Farewell FLoCs, we hardly knew ye
My team is updating our monograph on advertising, third-party tracking cookies, privacy and compliance. This is merely a quick “first look” at what I call Google‘s “FLoC 2.0”, with a few closing comments on the elephant in the room: how much might advertising and data retreat inside silos (Apple, Facebook, Google, TikTok, etc.) where nothing is passed around or shared, and most of these privacy regulations simply will not apply?
28 January 2022 (Brussels, Belgium) – Google’s latest solution for audience targeting without third-party cookies just might scale the regulatory hurdles that are coming. But in diluting targeting capabilities, it sure looks like it will be less useful for marketers.
This past week, Google announced Topics, its latest version of federated learning of cohorts (FLoCs), based on feedback from the industry and the U.K. watchdog Competition and Markets Authority which had a heavy hand in all of this.
EXPLAINER: FLoC (the really short version). Browsers need a way to form clusters that are both useful and private: Useful by collecting people with similar enough interests and producing labels suitable for machine learning, and private by forming large clusters that don’t reveal information that’s too personal, when the clusters are created, or when they are used. A FLoC cohort is a short name that is shared by a large number (thousands) of people, derived by the browser from its user’s browsing history. The browser updates the cohort over time as its user traverses the web.
The browser uses machine learning algorithms to develop a cohort based on the sites that an individual visits. The algorithms might be based on the URLs of the visited sites, on the content of those pages, or other factors. The central idea is that these input features to the algorithm, including the web history, are kept local on the browser and are not uploaded elsewhere — the browser only exposes the generated cohort. The browser ensures that cohorts are well distributed, so that each represents thousands of people.
With Topics, your browsing history for that week is based on a handful of – you guessed it – topics, like travel and transportation or fitness. When you visit a site, Topics picks just three, one topic from each of the past three weeks, to share with the site and its advertising partners. It’s an altogether simpler concept.
FLoCs had their fair share of critics: as well as being convoluted, publishers were frustrated it allowed Chrome to collect too much personal information on users. Privacy advocates were concerned people could be re-identified and it stumbled to meet the EU’s General Data Protection Regulations. NEWS FLASH! With all the new tech out there, reidentifing people is getting easier and easier.
So now, say the pundits, being privacy compliant and effective will be Google’s next challenge.
So, what’s different about Topics? Well, a lot and also not a lot. Interest-based targeting, based on thousands of topic criteria, is simpler to understand than the string of numbers that denote FLoC IDs and the machine learning mechanism behind them. But, with Topics, it’s still the browser (Google’s Chrome) monitoring the sites visited by a user on a continuous basis in order to decide which topics should be attributed to the browser of that user—and renewed every three weeks. It’s the same contextual targeting capability from around 2005. It’s not very sophisticated. The new solution appears to be using contextual as the key data signal so you can’t grow and collect a larger profile. It’s the same data but putting a different recipe on it.
The main difference is the level of granularity in classification. Google has started with 300 topics based on the IAB content taxonomies v2 and Google’s own. It plans to add more but anticipates keeping in the hundreds to low thousands. In the prior version, we also saw some signals that helped to provide some level of socio-demo predictability. This seems to be totally gone now. Google would tell you that someone was in a FLoC, like a sports lover or cook, but not what the features were that grouped that person with other people.
So what they were giving the world is something that only a data scientist could make sense of. A lot of people are going to say “What the hell can I do with this?” So Topics is a dumbed-down version of a FLoCs that people are actually able to understand
Ah, but timelines. Google’s countdown clock still has the third quarter of 2023 in mind for ending support for third-party cookies in Chrome. But by the fourth quarter this year, it still plans to enter the first stage of the transition period, where Topics will be available for adoption. It has no plans to move this yet. Since the concept and process seem much simpler, it will make Topics easier for the industry to test and keep to its timeline.
Will this work for advertisers? That’s the million dollar (billion dollar?) question. Its effectiveness depends on the level of granularity of the interest targeting taxonomy. Sources I spoke with believe this simpler version, reducing interest to three categories and giving them a three-week time window, obfuscates the customer journey and will lead to disappointment for those used to precise, tailored audience targeting. After all, searching for the Super Bowl doesn’t mean someone is interested in football. With FLoCs, Google claimed it could provide third-party cookie-like performance when it came to targeting. Contextual data, while valuable, might not drive the personalization or precision that a marketer would want. It also rotates (referring to the three-week period) so that could disrupt that longitudinal relationship a marketer would want to have with a consumer.
So Topics are more static but less useful snapshots, while FLoCs could evolve with more data.
That means the information would be directionally accurate but not correct per se. Advertisers will need to be a little bit more liberal with customization; one to two or one to one will be harder to get right.
And what about privacy compliance? Topics avoid the issues that FLoCs had, mostly around fingerprinting and targeting people in sensitive data areas. The browser history stays on the device rather than external servers and people can remove themselves from individual topics that might be sensitive. That said, Topics’ opt-out mechanism could set a precedent for people across the rest of the web. We’ve seen that Google uses privacy as a competitive tool to position itself as the only organization accessing users’ data via the browser.
Neil Caruthers, a long-time friend at Ogilvy (where I had my first job in the advertising business) uses this example:
“If I don’t want any ads about hot dogs, am I still going to get hot dogs ads? Whether first-party or logged in, the big superpowers of online advertising will still have the ability to serve hot dog ads. That’s their power”.
Despite Google’s outward open-source and collaborative approach through W3C and the CMA’s oversight, people are still nervous. It’s as I noted above: using privacy as a competitive tool to position itself as the only organization accessing users’ data via the browser, shaping the data to its own design, and using it to continue rigging the advertising ecosystem. It is why there is demand/need that all proposals must have regular independent third-party audits.
Does anyone else stand to gain? Well, publishers who spent time on building out high accuracy of contextual and socio-demo targeting using their first-party data, like BuzzFeed and Vox Media, could see their capabilities and targeting offerings rise in demand going forward. The problem here is that time-poor agencies need to work across multiple publisher partners.
Either way, Topics will likely define how advertising works on the open web. From my conversations, marketers do not want to put all their eggs in one basket. Marketers appreciate the open internet. It will continue to be that way. Different platforms offer different value points. Even though there might be issues with this tool, advertisers are still going to use it because of Google’s reach.
And oh, the irony. Google is facing a fresh complaint from Germany’s largest publishers and advertisers, which are demanding that the EU intervene over the search giant’s plan to stop the use of third-party cookies. Axel Springer, the publisher of titles such as Bild and Politico, is among the hundreds of publishers, advertisers and media groups that have argued to the bloc’s competition chief, Margrethe Vestager, that Google is breaking EU law with its move to phase out third-party cookies from its Chrome browser by next year. So you have one part of the EU, led by German parliamentarians and regulators, who want to ban all targeted ads and cookies, and another faction … led by Springer … which wants to preserve surveillance tech.
The Springer decision is understandable. The decision blocks advertisers, publishers and intermediaries from analysing users’ preferences while they browse online content – a critical blow to how the industry generates revenues. Axel Springer has been joined by other industry bodies, such as Germany’s federal association of digital publishers, that argues that Google’s planned changes will damage their businesses while allowing the Silicon Valley group to collect vast amounts of user data in ways that leave its own ads-based search business unaffected.
The funny thing is that publishers do have the most to lose if surveillance-based ads are banned. The worst privacy violations are happening under their watch (they happen to collect “consent” on behalf of hundreds of ad tech players). As it stands, RTB (behavioural, programmatic real-time bidding) requires third-party cookies, and even though every other major browser has phased them out, publishers now dare asking the EU to force Chrome to remain a privacy nightmare. This time it is either privacy or competition. You cannot have both.
The bottom line, in more sense than one, is that content publishers who cannot generate adequate revenues will not generate content for long, so will either go bust or start charging for content that was once free. The German publishers know what every publisher knows: how many people are going to take out multiple subscriptions so they can read multiple sources, particularly if other sources are dipped into only occasionally? Hence the rapid deals the Australian, French and UK publishers negotiated with Google.
The fact that this might give Google an advantage over publishers on targeting anonymised audiences for advertisers it is absolutely fine with me. Given that there are several Google products that I use several times a day for free and make my life hell a lot easier than ever before, I don’t have any issue if the price I have to pay is seeing ads based on my browsing history or web behavior.
Though it is rather funny how Deutschland AG wants laissez-faire when it suits them and regulations otherwise, and then runs to big mama EU whenever someone blocks their seesaws or are hogged by someone else. Plus the irony that other companies such as Apple have done something similar with little or no scrutiny. Moreover with the introduction of more invasive technologies such as the metaverse, such third party cookies issues pale in significance.
But let’s be honest and face facts:
• This is a good example of the reality on how GDPR works to the benefit of large tech companies while hurting smaller ones. There’s a tail of tens of thousands of companies effected by this not just Axel Springer.
• The whole privacy/GDPR debate in Europe is what made both Apple and Google kill third party cookies. Of course both companies still control vast amounts of first party data so it won’t hurt them. By taking actions like this Google can both claim to take privacy seriously and hurt their competition at the same time.
• As I have noted ad nauseam over the last 5+ years, the EU Commission team that drafted/negotiated the GDPR had nobody who understood advertising, technology or how cyber infrastructure works. Regulators just didn’t see this coming as an effect of GDPR, and yet they were warned. But now it is here. GDPR has just given us walled gardens filled with data owned by Big Tech. It’s the same data just less competition.
And this whole cookie thing is just a diversion. What is far more important is that these platforms are recognised in law as publishers and as such are held responsible in any jurisdiction their content is available to be downloaded to the laws of that jurisdiction. So libel, hate, religious intolerance, lies, bias, etc. can all be picked up. That’s why the EU’s Digital Services Act is a far more important action but beyond the scope of this post.
As I have noted numerous times before, my team and I are fortunate in that our work overlaps domains we have covered for 20+ years: advertising, cyber security, digital/mobile media, software development and legal technology. We abhor silos because these days almost everything in technology is related and overlaps. And this is so well illustrated when it comes to online advertising. Our brethren in advertising and media know they must understand the restrictions of the GDPR and other privacy laws.
But when I scan the effluence from our members in the data privacy and legal tech ecosytem I note few venture outside their silos to understand how things really work in the advertising/media world. But to be fair, they do not need to. For them, this is all merely commerce. “Data privacy” experts and consultants have one goal: to sell, be it their services and/or products. Their mantra is that you must comply with these acts and they will help you. What is happening out there in the real world is not material. Don’t want to get a big fine, now, do you?
But this week, as Google updated “FLoCs” and moved to its cookie-alternative Topics, it knocked a lot of stuff for a loop: user browser history, web sites, advertisers and the GDPR. Google’s new proposal to replace invasive third-party tracking cookies, which are used in targeted advertising, will still enable an advertiser to buy ads based on users’ browsing but it also makes Google much stronger – the exact opposite of GDPR’s intent. Shifting the targeting stack into the browser means the browser companies (i.e Apple and Google) have more control, which raises all sorts of competition questions.
As I noted, we’ll address all these issues shortly in our updated monograph on the advertising industry, third-party tracking cookies, and the GDPR. For now, let’s just run through some basics:
In the beginning, e-commerce was very utilitarian. You knew what you wanted before you turned on your PC, you clicked on it and you bought it. The first really successful organizing layer on top of the web, search, was also very utilitarian and, of course, so was the first big online advertising model, which was explicitly based on search. But ever since then, e-commerce, discovery and advertising have been moving and expanding across the spectrum – expanding from utility to experience, and from search and lists to suggestion and discovery.
The global advertising business is now worth about $600bn a year, and at least half of that (and growing) is digital. A huge chunk of this is now being overturned, due to regulation (the GDPR, the CPA, etc.) on one side and platform companies (Chrome, iOS) on the other. Cookie-based, cross-site, third party tracking is going to disappear (well, in some manner), as is some of the related tracking that had been built into iPhones (the IDFA). You can advertise based on what’s on the page (“context”), and you can advertise based on what else someone did on your site (“first party”), but advertising based on what someone did on another site is going to look totally different. What does that mean? How different? No one quite knows. Trust me.
Obviously, no one actually likes cookies. In the last 25 years, the adtech business built a vast inverted pyramid of complexity, obscurity, rent-seeking, arbitrage and occasional fraud on top of cookies, which were never really designed for any of this. That also brought a lot of privacy problems, only some of which were inherent to the underlying business purpose (“show relevant ads and measure ROI”). Now all that’s going away – well, kind of. It’s all a bit hazy as we’ll describe in our monograph.
But though we now have a moral view of “tracking”, and a great deal of advocacy (“ban targeted ads!”), we really don’t have a good public conversation around what will happen next, or even what we want. And that offers all kinds of opportunities for Big Tech.
So, let’s just round up some of the issues:
• If you can’t track someone from A to B to C to purchase to E, where does the acquisition budget go?
• What happens to the quality of ads on Google search, and indeed the quality of search results, without any third party data to combine with context?
• What happens to Instagram ads?
• Do we also end the transfer of targeting data directly from advertisers to platforms, which is at least theoretically consent-based?
• Indeed, does this stop at third party data, where we track people across different sites, or do we also look at first party data, where Apple, Google or the New York Times track you within the same service? Isn’t that also “evil”?
• How much advertising will move to purely contextual targeting? Could you make a federated signed-in model across multiple sites and convert 3P into 1P, or has the privacy campaign killed the competition campaign?
• And what does all of this mean for the relative efficiency and market power of the biggest sites with the most context and the most first-party data – isn’t this all pretty great for the oligopolies? And which ones, in particular?
Plus, as I have detailed in numerous posts, location tracking is quietly, sometimes surreptitiously, baked into the web’s modern data collection regime. Google and Facebook have created a network of commercial surveillance with their tracking technologies. The practice of third-party tracking on websites has become so widespread and complicated that special software is needed to understand and track this modern data collection regime. For a brief introduction to how this works read a post I published two years ago which is still current.
What we have seen in recent years is significantly enhanced information sharing and networking capabilities among smartphone users, advanced by geospatial technologies which have undeniably permeated almost all aspects of modern life in our society. Social media apps are increasingly location-based, providing analysts with access to a wide range of shared spatial data, such as check-ins, geo-tagged images, video clips or text messages, or reviews of businesses and other localities.
Now, there is a positive impact. Based on these data, research studies provide valuable insights into spatio-temporal aspects of marketing, event detection, political campaigning, disaster management, migration, transport, natural resource management, human mobility, urban planning, tourism, epidemics, and communication. But let’s ignore “the good” for the moment.
This has all led to the creation of a new discipline I have written about before – geospatial data science. It is a transdisciplinary field that extracts knowledge and insight from geospatial big data using high-performance computing resources, spatial and nonspatial statistics, spatiotemporal analysis models, GIS (Geographic Information Systems) algorithms, machine learning methods, and geovisualization tools. It is also why we’ve seen the emergence of a geospatial cloud and the building of a comprehensive cyberinfrastructure.
For “The Horsemen of FAAMG” .. Facebook, Amazon, Apple, Microsoft, and Google … its meant a seamless technology stack which includes a geodata hub for sharing assets and facilitating community engagement, cloud services, online analytic tools, real-time big data processing, and a nice set of presentation options. “Location intelligence” in the trade.
And while location intelligence can be gleaned from social media enriched with locational clues, mined to a high degree, developers have realized that advanced geospatial / geographic information systems are foundational and not an add-on so they need to be baked into operating systems.
Meanwhile, part of the challenge analysing all of this need to regulate is how much of the noise is “religious”, and full of wishful thinking. Ah, those politicians and regulators. And the hysterical stuff we read about and hear from participants. Like the idea that if we banned all tracking then we would solve problems of misinformation and radicalism on social media – “platforms optimise for engagement” – as though contextual ads would work differently, and indeed as though subscriptions services don’t optimise for engagement. This reflects the opacity and complexity of the market as much as anything else.
No. one . knows . so . people . make . things . up.
Finally, a deeper question, perhaps the elephant in the room: how much might advertising and data retreat inside silos (Apple, Facebook, Google, TikTok, etc.) where nothing is passed around or shared, and most of these privacy regulations simply will not apply?
Where are we at? Simple. We need to know just what in hell is the problem we are really trying to solve and/or regulate.
