When it comes to violating users’ online privacy, there may be no worse culprit than Google. Currently, its parent company, Alphabet, faces a $5 billion lawsuit for using tools such as Google Analytics, Google Ad Manager, and smartphone apps to track users while they used Google Chrome’s Incognito mode. Technically, Chrome does inform users that their searches may still be tracked while in this private browsing mode. However, privacy advocates are arguing that Google’s tracking violates both state and federal wiretapping laws.
This is far from the first privacy hiccup for the online giant. And while many Americans still trust Google more than Facebook, eroding public trust is impacting the king of search. Slate wrote about this problem back in 2018, and recently Chris Matyszczyk of ZDNet tackled it as well, reporting that 35% of users with Google Pixel phones plan to go with another brand when they replace their phone. Many of them cited privacy concerns as a major factor why.
Google has made some half-hearted efforts at responding to public concerns over privacy. For instance, last June the company announced it will auto-delete user data after 18 months. But this only applies to new Google accounts opened by people who have never had a Google account before. So…if you’re reading this, you likely don’t qualify—just like the 1.5 billion people already using Gmail, and the 2.5 billion people using Android. Users who are tech-savvy or privacy-focused may know that you can manually set your Google account data to delete your history after three months, however, Google has made little effort to publicize this.
The Internet, Governments, and Online Privacy
When the internet was new, few people seemed to worry about privacy, and “the right to be forgotten” would have sounded like a strange right indeed. But as average internet users become more aware of what’s at stake, they’re pushing for better online privacy rights—and in many cases they’re looking to their governments to secure those rights against giant corporations.
In May 2018, the European Union passed the landmark General Data Protection Regulation (GDPR), and the U.S. may be set to follow suit. A survey by The Best VPN found that the majority of Americans do not think their privacy is protected online, and many lawmakers agree. Around the time the GDPR went into effect, Nancy Pelosi tasked California Democrat Ro Khanna with creating an “Internet Bill of Rights.” Some of these rights would include knowing when and what information is being collected by companies online, knowing how companies are using that information, and having a choice to “opt out” of data collection.
If those sound familiar, it’s because many companies are already implementing them either to get ahead of legislation or to curry favorable PR. This is reflected in the rise of “privacy-first browsers” like Brave, as well as moves by companies like Apple and Mozilla. Apple’s Safari has long blocked cookies, and Mozilla has recently released its “Total Cookie Protection” feature in Firefox. Other browsers will likely follow suit.
What’s the Problem with Cookies?
Cookies are small text files browsers store on an individual computer. Web browsers use these files to remember information while a user interacts with a website. The files might include information like login credentials, website preferences, and unique IDs for that user, but different sites store different amounts of user data. While some websites do encrypt cookies, many do not, leaving site visitors’ data vulnerable to a hacking practice known as “cookie theft.”
These cookies are what tools such as Google Analytics use to gather data about site visitors. Besides being a security vulnerability, the problem with cookies is that all data collected from them can be linked to individual users. And as we know, the data collected on these users goes far beyond simply what they clicked on while visiting our site. Online privacy advocates worry about how this data could be weaponized against users, but marketers rely on this data for the highly-targeted advertising they do.
But cookies pose a problem for marketers, too. Users are wise to them and have begun seeking ways to block them. As I already mentioned, Apple’s Safari and Mozilla’s Firefox browsers have been blocking third-party cookies for a while in response to user demand, and many newer browsers offer similar features. To stay relevant, advertisers must find a way to gather the data they need without upsetting users.
This issue is particularly relevant to Google. While many of us think of Google as a search engine, it became the giant it is by monetizing advertisements users would view while using its search engine. By collecting massive troves of user data, Google could offer marketers one of the most efficient channels for advertising they had ever seen. Now that everyday users are wise to what’s under the hood, Google is trying to straddle the line between user demands for greater online privacy and the data collection methods they rely on.
“Privacy Sandbox” and the Rise of Data Cohorts
Last year, Google announced it will drop support for third-party cookies in its Chrome web browser. The company claims the decision was made in response to users’ increasing concerns about their online privacy. This is part of a strategy Google has dubbed “Privacy Sandbox,” which aims to protect individuals by sorting them into groups of similar users and creating pools of generalized (rather than specific) data. As Mitchell Clark explains it, Google will be “hid[ing] the individual inside a large crowd.” With large enough pools of data, Google reasons, they can glean information that still allows for targeted advertising without the kind of alarming advertising snafus users have been fearing for almost a decade.
So far, Google claims it will not develop alternative tracking technology to replace cookies, unlike many of its competitors. Instead, they plan to roll-out a new tool called “FLoC” that will collect, anonymize, and group data from different users. If you’ve dug into the new Google Analytics 4, then its emphasis on cohorts and audiences probably makes more sense now; GA4 was built for the coming shift away from individuals to groups of similar users.
What is FLoC and Does it Work?
Google plans to replace cookies with “Federated Learning of Cohorts,” or FLoC. It sounds like a nightmare mashup from civics and math class, but it’s not quite that scary. Simply put, FLoC is an API—a small tool built into the Chrome browser that will communicate between different software programs. Its function will be to gather data, similar to how data was gathered from cookies. But instead of attributing that data to individual users, it will mix data from thousands of users into generalized groups.
Will this work for advertisers? Susan Wenograd of Search Engine Journal reports that Google has tested their new tool and “when reaching in-market and affinity audience types, they are seeing at least 95% of conversions per dollar they see with cookies.” However, the more data FLoC has to work with, the better its results will be. That’s just math. Wenograd reaches the same conclusion, pointing out that those targeting niche audiences will struggle more than those with broad audiences. She also points out that currently it’s unclear how businesses will be able to use first-party data with this new strategy. This shift is a work in progress for sure.
Has Google Cracked the Online Privacy Game?
It might sound like Google has cured its own woes. Surely this big shift toward privacy protection will get Congress, the EU, and the general public off its back.
But not quite.
Members of the Electronic Frontier Foundation, a privacy advocacy organization, admit that Google might have some good ideas. However, FLoC isn’t as anonymous as Google makes out. And other related proposals, like conversion measurement API and PIGIN, would effectively allow Google to identify users to at least the same extent that they do now. Another proposal poised to arrive in late 2021, FLEDGE, is simply a reworking of an earlier product called Turtledove. Careful analysis of these proposed tools might leave skeptics wondering how new these strategies really are and whether Google is more focused on lip service than real change.
How can Marketers Prepare for these Changes?
Little is currently set in stone since Google is actively evolving these strategies. And many of these strategies will likely change as Google receives pushback from regulators and privacy groups. However, change is definitely coming. So here are a few ways marketers can prepare:
Dig into Google Analytics 4
If you haven’t started using Google Analytics 4, now is a good time. Many experts agree that you shouldn’t delete your Universal Analytics account or assume that GA4 will offer everything you need yet. This latest iteration of Google Analytics is still being developed and some familiar tools from Universal Analytics are missing. But GA4’s new features offer the best sense of the direction Google is heading in. Get familiar with it now, maybe through some free training, so you can watch these developments unfold.
Follow Google’s own Updates
Google wants us to use its products. In fact, it puts a lot of effort into ensuring we use its products, even developing extensive, completely free courses that empower even beginners to start putting Analytics, AdWords, and Tag Manager to use fast. Google also maintains two blogs to help us keep up with changes and new products, the Google Ads & Commerce blog and The Keyword. If you’re not afraid of the technical side of things, you might want to also follow the Google Developers blog.
Keep Your Site Tags Updated
Google has been urging users to update their Google Analytics website tag to the new gtag.js for Google Analytics 4. Doing so is a good idea since this will enable more precise measurement of traffic on your website. It will also help you take advantage of new features as soon as they roll out.
Focus on Direct Relationships with Customers
Strategies that let you deal directly with the customers you serve are going to become more important moving forward. This includes loyalty programs, subscription services, signups for newsletters and offers, and any other place where users willingly share data with you.
Online Privacy Matters. That’s why We Protect Yours.
The data you exchange with clients, customers, and third-party vendors needs to remain secure. That’s why TracSoft takes network security seriously. We design and build out networks with security in mind right from the start. Pair this with our 24/7 security monitoring and automated system backup and know your data is safe.
If you’re concerned about your network’s security, contact TracSoft today to schedule a free, no obligation security assessment.