This month, Google announced that they’d begin removing millions of third-party cookies from their products in April and simultaneously debuted their new targeting solution for advertisers: Federated Learning of Cohorts (FLoC). Although these changes don't effect channels such as push notifications, email, and SMS, they're raising concern in the digital advertising industry. Learn more about the latest privacy-inspired updates, the context behind them, and why FLoC is making headlines.

Understanding Web Cookies: First-party Versus Third-party Cookies

Cookies are one of the primary mechanism by which companies track user behavior on the web in order to deliver a more personalized experience or target digital advertisements.

First-party cookies are created and stored by a specific domain that a user visits. This type of cookie allows the domain owner to track data related to their own website, such as page engagement, viewed content, checkout settings, and more. Because this information can only be collected and used on the website in question, first-party cookies aren't helpful for retargeting ads across the web.

In contrast, third-party cookies aren’t controlled by the website(s) a user visits — they’re leveraged by third-party (hence the name) data analytics companies that specialize in advertising and retargeting across a vast network of websites.

Whereas individual brands control what data is collected by their own website cookies, they don’t control third-party data collection — and in most cases, neither do their users. This is an important distinction with regard to user privacy concerns. Websites are required to notify users about the types of first-party cookies they’re using, and must give users the option to deny permission or customize their site cookie preferences. To date, the user privacy protocols for third-party cookies have been less established and transparent.

Google Ends Third-Party Cookies

Back in 2019, Google launched a “Privacy Sandbox” initiative with the goal of "building a more private web." A core objective of their initiative was to create an ad personalization alternative to third-party cookies that would better protect user privacy. One year later, they followed up on their promise by announcing a plan to remove all third-party cookies on their Chrome browser by 2022 — something which their top competitors, Firefox and Safari, had already done.

Google made headlines again earlier this month when they announced that they would begin removing third-party cookies from Chrome in April 2021 — potentially accelerating their original timeline. As part of that announcement, Google also revealed the outcome of their Privacy Sandbox initiative: a solution for advertisers called Federated Learning of Cohorts (FLoC). FLoC will still enable Google to track user behavior across the web, but rather than creating individual data profiles for each user (as was true with third-party cookies), the system will assign users to different audience groups, or “cohorts,” with similar characteristics.

What does this mean?

Although FLoC enables advertisers to target user cohorts, many advertisers fear that it won’t provide the same level of hyper-specific targeting which has been their bread and butter for years. In an attempt to quell these concerns, Google shared that simulations done with FLoC earned “at least 95% of the conversions per dollar spent when compared to cookie-based advertising” — but the advertising industry is not so easily reassured. Regardless of whether or not FLoC proves to be a viable solution for advertising SDKs, third-party cookies will be permanently removed from Google and will not be replaced with an individual tracking ID.

The end of third-party cookies is generally considered to be a positive development in the quest for greater user privacy protection. FLoC may not put an end to user data tracking across the web, but it does help anonymize what data is shared with advertisers. That said, Google will continue to use first-party cookies to collect user data on its main web products (YouTube and Google Search) — and that first-party data will still be used to target ads within their native Google Ads network. In this regard, Google’s advertising revenue is largely sheltered from the third-party cookie ban, whereas third-party advertising ecosystems are much more vulnerable to the change. If Google’s FLoC is not as effective as Google hopes and insists, ad personalization capabilities could diminish and acquisition costs could rise, undercutting large digital advertising platforms and altering how businesses invest their resources.

The Rising Importance of Marketing Channels

Many digital marketers have used third-party advertising platforms to bolster their demand generation efforts. As third-party cookies disappear, other outreach channels that don’t require third-party cookies such as push notifications, content marketing, email, and SMS will become increasingly important. These channels help businesses deliver a hyper-personalized cross-channel experience, ignite reengagement, and nurture revenue without jeopardizing user privacy. If user acquisition costs rise as a result of less ad personalization, companies will also have to refocus their resources and attention on user retention. Compared to traditional digital advertising frameworks, user communication channels are better suited to fostering brand loyalty and boosting customer lifetime value (LTV).

What do Google's changes mean for OneSignal?

OneSignal isn't impacted by FLoC and supports the spirit behind these changes. Unlike some other  SDKs, the data collected by OneSignal's SDKs is fully owned by the domain owner and isn't shared with data brokers or advertisers. You can find a comprehensive list of the data tracked by our SDK.