposes.
However, Google’s proposal is not without its detractors. Since Google controls over two-thirds of the web browser market as of December 2020, Google could increase its own power significantly in the advertising market because it would still retain its own power to use trackers like browsing history with Chrome. This allows Google to stifle competition as third-party advertisers would be subject to the restrictions Google sets, but Google would not be restricted as a first-party data collector. There is also a concern that the cohort groups could be constructed in a way that fails to hide individuals sufficiently because smaller cohort groups are inherently better than large groups for Google since the targeted advertising could be more specific and arguably more effective for smaller groups. In a smaller group, it would be easier for an individual user to be discerned by advertisers, rendering much of the improved privacy protections, moot. Furthermore, Facebook when using similar designed groups in the past, has run into issues with advertisers being able to characterize individuals by “sensitive” categories such as race, politics or religion. The Electronic Frontier Foundation (EFF) opposes FLoC entirely and points out other concerns that could arise such as browser fingerprinting, the practice of gathering various pieces of information from an individual’s browser so that the browser can be uniquely identified in the future. Additionally, they point out that audits of the system would have a difficult time determining whether advertisers were using inappropriate categories. In many cases, advertisers could claim plausible deniability by arguing that they are merely targeting a cohort group and not specific individuals.
While FLoC may be the new advertising targeting method of the future that avoids the privacy concerns of third-party cookies, it could still raise other concerns that should be carefully studied before being fully implemented next year. It would be useless to the average user to replace one privacy concern with another in the quest for a more private web.
* Josh Zhao is an Executive Editor on the Michigan Technology Law Review.