Prepare for even more metaphor mixing when describing Google’s latest gambit to replace third-party tracking cookies. Dubbed “Federated Learning of Cohorts” and shortened to FLoC, the ovine herd references alone are inescapable. Here’s a simplified explanation of the technology along with some speculation about the future of FLoC.
Why Did Google Create FLoC?
Ad tech industry players—including Google—depend on cookie-driven surveillance to drive targeted ad revenues. “Free” services offered by big tech are, after all, actually just trades of your personal information for no-charge use of the irresistible features they offer. Once surrendered, your data fuels their ability to charge advertisers to grab your attention. Big tech companies have come under increasing scrutiny from privacy advocates and governments for enabling the tracking of every move people make on the internet.
The ability to serve ads and messages based on the full history of an individual’s activity on websites, social media, and even in email, has been at the core of ad technology for a long time. That’s why we all get display ads for items we recently viewed in searches, and it’s why news stories related to topics we’ve read about appear in feeds, for instance. Cookies are the code snippets deposited in browsers that facilitate all this tracking. Third-party cookies are the specific cookie variety Google is trying to replace with FLoC, ostensibly to improve privacy in tangible ways.
FLoC is part of a “privacy sandbox” concept that isolates your exact identity and browsing habits from advertisers while still allowing them to deliver relevant promotions to you online. Google believes that it can segment people into large, anonymized groups (cohorts) who share characteristics useful for targeting ads. FLoC will do this (or not) by unleashing Google’s potent Artificial Intelligence (AI) power upon all the information it already has collected on nearly everyone, everywhere. Comparing traditional use of cookies with this new approach will help you judge how this may change your internet experience as a consumer or as an advertiser.
The Cookie Party
First-party cookies are those shared only between a visitor and the owner of a website. They are useful for storing information such as logins, shopping carts, and site preferences; things which both parties agree make life easier on that particular site. In addition, the user can agree to have the website owner track browsing history with first-party cookies, but only on its site. FLoC does not change anything about first-party cookies.
Let’s use an example of a photo and electronics e-commerce retailer that saves customers’ site preferences to simplify online shopping. The site also saves browsing and ordering histories to learn how customers’ interests change. That’s why shoppers subsequently see display ads and receive emails prompting them to buy related goods. Few customers object to such personalized marketing when they have a first-party relationship with the vendor. Understandably, the retailer does not share any of that private information with other parties, or competitors would benefit.
But that store might also want to advertise to other people with whom they do not have a first-party relationship. Targeting people interested in travel, marketing, performing arts, and other disciplines that parallel their existing photo and electronics customers could be beneficial. Third-party cookies enable just that. Sites like MSN, CNN, and Yahoo (or any site with broad content) place cookies that track anything you permit. Since most internet users are not careful about permissions, that means everything about every site you visit becomes part of aggregated records. Advertisers spent much of their $350 billion 2020 digital budget following those trackable crumbs you donated by virtue of third-party cookies.
But haven’t third-party cookies been on their way to oblivion for a while? Apple and Mozilla browsers block them by default. Even Google will block them in the upcoming versions of Chrome. Governments have imposed limits on their use. Privacy advocates are campaigning to educate the public about their evils. So, what’s the big deal?
It is all about what supersedes third-party cookies as the way to monetize the attention of consumers for advertising. Google wants to replace all those billions of records on specific individuals with FLoC, a bargain that is supposed to yield a very slight reduction in ad efficiency for a very large increase in privacy. The rest of the ad tech industry is justifiably suspicious of Google’s positioning of themselves as the honest broker in a market they dominate.
Let’s say that Google’s scheme works to disconnect your third-party cookies while still showing ads in pretty much the same way as before. Is that a privacy improvement? After all, advertisers are more interested in using your habits to show appropriate content and less apt to do voyeuristic inspection of the particulars. If a mind-reader can tell exactly what you are wearing from the other side of a solid wall, is that more private than a glass wall? It depends on your trust in the motives and honesty of the entity that is ogling your outfit. Google’s AI is unproven, and it is not clear they can meet their goals for reasonable substitution, but it would be unwise to bet against its working eventually.
With FLoC, Google is portraying itself as the force of goodness, openness, privacy, and incremental change. Their gradual phase-out of third-party cookies gives some runway for ad tech companies who depend upon them. (It also conveniently lessens the impact of lost revenue from all those Google ads currently driven by third-party cookies.) Google is downplaying its pivotal role, which is a rational way to forestall anti-trust action that might follow its stifling large segments of competition overtly. In the meantime, Google continues to expand revenues from its existing “Smart Display” campaigns that hide details from advertisers. Smart Display actually feels a lot like a FLoC beta.
The Push-Back
You can see why there is strong opposition to FLoC by pretty much every company in the advertising business that isn’t Google. It has nothing to do with privacy and everything to do with competitors at risk of being bypassed for hundreds of billions of dollars in advertising services.
WordPress, on which over 40% of the world’s websites are built, recently announced it would block FLoC by default, calling it malware. It isn’t malware, but treating it as if it were could be a temporary impediment while the non-Google world scrambles to respond to FLoC. Neustar, a marketing analytics and connection security company, has been cooperating with Google and the World Wide Web Consortium on the Privacy Sandbox initiative. But at the same time, Neustar proposed PeLICAn, short for Private Learning and Interference for Causal Attribution, which takes an entirely different approach from FLoC for click attribution. The Trade Desk, a media-buying platform company, is leading a group of ad tech companies that are backing an anonymized attribution scheme called Unified ID 2.0, supposedly an advancement in privacy over current cookie tracking. These are only a few FLoC alternatives being devised, and there will be more as the fight intensifies.
The Takeaway
The convergence of high-minded privacy protection and self-interested market domination around ad audiences is an interesting sumo match among tech giants. Don’t forget that Facebook, Amazon, Apple, and Microsoft continue plotting to erode Google’s digital advertising hegemony—each with its own strengths in first-party relationships and/or operating system control. No business can be expected to act altruistically, but if clever, they will meet the demands from advertisers for value, from consumers for privacy, and from regulators for fairness in digital marketing.