Google executes an 180° turn, blaming "divergent perspectives" in the online advertising ecosystem. But the the real trigger may be court action, especially in the US.
In 2019, in an attempt to sideline widespread demands over decades for online privacy, Google agreed to sunset third-party cookies.
To be completed by 2022, this was postponed 3 times - till last July, when Google announced a changed plan to keep the cookies but offer users an "informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time".
Today Google announced yet another change of plan, to basically just revert back to the 2019 situation, when blocking third-party cookies was a difficult option, rarely used.
A major motivation for them could well be court action. Last week a US judge found Google to be a monopoly in online advertising, which could lead to a break-up of its advertising businesses.
This week the remedy phase of the Google search monopoly case starts, that could see the Chrome browser, and perhaps the Android OS, being spun off.
But another case may end in disruption of the entire online advertising industry, and may have been the final straw for Google's plan. In March 31st a class action in the California District Court was started, targeting The Trade Desk's promotion of techniques to use ids stored in first-party storage to track people across the web, as a replacement for third-party cookies.
All online tracking needs client-side storage, a fact well understood by the drafters of the EU's 2002 ePrivacy Directive. But to recognise the same individual visiting multiple websites needs some kind of cross-domain shared key.
This is easy with third-party storage, ususally cookies, because the ids remain constant. Without them cross-domain tracking is still possible, but it needs the correlation of ids, i.e. all the potentially domain-specific ids stored in first-party storage needed to be associated together, e.g. the cookie value "12...abc" on domain facebook.com needs to be recognised as identifying the same browser client as cookie value "34---xyz" on domain google.com.
It is even more useful if the multiple ids can be associated with an individual person, rather than the browser they use, because people often have multiple devices. The Trade Desk uses individuals own email addresses or telephone numbers for this, scrambled so others cannot see the raw information, but still capable of uniquely tracking or singling out the person.
The case (number 4:25-cv-03136) summary includes a detailed technical description of the system.
If the case succeeds damages alone could amount to many $billions, even without the requested punitive or exemplory damages, as well as injunctive relief "permanently restraining the Trade Desk from continuing to use and store this information without consent and/or a court order, and requiring the Trade Desk to delete this information from its systems".
Success would also be a big fillip to collective redress, or even effective regulatory, actions in Europe - leveraging the much better clarity of the ePrivacy Directive with regard to the use of client storage, as well as the requirements for valid consent described in the GDPR.
The same arguments could be used in actions against many of the systems proposed to replace third-party cookies, leading Google to decide they may as well revert to the status quo for the remaining time it retains its monopoly.
While Google's domination of the space may end, probably along with Meta's, the whole online advertsing industry will have to deal with the fall-out from this case.