Google has released more details about its Privacy Sandbox policy to prevent personal data being harvested online by publishers, advertisers and data brokers in order to track users without their knowledge. Or, as Google puts it: “to develop a set of open standards to fundamentally enhance privacy on the web”.
One of the key points of the policy is that Google plans to end support for third-party cookies – one of the key tools for tracking web users’ online activity – within two years. In the meantime, Google said it plans to develop the tools to mitigate workarounds for a cookie-less experience on its Chrome browser, with the first trials beginning before the end of the year.
In a blog post, Justin Schuh, director, Chrome engineering at Google, said the company had received positive feedback in forums like the W3C that the mechanisms underlying the Privacy Sandbox represent key use-cases and go in the right direction, and were preferable to “blunt approaches to cookies” that “encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control. We believe that we as a community can, and must, do better.”
In the post, Schuh also said that Google is continuing its work to make current web technologies more secure and private. Chrome will limit insecure cross-site tracking from February, by treating cookies that don’t include a SameSite label as first-party only, and require cookies labelled for third-party use to be accessed over HTTPS. This move, it said, will make third-party cookies more secure and give users more precise browser cookie controls.
At the same time, said Schuh, Google is developing techniques to detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage these kinds of “deceptive and intrusive techniques”. Google plans to launch these measures later in 2020.