Google Not on Board with Cookie Work-Arounds

Oh boy. So Google created a big splash yesterday with their announcement that they will NOT support the variety of cookie replacement…

Google Not on Board with Cookie Work-Arounds

Oh boy. So Google created a big splash yesterday with their announcement that they will NOT support the variety of cookie replacement technologies already under discussion to keep the adtech industry humming along unchanged post 3rd party cookie deprecation in Chrome. The announcement caused quite a stir in the marketing tech community, with some certain that this spelled the end for shared individual IDs in marketing. Others called this a ‘nothing burger.’ In my view, the announcement was incredibly important, perhaps decisive, but not for the reasons you may think.

We have a lot to unpack …

What we know the statement means:

  • Google will not be using one to one targeting IDs in their cross-site advertising products on a going forward basis, after the deprecation of 3rd party cookies. This means that if you are using a Google DSP, you will be restricted to cohort based buying and reporting, consistent with the Privacy Sandbox initiatives that we have seen for Chrome. This means that Google is effectively agreeing to be bound to the same restrictions it is imposing on adtech companies writ large, at least with respect to its comparable 3rd party adtech businesses. In fact, in this narrow respect, Google is agreeing to be at a disadvantage (for the moment) to the broader adtech community, which is actively attempting to architect 3rd party cookie work arounds. In theory, if the the work arounds prove effective, Google is declaring that it will not use them, and cookie replacements will work for everyone non-Google.
  • Google will continue to use individual IDs on all of its owned and operated properties. YouTube and other Google properties will continue to target as before.
  • Google is putting its considerable commercial and political weight into a public position in opposition to the multiple industry efforts currently underway to build individual IDs that might replace the cookie. Think of efforts like Unified ID, Rearc, and to a certain extent, PRAM. PRAM released shade today: ‘We are disappointed that Google did not work more closely with the industry prior to announcing its latest plans, but we believe Google’s announcement presents a critical opportunity for future collaboration.’ Google raced to take PRAM up on this public dialogue with … sorry, I kid.

What the statement does NOT mean:

As of today, we do not have any indication that Google is taking restrictive steps on what other companies can do, including through its various adtech rails, including Google AdEx. In theory, Google could take the additional step of finding technical choke points to eliminate or make less efficient the passing of individual IDs through its infrastructure between parties, effectively blocking these IDs from being effective in much of the programmatic internet. Or they could publish policy that would impose such restrictions on clients and partners, much like Apple is doing with recent ATT policy on iOS 14, creating an immediate chill on conduct for anyone operating in the Google ad ecosystem. They are not taking any of these steps. So in theory, these efforts all remain viable. Google is simply saying that they will not directly participate.

Consistent with this view, the NAI released a statement today that says, in part:

  • We understand from our conversations with Google that they will not block non-Google DSPs from connecting with publishers. Publishers — including those who work with Google’s SSP — will continue to have control over their direct relationships with buyers.
  • We understand that companies that use Google’s ad infrastructure, such as its ad exchange, will be able to share information with partners as they see fit. In the coming weeks, Google will provide more clarity how Google Ad Manager is evolving and experimenting to support publisher 1P use cases. …
  • We understand that Google is not changing policy or technology for how publishers collect or use data directly from their users, including for ads they show on their own sites. Google’s announcement specifically outlines the way Google’s products will work — it does not prescribe how others will.

Where this is all going:

If you were concerned about accusations of anti-competitive behavior, and were under active review from multiple agencies, you might declare this self-imposed restriction preemptively to inoculate yourself against accusations that your restrictive path on cookie blocking was designed to benefit your own adtech businesses.

Google is under considerable pressure, in part because their efforts undertaken in the name of privacy have taken massive leverage away from the 3rd party adtech marketplace and potentially from the independent web that these companies fund. We always assumed that they would need to make changes to relieve this pressure, but that those changes would come at the expense of Google’s 3rd party adtech business lines, without giving relief to the rest of adtech. Those changes appear to be underway. They give regulatory breathing room to Google’s larger strategic roadmap.

We are also operating in a policy environment where laws around the world and big tech platform positions (Apple, Chrome) are all pushing against the individual IDs that marketing companies have survived on over the last 25 years. And while there has always been pushback, this year has marked a tipping point, where the ecosystem is being pushed into massive reconfiguration for the first time in response to these simultaneous pressures.

Many in the adtech ecosystem have proposed an email based identification system to replace the cookie, reliant on new publisher consents that will enable the ID for advertisers. Will consumers opt-in? Will publishers consistently push this consent in front of consumers?

Can we blame Google for questioning whether this is progress in any real privacy sense?

By placing their weight firmly behind ‘NO,’ Google is making it easier for law makers and regulators to turn the screws on cookie circumvention technologies. Publishers will have more reason to be skeptical of these new email ID consent interfaces, which could help cut off their viability.

Between legal hurdles for marketers, device proliferation, the rise of walled gardens, platforms cutting off access … it was always a hopeful goal for adtech companies to replace cookies with an email based ID. And it remains possible that email based IDs will have a role for certain marketing applications or for specific publishers and private marketplaces.

It will be harder and harder for adtech companies to execute large scale infrastructure for the open web that is reliant on workarounds in unfriendly environments. Big brand marketers and companies with direct consumer relationships will find it difficult to rely on targeting capabilities frowned upon by the press, many legal regimes, and by the tech platforms themselves, who increasingly promise to protect the consumer against such encroachments.

For the broader marketplace, companies will need to focus on:

  • Advanced applications of 1st party data and optimizing within the constraints that the platforms are providing.
  • Monitoring and advocating within the Privacy Sandbox for Chrome.
  • Pushing on capabilities within the SKAdNetwork in iOS.

In other words, reading the room and accepting new constraints.

At same time, constraints will bring innovation. A new market will emerge, with platforms in an even stronger position. There will still be a robust marketplace for companies ready to augment 1st party data and all of the veins of 3rd party data that remain. It is entirely possible that digital marketing as an industry will continue to grow unabated, with new alliances forming and dollars running to premium inventory and channels where data can cut through creatively or where the ROI is simply evident, with or without data.

This just won’t be the market that we’ve known for the last 10 years.

The Lucid Privacy Group actively manages privacy strategy and operations and serves as DPO for startups and rapidly scaling technology companies. We come at the issues with a pro-privacy, product and technology orientation, and can translate arcane legalese into real world, pragmatic terms. Drop us a line at or visit us on the web or Twitter.