Analyst Chat #68: FloC and the Death of the 3rd Party Cookie

welcome to the KuppingerCole analyst chat. I'm your host. My name is Matthias. I'm not I'm lead advisor and a senior analyst at KuppingerCole analysts. My guest today is Annie Bailey. She is an analyst working in this large area of emerging topics. And hi, Annie. Welcome.
Hi Mathias. Thanks for having me back.
Great to have you, and we have quite something on our plate for today and maybe for some further episodes of this podcast as well. We want to talk about privacy. We want to talk about the ad market. We want to talk about what is currently going on, what is changing and what are users to expect to the good, and maybe also to the worst when it comes to these changes that we are looking at. So where should we start? I think we should have a first look at the ad market and how that actually is reflected within our day-to-day tools, which are our browsers. So what do we see or what do we not see when it comes to the ad market and when it comes to browsers, any,
When talking about privacy, usually there's a really strong association with cookies. Um, and so this is the connection between the ad market and how we as individuals, as employees, as simply people in the world interact on the internet. And so we have a few, uh, different sorts of cookies or things that you could encounter as you're going about your day. You could have first party cookies. Um, and just as a reminder, these are something which is set by the site you're visiting. So if you're on the New York times website, for example, it would be a cookie actually set by the New York times, managing that website. And it's used to recognize a user through multiple visits, you know, to recognize a reoccurring customer, or even through your journey there through different sub pages, if you're shopping, um, it would make sure your shopping cart, you know, keeps the things that you put there throughout your whole time browsing and shopping, and then you've got third-party cookies.
And so these are cookies, which are set not by the site that you're visiting. So if you're on the New York times and the cookies were set by Facebook, those would be third-party cookies. And then these start to become similar to trackers, which are kind of a general name for technologies that are collecting user behavior on a site, like how much time was spent on a page or your mouse, um, things like that. And so these trackers and also third-party cookies often collect information, which are then passed on to ad providers in order to deliver a very personalized service. And now this has some pretty strong privacy implications there. They're not great for privacy, if we could say it simply,
Right? So we are handing out additional information to third parties, which we usually would not like to communicate with. Talk to while we are visiting, as you mentioned, for example, the New York times website, so that the additional information is sent to somebody as that could be the content of your cards. That could be, um, additional information that can be then used for further purposes. It's about, yeah, presenting me next time, the proper ads that meet my behavior on the New York times website
And sometimes instantly as well, this information moves very, very quickly and, and is sent to a bidding offer. And, and all of this ends up giving you a very personalized experience sometimes too personalized with, with ads, um, reflecting your recent browsing history interests that you may have indicated on that site that you intended only for that site knowledge,
Right? So that of course also encountered immediate, um, GDPR, um, reservation. Some, some issues have been raised with these third party cookies and very early on Google announced to remove support for these third party cookies in Chrome. And they mentioned that that should be the case in 2022, but it's getting closer right now. So what are their plans right now when it comes to replacing third party cookies are just, yeah. No longer accepting them.
Yeah. So that is huge news that Google tends to remove the support for third party cookies on Chrome. They announced that in early March and more widespread testing of that could happen as early as April of this year. And so it's not simply that third-party cookies are being removed and disabled and not no longer supported, but they're being replaced with another, uh, another option. And what is, is being described as a privacy preserving API, which does the job of cookies in a, in a more privacy friendly way that should raise some questions from our end, but to begin with let's talk through what the offer is, what, um, what the suggestion is, and rather what is being tested. So these are called the flock. Um, so that's an acronym for federated learning of cohorts, and these are designed to build an interest based advertising thing in a privacy preserving manner.
And so it, it means to group, internet users, into cohorts, into groups based on their similar interests and these similar interests would be based on their recent browsing history. And so we could think of an example. So if a, if a user has been browsing a lot on clothing, retail sites moves over, looks at some, you know, beauty blogs then ends up at a, at a retailer for nail Polish. You could group that individual into a cohort with other people who have very similar browsing histories. Um, and that's the goal here with flock is to be able to place each individual user into a group of users that are incredibly similar to them with incredibly similar internet behavior.
Right. And, um, you've mentioned that already. So this grouping of interests together is what is considered to be privacy preserving. So, um, we are not longer treated as individuals, but we are associated with these cohorts, with these flocks of people that are then served with, um, ads that fit to the whole group, to the whole cohort of people rather than to the individual. Um, how is then this achieved? How can we make sure that these associations of me as an individual to this cohort is, is done in a first reliable, second secure way, and third, really in a privacy preserving manner, how is this done? Where is this taking place?
So, um, according to Google, who again is, is developing flock, um, privacy is determined by the size of the cohort. So when, when users are being grouped into cohorts, it's not taking their IP addresses, it's not taking their name, it's not taking this typical PII data. It's simply taking the recent browsing history. And so theoretically the larger, the cohort, the less easy it is to be able to determine, um, which user belongs to which exact fact browsing history and which user belongs to which cohort in the huge group of, um, or the huge number of possible cohorts that there could be. So this is, this is the proposition. Um, but there's obviously a off which they do acknowledge between the privacy. So the number of users within a cohort and the usability for ad providers and for the solution to also benefit ad providers. So, you know, the, the main foundation to Google's business is being able to accurately determine the interests of a user based on their cohort.
So that's one major trade off there, which is acknowledged. Another goal behind flock is that the cohort ID. So the idea that describes the entire cohort, um, and all the users belonging to that group, this cohort ID should not be able to be correlated with another cohort ID, um, which would build a longer and wider profile of a user. It users only going to belong to one cohort. And so that is another argument that they provide that they are protecting privacy, because you can only describe a user based on one cohort, not multiple cohorts and thus triangulate their identity from that.
Everything is based on my browsing history, being one member of this, uh, of this cohort being associated with this cohort ID, is this really a valid assumption? Um, I, my interests determined and only determined by my browsing history.
So perhaps if we're, if we're taking a very, um, shallow look at the complexity of human interests, but on the other hand, it's, um, it seems to be accurate enough that Google is pursuing further steps in, in testing and rolling this out. Um, so a website, um, at least in the tests that Google has been publishing about flock a website has given five category descriptors. So if you think of a website like Expedia could be labeled as travel as in flights, um, things like this, which could be varied enough to, to include the different possible reasons why you would be there. Uh, and thus encompass wider interests than simply one label. This of course could be increased. Um, we don't know exactly what flock is gonna look like in its final implementation. And so the more category descriptors that are applied per website, the more accurately it could describe your exact reason for being there. And Google has also stated that flock performs similarly to cookie based approaches. Um, it has a similar effectiveness in determining interests and being valuable to the app market. So yes, this is a valid assumption. Your interests, um, can be determined by your browsing history in a way that is profitable, right?
This whole approach of course raises a lot of questions. We have to, um, make sure that this is still a work in progress. Google is working on that. They are testing that, but nevertheless, um, this term being good as cookies or being as effective as cookies. I understand that I'm not tracked as an individual, but nevertheless, should that not raise any red flags for privacy?
Probably, yes. We know the reputation that cookies have, um, especially third-party cookies are, are really not privacy friendly. And so we really need to question that although flock is being advertised as a privacy, um, forward solution, we really need to see what the effect could be individual privacy. So yes, this should be looked at more closely and is probably something that we'll need a lot more time to discuss, to leave on a, on a positive note, Google has published these tests, they've requested feedback. So this is again, a work in progress. This is not set in stone, but the timeline is moving quite fast,
Right? So you've mentioned that already, that we need more time to look into the privacy implications, but also into the implications for the, for the ad business, which is a valid business model. It's at the core of consumer identity and access management. When it comes to marketing automation on delivering the right ads to the right people, this balance between privacy protection and the interests of the ad industry and the business in general, the digital transformation, and we will follow up, uh, any and me, we will follow up on that topic in one of the next episodes of that podcast. So we can close with at least the belief that we get rid of third party cookies, which is a good thing. Um, and then let's look at how the story continues after the third party cookies have gone and how business and how money is made on the web while improving privacy protection. Any final thoughts from your side, any before we closed on this episode, and then of course continue our discussion in LA to episode.
Yeah, I think 2021 is going to be an exciting year for, for privacy, for changes, um, in the way that we interact on the web. This is not going to look like the years previous. This is going to be something new and different for good, or for, um, yeah, for ill. We'll see what happens.
Great. So thank you very much. Any for your time today, we will follow up on that as mentioned. And I'm looking forward to talking to you again about this interesting topic by, by Annie.
Thanks for having me.
Thank you. .