According to a July 22 announcement, Google no longer plans to remove third-party cookies from its web browser. Instead, the tech giant will explore other options that allow users to make informed decisions that apply to all their browsing behavior while maintaining an ad-supported internet. This has implications for companies that engage in online marketing or face an increased risk of a privacy violation lawsuit – a trend that’s growing in about 20 states. Here’s what you need to know and three essential steps you should consider taking now.
How did we get here?
Google first announced its plan to phase out third-party cookies in 2020, and hoped to complete the plan by 2022. At that time, Google launched a new venture, Privacy Sandbox, that would develop a set of open standards to fundamentally improve privacy while browsing the web while supporting publishers. The goal was to support privacy-preserving mechanisms and open standards to eventually make third-party cookies obsolete. This reconfiguration would have caused a dramatic shift in the advertising industry and the entire internet economy.
Of course, this didn’t happen in 2022 or later, as delays continued due to industry resistance, technical challenges, and evolving laws and regulations. The latest delay extended Google’s timeline to 2025, but difficulties ultimately forced the company to abandon its efforts to remove third-party cookies from its browser.
What happens next?
While Google has announced that it no longer intends to remove third-party cookies from Chrome, it will continue to develop and test its Privacy Sandbox initiative and explore other privacy-protecting alternatives.
These alternative approaches to protecting privacy may be viable in the future, but for now, companies should continue to comply with applicable consent and notice requirements under data protection law, including cookie notices, disclosures, and opt-in or opt-out options. It’s also a good idea to review your website to see what third-party cookies are being used, especially given the dramatic rise in wiretapping lawsuits against companies that host third-party cookies.
3 steps you should take now
1. Review Your website
Take a close look at your website to determine which pixels, web beacons, cookies, and other tracking tools are being used. Determine what data each tracking tool reveals and who receives it. Determine what third parties do with your data after they receive it. Note that for an effective and comprehensive approach, you will need cookie scanning technology with the support of an expert to interpret the results and recommend an action plan.
2. Display relevant disclosures
Before The consumer provides information on your website, such as through a search bar, contact form, or chat feature. Make sure your website includes disclosures that adequately describe the parties involved in the communication, who will receive the data, how the data will be used further (if any), and where your consumers can access information about your privacy and data use practices.
3. Consider privacy-friendly technologies
Many of the comprehensive state privacy laws recommend or require (under certain circumstances) the adoption of privacy-preserving technologies on websites, such as Global Privacy Controls (GPCs) or HTTP header fields or JavaScript objects. With such technology, a user could set their browser to send an automatic signal to each website visited, telling the website that the user does not want to collect or disclose data that identifies them through cookies. If your website enables or accepts GPCs, the website automatically accepts the user’s preset signal and abides by the user’s selection without requiring the user to select additional cookie options when navigating to the website. Depending on your company’s privacy practices, you may need to implement automated methods to recognize opt-out preference signals from consumers, and should at least consider doing so.
