Google’s cookie u-turn leaves consumers with an even more complicated privacy landscape.

In 2020, when Google announced its plan to deprecate third-party cookies in Chrome, it stood out as the last major browser still supporting them. Firefox, Safari, and Edge had all already made third party cookies go away through controls or removal of the feature. Chrome was the privacy sore thumb, still allowing tracking by a technology that had become synonymous with advertising and a bad word by privacy enthusiasts everywhere.

Surprisingly, in the discussions to remove third party cookies, there was more of a privacy debate that extended beyond the financial impact of personalization. Fingerprinting (the act of individually identifying a browser from unique attributes of the setup) and alternative identifiers were already proliferating. These alternatives allowed for tracking across sites yet lacked even the simplistic controls that Chrome offered to manage third party cookies. You could see what cookies you had and you could delete them (if you knew enough to do so without accidentally making yourself re-login to every site you visited). Despite their pariah nature, from a privacy perspective, third party cookies were in many ways better than the alternatives.

Fearful of privacy driving users to leave Chrome for alternatives, wary of the impact of losing third party cookies and watching the rise of alternative identifiers, Chrome embarked on the quixotical effort of the “privacy sandbox” – the idea being to provide alternative solutions for advertising use cases that were privacy friendly.  It was a concept without a concrete solution, theoretically sound but fraught with risks related to adoption and market dynamics. Many iterations later, its fate is still uncertain as those that want it to succeed are not the same as those that would actually use it.

The unraveling started in December of 2024 when Google quietly revised its policy on Fingerprinting. With fingerprinting now permitted, Google gained an alternative that eased the business pressure to eliminate third-party cookies. The subsequent development was Google's antitrust case, where the potential remedy of divesting Chrome transformed the risk of retaining third-party cookies into a strategic asset. Therefore, it should be no surprise that Google recently announced Chrome would not deprecate third party cookies after all.

So, where does this leave consumers? They are left navigating a world of perpetual cookie banners and even more ways to be tracked. While Google's decision to retain third-party cookies might lessen the immediate need for advertisers to employ alternatives on Chrome, the existence and deployment of these solutions across other browsers mean consumers face more avenues for tracking than ever before. Distinguishing between responsible and malicious actors has become nearly impossible, and employing blanket blocking measures forces users to choose between privacy and being at odds with valued content creators. Now more than ever, consumers require a more effective and user-friendly approach to managing their consent.