How Google is Navigating the Cookieless Future:

Google has developed a sophisticated, intelligent, and practical system to continue measuring conversions and the performance of its campaigns, ensuring the Google Ads Optimization Algorithm remains effective post the demise of third-party cookies.

Fundamentally, Google has introduced three technologies to track conversions: Conversion Linker, Enhanced Conversions, and Consent Mode.

Each of these serves the same purpose: (1) to measure conversions regardless of user consent, (2) to furnish Google Ads with data to demonstrate value to clients and justify investment, and (3) to feed its algorithms for continued optimization and learning.

In summary, Google Ads will continue to measure effectively thanks to these technologies:

Conversion Linker: This automatically creates first-party cookies that Google can read and set up via Google Tag Manager. Thus, any cookie from Google Ads or GA4 becomes a first-party cookie. If the user accepts cookies, they can be measured.

Enhanced Conversions: If the user does not accept cookies, Google can still connect the GCLID with the email that made the conversion and the user’s Google Account. By making this three-way match, Google can identify which GCLID generated the conversion, continuing to provide data to Google Ads.

Consent Mode: If the user rejects cookies, Google sends aggregated and anonymous pings and stores the GCLID. Google can then associate a conversion with the GCLID, thus feeding its system.

The common link in all these technologies is the GCLID. The connection between Google Ads and conversion is the GCLID, making it a key element in the Google Ads ecosystem.

The main challenge for Google regarding the GCLID is that it can be considered personal data. Although it does not directly identify a user, Google can associate the GCLID with a user by connecting data, as we will show later in this guide.

The future of Google Ads campaign measurement appears secure. However, this is only an appearance. While Google can measure effectively, it possesses so much user information that user identification is easy, necessitating consent for measurement.

Therefore, when Google needs consent to measure, we will encounter two significant issues:

a) Data reduction: Advertisers will not know with certainty how much they are selling per campaign.

b) Algorithmic Unlearning: With less data, algorithms may perceive their actions as less effective, leading to an “unlearning” process.

To summarize, Google Ads should be able to measure conversions without issues. However, in practice, it could be more complex. Regulations clearly state that data is considered personal when an individual is identified or identifiable.

Google has demonstrated in its documentation that it uses the GCLID to count conversions by identifying users. Therefore, it’s crucial for advertisers to have a plan for measuring conversions across all paid channels in general and Google Ads in particular.

The problem with third-party cookies isn’t exclusive to Google Ads; it also affects Facebook Ads, LinkedIn Ads, Criteo, affiliate systems, and more. Any system working with third-party cookies will need help to measure if their campaigns are functioning correctly, leading to advertisers questioning the effectiveness of their investments.

At SEALmetrics, we have developed a technology that allows you to synchronize your conversions with the most important acquisition channels in an entirely private way for your website visitors without legal loopholes.

Ensuring that your algorithmic campaigns, like Google Ads or Facebook Ads, measure correctly so that the algorithms don’t “unlearn” and cause advertisers to lose sales is mandatory for brands in 2024.

Here’s a summary table comparing Google’s proprietary technologies, focusing on their functionalities, objectives, requirements for user consent, and privacy-friendliness ratings:

Google has created these technologies to track conversions on one hand: Consent Mode, Conversion Linker, and Google Enhanced Conversions; and on the other hand, technologies to generate audiences: Topics API, FLoC, and Turtledove.

Introduction:

Google Ads faces a challenge created by the evolution of the internet: the decline of 3rd party cookies. The first question we must ask ourselves is:

How will Google Ads measure sales/conversions?

As we all know, when a user lands on our website, Google places a cookie from its domain, hence a third-party cookie. When a conversion occurs, the Google Ads conversion pixel searches for the corresponding Google Ads cookie and thus assigns the conversion to the correct keyword and campaign, using the GCLID.

The GCLID, or Google Click Identifier, is a unique tracking parameter used by Google Ads. It plays a crucial role in linking clicks on advertisements to subsequent user actions, like conversions. Here’s a detailed explanation of how the GCLID works:

What is GCLID?

Unique Identifier: The GCLID is a unique string of characters generated by Google Ads each time a user clicks on an ad.

Purpose: Its primary purpose is to track the performance of Google Ads campaigns by connecting clicks on ads with actions users take on the advertiser’s website, such as making a purchase or signing up for a newsletter.

How GCLID Works

Ad Click: When a user clicks on a Google ad, the GCLID is automatically appended to the advertiser’s landing page URL. This URL parameter looks something like ?gclid=XYZ123.

Landing on the Advertiser’s Website: Upon arriving at the website, the website’s tracking systems capture the GCLID in the URL, which often includes Google Analytics and Google Ads conversion tracking code.

Storing GCLID: The GCLID can be stored in a first-party cookie on the advertiser’s website using the Conversion Linker tag in Google Tag Manager, or it can be captured and stored in other ways defined by the website’s tracking setup.

Conversion Event: When the user completes a conversion action on the website (like making a purchase), the conversion tracking tools use the GCLID to record this action.

Sending Data Back to Google Ads: The conversion data and the associated GCLID are sent back to Google Ads. This allows Google Ads to identify which specific ad click led to the conversion.

Conversion Attribution: Google Ads uses the GCLID to attribute the conversion to the correct ad, keyword, and campaign. This is crucial for advertisers to understand the effectiveness of their ads and optimize their campaigns.

Benefits of GCLID

Accurate Tracking: It precisely tracks how users interact with ads and their actions on the advertiser’s website.

Campaign Optimization: Helps advertisers optimize their ad campaigns by providing clear insights into which ads drive conversions.

Cross-Device Tracking: Supports cross-device tracking, helping to understand user behavior across different devices if the user is signed into their Google account.

Privacy Considerations

Anonymity: The GCLID contains no personally identifiable information.

Compliance with Privacy Laws: Advertisers should ensure their use of GCLID and associated tracking technologies comply with privacy laws and regulations like GDPR.

Structure of GCLID

The Google Click Identifier (GCLID) is an encoded parameter used in Google Ads for tracking purposes. While the GCLID itself is not human-readable, it is associated with various pieces of information related to a user’s interaction with an ad. This information includes:

Ad Interaction Details:

Specific Ad Clicked: Identifies which ad was clicked by the user.

Campaign Information: Links the click to the specific Google Ads campaign and ad group.

Keyword Data: Associates the click with the keyword that triggered the ad.

Conversion Tracking:

Conversion Events: When a user who clicked on the ad completes a conversion action (like a purchase or sign-up) on the advertiser’s site, the GCLID helps attribute this conversion to the specific ad interaction.

Timestamps:

Click Timestamp: Records the time when the ad was clicked, helping in understanding the time lag between ad interaction and conversion actions.

Cross-Device Attribution:

User Device Information: In some cases, it can help in attributing conversions across different devices if the user is signed into their Google account.

Geo-Targeting and Demographic Information:

Location Data: May include general information about the geographical location where the ad was clicked.

Demographic Data: Potentially includes demographic targeting information used in the ad campaign.

Ad Performance Metrics:

Click-Through Rates: Helps in calculating the effectiveness of the ad in terms of click-through rates (CTR).

Cost Data: Assists in determining the cost associated with the click in cost-per-click (CPC) campaigns.

Custom Parameters:

Advertiser-Defined Parameters: If custom parameters are set up in the ad campaign, the GCLID can help link those parameters with the user’s interaction.

What are cookies?

Cookies are small pieces of data that websites store on a user’s browser. They play a crucial role in the web browsing experience by remembering user preferences, login details, and other information that helps customize the user experience. Cookies can be categorized mainly into two types: first-party and third-party cookies.

First-Party Cookies

First-party cookies are created and stored by the website the user visits. The website owner directly manages them.

These cookies are used for remembering login details, maintaining session information, and storing user preferences for the specific website.

Generally considered more privacy-friendly as they are used within the context of the user’s interaction with that particular website.

Third-Party Cookies

Third-party cookies are created by domains other than the user is visiting directly, hence the name ‘third-party.’ Third-party advertising networks or analytics services usually set them.

These cookies are mainly used for cross-site tracking, retargeting, and ad-serving purposes.

Third-party cookies have raised privacy concerns as they track user behavior across different sites, often without explicit user consent.

Google’s Plan for Phasing Out Third-Party Cookies

As of my last update in April 2023, Google had announced plans to phase out third-party cookies in its Chrome browser by the end of 2024. This timeline has been adjusted a few times, reflecting the complexity of the transition for the advertising ecosystem.

The delay in phasing out third-party cookies is largely to give publishers and advertisers more time to adapt to new technologies and methods for audience targeting and measurement that are more privacy-centric.

Google is working on the Privacy Sandbox initiative, which aims to develop new tools to replace third-party cookies with more privacy-preserving alternatives like FLoC (Federated Learning of Cohorts).

This shift by Google and other industry players marks a significant change in how online advertising and tracking will function, focusing more on user privacy and data protection while still enabling relevant advertising practices.

How Google Ads count conversions without cookies:

When a user lands on your site from a Google Ads ad text and makes a conversion, if the user doesn’t accept cookies when he lands, Google Ads can’t assign the conversion to the correct Google Ads click.

But, it’s even more dramatic when Google Chrome switches off 3rd cookies because Google Ads won’t be able to assign a conversion to the correct Google Ads click. After all, the Google Ads conversion cookie is a 3rd party cookie so it won’t work.

How Google Ads can fix this issue?

The Google Ads team has worked with many alternatives to 3rd-party cookies.

Google has launched new tools and features focused on tracking conversions while respecting privacy.

Google Ads Enhanced Conversions

Enhanced Conversions in Google Ads is a feature that improves the accuracy of conversion measurement in advertising campaigns. It focuses on using first-party data securely and privately.

Here’s how it works:

Use of Encrypted Advertiser Data: Enhanced Conversions allow advertisers to send encrypted information about user conversions, such as email addresses or phone numbers, obtained through their websites or apps, to Google. This data is encrypted before being sent to Google to protect user privacy.

Note: email and phone numbers are PII, so consent to track is mandatory.

Combination with Google’s Data: Once Google receives the encrypted data, it combines it with its anonymized information to attribute conversions to interactions with ads more accurately. This is done to protect the user’s identity and privacy.

Improved Conversion Measurement: This process allows for more accurate measurement of conversions, especially in cases where direct tracking is difficult, such as on mobile devices or in browsers that block third-party cookies.

Compliance with Privacy Regulations: Enhanced Conversions are designed to comply with global privacy regulations. By encrypting user data and using it aggregated and anonymously, Google seeks to balance advertising effectiveness with respect for user privacy.

Optimization of Advertising Campaigns: With more accurate measurement of conversions, advertisers can more effectively optimize their Google Ads campaigns, adjusting targeting, budget, and ad creatives based on actual results.

Use in Conjunction with Other Google Tools: Enhanced Conversions can be used alongside other Google tools and technologies, such as the Conversions API, to gain a more comprehensive understanding of campaign performance.

Configuration and Customization: Advertisers can configure and customize how conversion data is collected and used to tailor it to their needs and campaign goals.

As you can see in this Google presentation slide, Google wants to track conversions even when they have NO consent to track!

How does Enhanced Conversions work when no cookies are accepted?

1. The user lands on your site.
2. Google Ads assign the GCLID to a Google Account. (top right corner of your browser).
3. Your conversion pixel stores the purchaser’s or lead’s email address.
4. Google matches the email of the purchaser vs. Google’s account.
5. If a match exists, assign a conversion to a GCLID.
6. Google Ads knows which keyword made the conversion.

As you can read in Google Ads documentation:

“The data is then used to match your customers to Google accounts, which were signed in to when they engaged with one of your ads.”

For this reason, GCLID is a PII because Google can identify a personal user thanks to GCLID.

https://support.google.com/google-ads/answer/9888656?hl=en&ref_topic=11337914&sjid=15738097326934051660-EU

How to setup Google Enhanced Conversions:

Setting up Enhanced Conversions with Google Tag Manager (GTM) involves a few steps. Enhanced Conversions allow you to send first-party conversion data (like email addresses, phone numbers, or home addresses) in a hashed and privacy-safe way to Google Ads, improving the accuracy of your conversion measurement. Here’s a general guide on how to set it up:

Preparation

1. Google Ads Account: Ensure you have access to your Google Ads account.

2. Google Tag Manager: You should have GTM installed on your website.

3. Conversion Action: Identify the conversion action in Google Ads for which you want to set up Enhanced Conversions.

Setting Up in Google Ads

Access the Conversion Action: In Google Ads, go to the “Tools and Settings” menu, then under “Measurement”, click “Conversions”.

Edit Conversion Action: Choose the conversion action you want to enhance and click to edit it.

Enable Enhanced Conversions: In the conversion action settings, look for the “Enhanced conversions” section and enable it.

Input Conversion Data: You will be asked to provide the types of first-party customer data you collect on your conversion page (e.g., email, phone number).

Google Tag Manager Setup

Variables for Customer Data: In GTM, create variables that capture your website’s necessary customer data (like email or phone number). Ensure that this data is captured only on the conversion page after the user has converted.

Modify Conversion Tracking Tag: Edit the Google Ads Conversion Tracking tag in GTM:

• Under “Fields to Set”, add a new field.
• Set Field Name to enhanced_conversions_data and the Value to the variable(s) that contain your hashed customer data.

Test Your Setup: Before publishing, test your setup in GTM’s preview mode to ensure the tag is firing correctly and capturing the necessary data.

Publish Changes: Once verified, publish the changes in GTM.

Post-Setup

Verify in Google Ads: After setting up Enhanced Conversions, verify in your Google Ads account that the setup is correct and that data is being received.

Privacy Compliance: Ensure that Enhanced Conversions complies with privacy laws and regulations. This typically involves having a clear privacy policy and obtaining user consent where required.

Notes

Data Privacy: Enhanced Conversions require sensitive customer data to be hashed before being sent to Google. Ensure this data is handled securely and complies with data protection laws.

Data Accuracy: Ensure the accuracy of the data captured. Incorrect or improperly formatted data can lead to issues with conversion tracking.

Are Enhanced Conversions eprivacy and GDPR compliant?

Enhanced Conversions in Google Ads are designed to comply with various privacy laws, including the General Data Protection Regulation (GDPR) in Europe and the ePrivacy Directive. However, ensuring compliance also depends on how businesses implement and use these tools. Here are some key points to consider:

Data Hashing and Anonymization: Enhanced Conversions work by hashing personal data (like email addresses) before sending it to Google. This process turns the data into a unique, irreversible string, adding a layer of privacy and security.

Consent Requirements: Under GDPR and ePrivacy, it’s crucial to obtain explicit consent from users before collecting, hashing, and sending their data for conversion tracking purposes. This consent should be freely given, specific, informed, and unambiguous.

Transparency: Your privacy policy should clearly state how and why personal data is collected and used, including its use in Enhanced Conversions. Users should be informed about the data processing activities clearly and understandably.

Data Minimization and Purpose Limitation: Only collect and process data necessary for conversion tracking. Avoid using the data for unrelated purposes.

User Rights Compliance: Ensure that your data handling practices respect user rights under GDPR, such as the right to access, rectify, or erase their personal data, and the right to object to data processing.

Data Processing Agreements: If you’re using third-party services (like Google Ads) to process personal data, ensure you have data processing agreements that comply with GDPR requirements.

Regular Reviews and Audits: Regularly review your data protection policies and practices to ensure ongoing compliance with GDPR and ePrivacy regulations.

It’s important to note that while Google provides tools that can be used compliant, the responsibility for ensuring that any data processing activity complies with applicable laws lies with the website operator or the business using these tools. It’s often advisable to consult with legal professionals to ensure full compliance with all relevant data protection regulations.

Consent Mode Explained and Demystified

What is Google Consent Mode

Google Consent Mode is a tool designed to help website owners manage how Google services on their websites use cookies and collect data in the European Union (EU). It was developed in response to EU privacy regulations, such as the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

The main function of Google Consent Mode is to allow websites to adjust the behavior of Google services based on the consent status of users. If a user does not consent to certain types of cookies or data collection, Google services like Google Analytics or Google Ads will automatically adjust their behavior to respect this choice.

For example, if a user does not consent to use performance cookies, Google Analytics will not store cookies on the user’s device and will only collect basic usage data. Similarly, if a user does not accept advertising cookies, Google Ads will not use cookies to personalize ads.

Google Consent Mode integrates with third-party consent management solutions, allowing website owners to offer clear and easy-to-understand choices to users about how their data is used. This helps websites comply with EU privacy laws while still maintaining the ability to collect important data and display relevant advertising.

In summary, Google Consent Mode is a vital tool for ensuring that Google services on websites comply with EU privacy regulations while respecting users’ privacy preferences.

If a user does not accept cookies, how do GA4 (Google Analytics 4) and Google Ads operate to measure through the consent mode?

When a user does not accept cookies, both GA4 (Google Analytics 4) and Google Ads adjust their operations to comply with the user’s consent preferences as managed through Google Consent Mode.

Google Analytics 4 (GA4):

If a user opts out of cookies, GA4 enters a restricted data processing mode. In this mode, GA4 does not use cookies to track user-specific data.

GA4 will stop collecting data that is typically stored in cookies, such as user IDs or IP addresses. Instead, it will only collect basic interaction data in an aggregated and anonymized form. This means GA4 will still provide insights on website traffic and user interactions, but without the granularity and personalization that come with cookie-based tracking.

Additionally, GA4 is designed to work with non-cookie-based methods like machine learning to fill in the gaps in data where cookie-based tracking is unavailable.

Google Ads:

Similar to GA4, if users do not consent to cookies, Google Ads will not use cookies for personalized advertising.

This means that ad personalization and conversion tracking are limited. Ads will be less targeted and may not be based on the user’s previous website behavior.

However, Google Ads can still show generic ads not personalized based on the user’s cookies. It may also use contextual information (like the content of the current webpage) for ad targeting.

What data does GA4 collect when users reject cookies and the consent mode is active?

When a user rejects cookies, and the consent mode is active, GA4 (Google Analytics 4) still collects data, but it does so in a more limited and privacy-compliant manner. Here’s what GA4 typically collects in this scenario:

1. Aggregated and Anonymized Data: GA4 will collect basic data about user interactions with the website in an aggregated and anonymized form. This includes page views, time spent on the site, and general user flow.
2. Non-Personal Identifiers: GA4 may use non-personal identifiers, such as hashed strings, to gather some level of engagement data without tying it back to a specific user.
3. Contextual Information: GA4 can collect contextual information such as the type of device used, browser information, and the general geographic location (like city or region) derived from IP addresses. However, GA4 will anonymize IP addresses to prevent the identification of individual users.
4. Event Data: Event data like button clicks, video plays, and form submissions can still be collected. These events provide insights into how users interact with the site’s content.
5. Conversion Tracking (Limited): For sites that use GA4 for conversion tracking (like e-commerce sites), some basic conversion data might still be collected, like the occurrence of a purchase, but without the detailed user journey leading to that conversion.

Exactly, what data is tracked and stored?

Here’s a detailed look at the type of data collected and how it’s stored:

1. Type of Data Collected:

Page Views and Interactions: GA4 tracks basic interactions like page views, scroll depth, and site navigation patterns.

Event Data includes interactions like button clicks, video plays, and form submissions. These events are tracked without linking them to a specific user.

Contextual Data: Information about the type of device, browser type, and approximate location based on IP address (which is anonymized).

Session Data: Duration of the visit and number of pages viewed per session, without linking this data to a specific user.

Anonymization and Aggregation:

IP Address Anonymization: GA4 anonymizes IP addresses, meaning it does not store the full IP address of the user.

No Personal Identifiers: GA4 does not collect or store any data that could personally identify an individual, such as user IDs, email addresses, or other personal data.

2. Storage and Processing:

Data Aggregation: The data collected is aggregated, meaning it’s combined with data from other users to provide a general overview of site traffic and user behavior.

Non-Personalized and Secure Storage: The data is stored in a non-personalized format, ensuring it cannot be traced back to any individual user. Google also employs robust security measures to protect this data from unauthorized access.

3. Limited User Journey Tracking:

Without cookies, tracking the full user journey or path through the site is limited. GA4 focuses on session-based data and interactions during a single visit.

4. Compliance with Privacy Regulations:

GA4’s approach to data collection and storage in this mode is designed to be compliant with GDPR and other privacy regulations. It respects the user’s choice regarding cookies while still providing website owners with insights.

As we said previously, when a user doesn’t want to be tracked, Google consent mode starts to send some “pings” to Google, to inform about the behavior on the website of the user. Google will work in an aggregated way.

What information does Google Consent Mode “pings” to Google’s servers?

Consent Status Information: The primary data sent in a Consent Mode ping when a user opts out of tracking is the consent status itself. This information tells Google that the user has not consented to one or more types of data collection, such as cookies for advertising or analytics.

Basic Interaction Data: Even when a user opts out of tracking, Consent Mode allows Google to collect some basic, non-personal interaction data. This data is highly limited and anonymized, ensuring it does not include any personally identifiable information or user-specific identifiers. It’s used to measure general interactions like website traffic or the total number of ad impressions.

Aggregate and Anonymized Data: The data sent under these circumstances is aggregated and anonymized. While Google may receive information about general user interactions with the website or ads, it cannot tie this data back to individual users.

No Personal or Identifiable Data: Importantly, when a user opts out of tracking, no personal data or individual browsing behavior is transmitted to Google. This aligns with privacy regulations that require consent for such data collection.

Adaptation of Google Services: Based on the consent status transmitted, Google’s services like Google Analytics and Google Ads will adjust their behavior. For example, if a user does not consent to analytics cookies, Google Analytics will collect much less data, focusing only on basic, non-identifiable metrics.

Compliance with Privacy Regulations: This approach allows website owners to comply with privacy laws such as the GDPR and ePrivacy Directive, by respecting user choices regarding data collection and tracking.

Consent Mode behavior for Conversion tracking tags:

Consent and conversion pings may include the following behaviors depending on the state of the consent settings and the configuration of your tags:

ad_storage=’granted’ and analytics_storage=’granted’ (Default):

Cookies pertaining to advertising may be read and written.

IP addresses are collected.

The full page URL, including ad-click information in URL parameters (for example, GCLID or DCLID) is collected.

Third-party cookies previously set on google.com and doubleclick.net, and first-party conversion cookies (for example, _gcl_*) are accessible.

ad_storage=’denied’:

Cookies aren’t used for advertising purposes.

Existing first-party advertising cookies won’t be read.

Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.

Google Analytics won’t read or write Google Ads cookies, and Google signals features won’t accumulate data for this traffic.

IP addresses used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection.

Note: Google Analytics collects IP addresses as part of normal internet communications. Learn more about IP Anonymization (or IP masking) in Universal Analytics

Other fields normally collected by advertisers’ tags (for example, order id, value) are still sent.

Full page URL is collected and may include ad-click information in URL parameters (for example, GCLID or DCLID). Ad-click information will only be used to approximate accurate traffic measurement.

ad_storage=’denied’ + ads_data_redaction=true:

Cookies aren’t used for advertising purposes.

Existing first-party advertising cookies won’t be read.

Requests are sent through a different domain to avoid previously set third-party cookies from being sent in request headers.

Google Analytics won’t read or write Google Ads cookies, and Google signals features won’t accumulate data for this traffic.

Full page URL is collected and may include ad-click information in URL parameters (for example, GCLID or DCLID). Ad-click information will only be used to approximate accurate traffic measurement.

IP addresses used to derive IP country, but are never logged by our Google Ads and Floodlight systems and are immediately deleted upon collection.

Note: Google Analytics collects IP addresses as part of normal Internet communications. Learn more about IP Anonymization (or IP masking) in Google Analytics

Other fields normally collected by advertisers’ tags (for example, order id, value) are still sent.

Page URLs with ad-click identifiers are redacted.

analytics_storage=’denied’:

Won’t read or write first-party analytics cookies.

Cookieless pings will be sent to Google Analytics for basic measurement and modeling purposes.

If we recover this text from Google Ads documentation:

“Full page URL is collected and may include ad-click information in URL parameters (for example, GCLID or DCLID). Ad-click information will only be used to approximate accurate traffic measurement.”

If Google Store GCLID and as we saw in Enhanced Conversions, Google works with GCLID AND personal Google Account ID, Google would be able to identify the user who makes those clicks and conversions, so it’d need consent to track.

One of the key questions with all kinds of Google Tracking Systems is if Google works with GCLID and/or stores them; they explain in their documentation that can match Google Account and GCLID, so when Google works with GCLID they should ask for consent.

Regarding Google Ads tracking conversions. How can Google Ads track conversions if a user rejects cookies? Remember that GCLID is personal data

When a user rejects cookies, tracking conversions in Google Ads becomes more challenging, especially since the Google Click Identifier (GCLID) is considered personal data. However, there are alternative methods that Google Ads can use to track conversions without relying on personal data like the GCLID:

1. Model-Based Attribution:

Google Ads can use machine learning models to estimate conversions. This method relies on aggregated and anonymized data from users who have given their consent, applying these patterns to predict conversions for users who haven’t consented to cookies.

This approach doesn’t require personal data, based on general trends and behaviors observed across the site.

2. First-Party Data:

Businesses can use their own first-party data to track conversions. For example, if a user completes a purchase or a sign-up on the website, the site can record this conversion without relying on GCLID or cookies.

This method tracks conversions based on actions taken directly on the website, which can be relayed back to Google Ads without needing to identify the user personally.

3. Contextual Conversion Tracking:

Google Ads can track conversions based on the context of the ad click. For instance, if an ad leads directly to a sale or a specific action on a website, this can be counted as a conversion.

This method relies on the context of the user’s actions (like clicking an ad and then making a purchase) rather than tracking them across different sites.

4. Conversion Modeling:

Google Ads may employ conversion modeling, which uses historical data and algorithms to estimate conversions that might not be directly observable due to cookie restrictions.

This approach relies on patterns and trends in the data, rather than individual tracking, to estimate conversions.

5. Enhanced Conversion Tracking:

This is a feature in Google Ads where advertisers can send hashed, first-party conversion data (like an email address) from their websites to Google. This data is anonymized and helps Google match conversions without relying on GCLID.

Google Consent Mode is an API that adapts the functioning of Google products to the cookie choices made by website users.

This allows you to continue to measure conversions on a website while respecting users’ consent for advertising cookies or analytics cookies.

Yes, but these alternative measurement methods it offers still collect data from users despite having refused or declined their consent, so they are not GDPR compliant. For this reason, you have to make sure, you’re working with a really GDPR-compliant Web Analytics.

According to Google:

“Consent mode allows you to adjust how your Google tags behave based on the consent status of your users and enables Google to model for gaps in conversions. You can indicate whether consent has been granted for analytics and ads cookies. Google’s tags will dynamically adapt, only utilizing cookies for the specified purposes when consent has been given by the user. Using consent signals, we apply conversion modeling to recover lost conversions due to consent changes.”

What does this mean?

That this consent mode allows campaigns to be optimised to meet business objectives while respecting visitors’ privacy preferences.

Okay, that’s what Google says, but where is what we are interested in, what we need to consider?

When visitors refuse consent, the tags send signals (or pings) to Google instead of storing cookies. This might seem correct to us as it does not store cookie information, but if we look at it, it is tracking our conversions. Which, in the end, comes to the same thing, tracking our movements but from another angle for the same purpose, to fill us with third-party advertising.

If we look at the following reading, rescued from the Google blog, about how consent mode data is used:

“Let’s say someone visits your website and makes their consent selection for using ads cookies on your cookie consent banner. With Consent Mode, your Google tags will be able to determine whether or not permission has been given for your site to use cookies for advertising purposes for that user. If a user consents, conversion measurement reporting continues normally. If a user does not consent, the relevant Google tags will adjust accordingly and not use ads cookies, instead measuring conversions more aggregately.” Source: https://blog.google/products/marketingplatform/360/measure-conversions-while-respecting-user-consent-choices/

Here we find the statement that they are still handling the data. This is further developed in the following article:https://brianclifton.com/blog/2022/03/14/google-consent-mode-breaks-privacy-laws/

It gives us arguments about the irony in Google’s maneuvers to collect data even when a user has explicitly stated NO in consent mode. A surprising thing, he says, if we consult the official documentation. (Consent Mode on websites and mobile apps – Analytics Help). Acting on their particular logic to collect “anonymized” data from non-consenting users to model the impact of non-consent.

Taking a last look at the latter, although there is the possibility of rejecting cookies, there is also data capture, which brings us to the same point we mentioned before, copying and pasting the paragraph we referred to “Which in the end comes to the same thing, tracking our movements but from another angle for the same purposes, to fill us with third party advertising.”

Server-Side Tracking

Server-Side Tracking in Google Tag Manager (GTM) is an advanced method of collecting and sending data to Google Analytics and other marketing platforms. Unlike traditional client-side tracking, which relies on JavaScript running in the user’s browser, server-side tracking processes and sends data from your server. This approach offers several benefits and works as follows:

Data Collection: In server-side tracking, data is collected from the user’s browser or device as usual (e.g., via website interactions, form submissions). However, instead of sending this data directly to analytics platforms from the client-side, it’s sent to a server endpoint.

Server Endpoint: You set up a server endpoint in Google Tag Manager. This can be done using Google Cloud Platform or another cloud provider. This server endpoint acts as an intermediary between the user and third-party analytics services.

Data Processing on Server: Once the data reaches your server, it can be processed, modified, or enriched before being forwarded to Google Analytics or other marketing platforms. This might include tasks like filtering out spam, adding additional context, or ensuring data format consistency.

Enhanced Data Privacy: By processing data on the server, you have more control over what information is sent to third parties. This can help with data privacy compliance, as sensitive or personally identifiable information can be stripped out or hashed.

Reduced Client-Side Load: Server-side tracking can reduce the number of third-party scripts that need to run in a user’s browser. This can improve page load times and overall website performance.

Improved Data Accuracy: Server-side tracking can be more reliable in terms of data accuracy. It’s less prone to being blocked by ad blockers or browser restrictions on third-party cookies.

Implementation Complexity: Setting up server-side tracking is more complex than traditional client-side tracking. It requires server setup, configuration, and possibly ongoing server management and costs.

Compliance Considerations: While server-side tracking offers more control over data, it’s important to ensure compliance with data protection laws like GDPR. You need to ensure that you are transparent with users about the data being collected and that you have the necessary consent where required.

Integration with Other Tools: Server-side tracking can be integrated with various marketing and analytics tools, not just Google Analytics. This can centralize your data collection and processing.

In summary, server-side tracking in Google Tag Manager offers enhanced data privacy, improved website performance, and more accurate data collection. However, it requires more technical setup and management than traditional client-side tracking methods.

Setting up server-side tracking in Google Tag Manager

Setting up server-side tracking in Google Tag Manager (GTM) involves several steps, including configuring a server container in GTM and setting up a server to host the container. Here’s a step-by-step guide:

Create a Server Container in GTM

Go to Google Tag Manager: Log in to your GTM account.

Create a New Container: Choose to create a new container and select ‘Server’ as the container type.

Set Up a Server

Choose a Hosting Solution: You can use Google Cloud Platform (GCP) or another cloud provider.

Deploy the Container: If using GCP, GTM offers an integrated solution to deploy your server container directly. For other providers, you’ll need to manually set up the server and deploy the GTM server container.

Configure the Server Container

Add Tags, Triggers, and Variables: Similar to a web container, you’ll need to configure tags, triggers, and variables in the server container. This will define how data is processed and forwarded.

Set Up a Data Stream to the Server

Modify Website Tracking Code: Your website’s tracking code will need to be modified to send data to your server container. This typically involves updating the tracking setup on your website to point to the server container URL instead of sending data directly to services like Google Analytics.

Forward Data to Third-Party Services

Configure Client Tags: In the server container, set up client tags to receive data from your website and then configure tags to forward this data to third-party services like Google Analytics.

Test and Debug

Preview Mode: GTM server containers have a preview mode for testing. Ensure that the data is being received by the server container and correctly forwarded to third-party services.

Monitor Data Flow: Check the third-party platforms (like Google Analytics) to ensure that they are receiving the expected data.

Publish the Server Container

Go Live: Once you are satisfied with the setup and testing, publish the server container to make it live.

Key Considerations

Technical Knowledge: Server-side tracking setup requires a good understanding of server management and GTM.

Costs and Maintenance: Running a server-side container on a cloud platform like GCP may incur costs and requires ongoing maintenance.

Compliance and Privacy: Ensure that your server-side tracking setup complies with data protection laws like GDPR. This includes handling user consent and data securely.

Regulation Considerations:

User Consent: GDPR and ePrivacy require explicit and informed consent to track users and collect their data. This means server-side tracking systems must have mechanisms to obtain and respect user consent before any data collection or processing occurs.

Data Minimization: GDPR emphasizes the principle of data minimization, meaning that only the data necessary for the specified purpose should be collected and processed. Server-side tracking systems must ensure they are not collecting excessive data.

Transparency: Users have the right to know what data is being collected about them and for what purpose. Server-side tracking systems must provide clear and accessible information about their data collection practices.

Data Security: GDPR requires that personal data be processed securely. Server-side tracking often involves the collection and processing of data on servers, which must be secured against unauthorized access, data breaches, and other risks.

Data Processing Agreements: If server-side tracking involves third parties (e.g., cloud service providers), GDPR mandates that data processing agreements be in place, ensuring all parties handle data in compliance with the regulation.

Right to Access and Erasure: Users have the right to access their personal data and request its deletion. Server-side tracking systems need to be able to respond to such requests.

Cross-Border Data Transfers: GDPR imposes restrictions on the transfer of personal data outside the EU. Server-side tracking systems must ensure compliance with these rules when data is stored or processed in non-EU countries.

Impact Assessments: GDPR encourages the use of Data Protection Impact Assessments (DPIAs) for processes that may pose a high risk to user privacy. Implementing server-side tracking might necessitate such an assessment.

Record-Keeping: GDPR requires detailed records of data processing activities, including the purposes of processing, data categories, and data recipients. Server-side systems must keep accurate and detailed logs.

Cookie Walls and ePrivacy: Under the ePrivacy Directive and its interpretations, access to a website or service should not be made conditional on the consent to the tracking (known as “cookie walls”), which affects how server-side tracking can be implemented.

In summary, server-side tracking systems must be designed and operated strongly emphasizing user privacy, data security, transparency, and legal compliance. The GDPR and ePrivacy Directive demand careful consideration of user data handling, requiring robust consent mechanisms, data protection measures, and clear policies.

Conversion Linker

The Google Conversion Linker is a feature in Google Tag Manager (GTM) that helps in tracking conversions by improving the accuracy with which conversion events are attributed to user interactions with ads. Here’s how it works and its purpose:

Purpose of Conversion Linker: The primary role of the Conversion Linker tag is to ensure that conversion data is accurately captured and attributed, even in environments where browser cookies are restricted or deleted.

Cookie Handling: When a user clicks on an ad and lands on your website, Google Ads typically sets a cookie on the user’s browser to track the conversion event. The Conversion Linker tag helps by capturing the ad click information from the URL (which includes parameters like GCLID) and storing it in first-party cookies on your domain.

Ensuring Data Continuity: By storing the ad click information in first-party cookies on your website, the Conversion Linker ensures that this data persists even if the user navigates between pages or if there are delays between the ad click and the conversion event.

Cross-Device Tracking: The Conversion Linker can also assist in cross-device conversion tracking by linking user interactions with ads on one device to conversions that happen on another device, as long as the user is signed into their Google account.

Improved Accuracy in Conversion Tracking: This process improves the accuracy of conversion tracking, especially in scenarios where third-party cookies are blocked or deleted by the user’s browser. Since the Conversion Linker uses first-party cookies, it is less likely to be affected by such restrictions.

Compliance with Privacy Regulations: While the Conversion Linker enhances tracking capabilities, ensuring its use complies with privacy laws and regulations is important. Website owners should have clear policies and obtain necessary user consent for cookie usage.

Setup in GTM: To use the Conversion Linker, you must create and configure the Conversion Linker tag in Google Tag Manager and ensure that it fires on pages where conversions are likely to occur or where users land after clicking on ads.

Integration with Google Ads: The Conversion Linker is primarily used in conjunction with Google Ads to accurately track conversions from ad clicks, which is essential for evaluating the performance and ROI of advertising campaigns.

How to set up Conversion Linker

Setting up the Conversion Linker tag in Google Tag Manager (GTM) is a straightforward process. This tag helps in accurately tracking conversions from your Google Ads by ensuring that click information is preserved across your site. Here’s how you can set it up:

Access Your Google Tag Manager Account

Open GTM: Log in to your Google Tag Manager account.

Select Your Container: Choose the container you want to use for your website.

Create a New Tag for Conversion Linker

Navigate to Tags: In the GTM interface, go to the “Tags” section.

New Tag: Click on “New” to create a new tag.

Configure the Conversion Linker Tag

Tag Configuration: Choose “Tag Configuration” and then select the “Conversion Linker” tag type from the list of available tags.

Set Firing Triggers: The typical configuration is to have the Conversion Linker fire on all pages. This ensures that the GCLID (Google Click Identifier) from ad clicks is captured and stored correctly.

Click on “Triggering” and select the “All Pages” trigger. This means the tag will fire on every page load, capturing the necessary click information from ad interactions.

Save and Test the Tag

Save the Tag: Name your tag (e.g., “Conversion Linker”) and save it.

Preview Mode: Use GTM’s Preview mode to test the tag on your website. This mode allows you to see if the tag fires correctly as you navigate through your site.

Publish the Container

Review Changes: Ensure that everything is set up as intended.

Publish: Once you’re satisfied with the setup, and after confirming that the tag is firing correctly, publish the changes in GTM to make the tag live on your site.

Conversion Linker tracking journey:

The Conversion Linker tag in Google Tag Manager (GTM) creates first-party cookies by executing a script on your website’s domain, which specifically targets and stores information from the URL parameters of users who visit your site after clicking on an ad. Here’s a more detailed look at how it creates these cookies:

User Clicks on Ad: When a user clicks on your advertisement (e.g., a Google Ad), they are directed to your website with a URL that includes specific parameters, such as the Google Click Identifier (GCLID).

Detection of URL Parameters: Upon landing on your website, the Conversion Linker tag, which is a piece of JavaScript code, executes and scans the URL for specific parameters (like the GCLID).

Cookie Creation: If the tag finds relevant parameters, it creates a first-party cookie on your website’s domain. This is done using JavaScript document. cookie property, which allows scripts running on your domain to set cookies.

The script generates a cookie with a name, value (the parameters it has captured, such as the GCLID), and attributes like expiration time. The cookie is stored in the user’s browser under your domain.

Storing Information: The information from the URL (e.g., the GCLID) is stored in this first-party cookie. This allows the information to persist even if the user navigates to different pages on your website or if there is a delay between the ad click and the conversion action.

Respecting User Consent: The Conversion Linker tag should be configured to respect user consent for cookies, particularly in regions where this is a legal requirement (like the EU under GDPR). This might mean the tag only sets cookies after the user has given their consent.

Read by Conversion Tracking Tags: Later, when the user completes a conversion action on your site, other tags meant for conversion tracking (set up in GTM or Google Ads) read the GCLID value from this first-party cookie. This data is then used to attribute the conversion to the specific ad campaign.

How can Google read first-party content from a domain that doesn’t belong to Google?

Google, or any other third-party service, cannot directly read a first-party cookie set by a different domain due to web browser security policies, specifically the same-origin policy. This policy is a fundamental security mechanism that restricts how documents or scripts loaded from one origin can interact with resources from other origins. Here’s a breakdown of how this impacts cookie access:

Same-Origin Policy: This policy ensures that a web page’s scripts can only access data (like cookies) from the same site that served the web page. For example, a script from www.example.com cannot access cookies set by www.anotherexample.com.

Google’s Access to First-Party Cookies: For Google to access first-party cookies set by your domain, there needs to be a mechanism in place that explicitly shares this information with Google. Here are some common methods:

Google Tag Manager (GTM): If you use GTM and have Google-related tags (like Google Analytics or Google Ads tags) set up, these tags can read the first-party cookies from your domain and send the data back to Google. This is because the script is running on your domain, and thus, has access to its cookies.

Server-Side Integration: Data from first-party cookies can be captured by your server and then sent to Google via server-side APIs.

Consent and Privacy Regulations: Any practice of sharing data from first-party cookies with third parties like Google should comply with privacy regulations such as GDPR. This often requires obtaining explicit user consent before collecting and sharing their data.

Limitations and Security: It’s important to note that cookies marked as HttpOnly cannot be accessed through JavaScript, adding a layer of security against certain types of web attacks, like cross-site scripting (XSS). Such cookies can only be sent to the server.

As we have seen throughout this guide, for Google Ads to accurately measure in a cookieless environment or in scenarios with low cookie acceptance, it relies primarily on the GCLID (Google Click Identifier). The GCLID enables Google to access all the necessary information. In the case of the Conversion Linker, obtaining user consent is imperative, as it operates with cookies (in this instance, first-party cookies), and secondly, because the GCLID is considered personal data.

Google can access the data from the first-party cookie created by the Conversion Linker in Google Tag Manager (GTM) because the Conversion Linker is specifically designed for this purpose as part of Google’s advertising and analytics services. Here’s how it works:

Purpose of Conversion Linker

Conversion Tracking: The Conversion Linker tag is designed to facilitate accurate conversion tracking for Google Ads. When a user clicks on a Google ad and then visits your website, the GCLID (Google Click Identifier) parameter from the ad click URL is captured.

Cookie Creation: The Conversion Linker tag creates a first-party cookie on your site’s domain to store this GCLID or other relevant parameters. This is to ensure the persistence of this data across the user’s session, especially if the user navigates through multiple pages or if there’s a delay between the ad click and the conversion event.

Data Accessibility by Google

Designed Integration: Since the Conversion Linker is a Google-developed tool, its first-party cookie is specifically created to be accessible by other Google tags (like Google Ads conversion tracking tag) that you might have set up in GTM.

Tag Coordination: When a conversion occurs on your site, the Google Ads conversion tracking tag (also set up in GTM) reads the GCLID value from the Conversion Linker’s first-party cookie. This tag then returns this information to Google Ads to attribute the conversion to the correct ad click.

Privacy and Compliance

User Consent: It’s important to configure the Conversion Linker and other Google tags in compliance with privacy regulations. This often involves obtaining user consent for setting cookies and tracking data, especially in regions governed by laws like the GDPR.

Summary

Google-Designed Functionality: The key reason Google can access the data from the first-party cookie set by the Conversion Linker is that both the cookie and the process are specifically designed and implemented by Google for its services.

Limited Scope: This accessibility is limited to the functionality of Google’s advertising and analytics services and does not indicate Google’s ability to access any first-party cookie set on your domain.

In essence, Google’s access to the Conversion Linker’s cookie data is part of a controlled and intended process for effective conversion tracking within Google’s advertising ecosystem.

Privacy Sandbox

The Google Privacy Sandbox is a suite of technologies and proposals aimed at enhancing privacy on the web while also ensuring that online advertising remains viable and effective. It’s Google’s response to the growing need for more privacy-focused web browsing, particularly concerning the phasing out of third-party cookies.

Key Objectives

Enhancing User Privacy: To significantly reduce the ability to track individual users across websites, thereby enhancing user privacy.

Preserving Ad Functionality: To maintain the viability of online advertising, which many websites rely on for revenue, by developing new mechanisms for interest-based advertising without individual user tracking.

Main Components of the Privacy Sandbox

Federated Learning of Cohorts (FLoC):

Aims to replace third-party cookies with a method that groups users into cohorts based on similar browsing behaviors.

Advertisers can target these cohorts without knowing the individual identity of users.

TURTLEDOVE:

(Two Uncorrelated Requests, Then Locally-Executed Decision On Victory):

Proposes a way for advertisers to serve targeted ads without knowing the user’s identity and without the user’s browsing history leaving their device.

Trust Tokens:

Aims to combat ad fraud by differentiating between real users and bots without infringing on individual privacy.

Trust tokens can validate that a user is genuine without revealing their identity.

Conversion Measurement API:

Designed to measure ad conversions (like sales or sign-ups) without using cross-site tracking.

Provides aggregated reports on how ad campaigns perform in terms of conversions.

First-Party Sets:

Allows websites owned by the same entity to be treated as a first-party set, enabling some level of cross-site data sharing under a more privacy-preserving model.

Implications for Marketers

New Advertising Strategies: Marketers will need to adapt to new ways of targeting and measuring ads that don’t rely on individual user tracking.

Cohort-Based Targeting: Shift from individual user targeting to targeting groups with similar interests or behaviors.

Data Privacy Focus: Increased user privacy and consent emphasis in all marketing practices.

Future of the Privacy Sandbox

The Privacy Sandbox is an evolving framework. Google actively seeks feedback from publishers, advertisers, and other industry stakeholders to refine these proposals.

It’s a key part of the larger shift in the digital advertising industry towards greater privacy, transparency, and user control.

Federated Learning of Cohorts (FLoC):

Google’s Federated Learning of Cohorts (FLoC) is a part of the Privacy Sandbox initiative, proposed as an alternative to third-party cookies for interest-based advertising on the web. It represents a shift towards a more privacy-centric approach to ad targeting. Here’s an overview of FLoC:

Concept and Purpose

Group-Based Targeting: FLoC aims to enable interest-based advertising without the need for individual user tracking across websites. Instead of targeting ads at individuals, FLoC groups users into cohorts.

Privacy Focus: The method is designed to enhance user privacy by processing browsing data locally on users’ devices. Users are assigned to cohorts based on their browsing history, but this information is kept on the device.

How FLoC Works

Local Data Analysis: Users’ browsing histories are analyzed by their own browsers, without the data being sent to external servers.

Cohort Identification: The browser uses an algorithm to place the user into a cohort with other users who have similar browsing patterns.

Cohort-Based Advertising: Advertisers can target ads to cohorts, rather than to individual users. Each cohort contains a large group of people with shared interests, helping to preserve individual anonymity.

Dynamic Cohorts: Cohorts are regularly updated based on users’ evolving browsing activities, ensuring relevant and effective ad targeting.

Privacy and Security

Anonymity: By grouping users into large cohorts, FLoC aims to hide individuals “in the crowd,” making it difficult to identify or track specific users.

Local Processing: Since user data is processed locally and only the cohort ID (not the browsing history) is shared, FLoC is designed to be more privacy-preserving than traditional cookie-based methods.

Criticisms and Challenges

Privacy Concerns: Despite its privacy-centric goals, FLoC has faced criticism from privacy advocates and industry experts who are concerned about potential privacy risks, such as fingerprinting and unintended data leaks.

Adoption and Regulation: The adoption and implementation of FLoC depend on various factors, including industry acceptance, regulatory compliance, and user perception.

Current Status

Ongoing Development: As of the last update, FLoC was still in the development and testing phase, with Google conducting trials and seeking feedback from the web community.

FLoC Privacy Risks

Google’s Federated Learning of Cohorts (FLoC) is considered a bad idea for several reasons:

Replacement of Third-Party Cookies with Invasive Profiling:

FLoC is intended to replace third-party cookies, a key component in the advertising-surveillance industry. While phasing out these cookies is seen as a positive step, FLoC replaces them with a system where your browser profiles your browsing activity. This involves boiling down your web activities into a behavioral label, which is then shared with websites and advertisers. This approach may avoid some privacy risks of third-party cookies but introduces new ones.

Creation of New Privacy Risks and Non-Privacy Issues:

The implementation of FLoC creates new privacy concerns. For instance, while it ostensibly protects against certain privacy risks associated with third-party cookies, it simultaneously opens up new avenues for user profiling and data collection. Additionally, it may worsen some of the most significant non-privacy problems associated with behavioral advertising, such as discrimination and predatory targeting.

Under the General Data Protection Regulation (GDPR) and the ePrivacy Directive, it is likely that Federated Learning of Cohorts (FLoC) would require user consent to operate legally in the European Union. Here’s why:

GDPR Requirements: The GDPR requires explicit consent for processing personal data, particularly for purposes like tracking and profiling, which are inherent to FLoC’s operation. FLoC processes user browsing data to group users into cohorts, which could be considered a form of personal data processing. Since this data is used for targeting advertisements based on user behavior, explicit user consent would likely be necessary.

ePrivacy Directive: The ePrivacy Directive, often known as the “Cookie Law,” regulates the use of tracking technologies, like cookies, for storing and accessing information on a user’s device. FLoC, while not using traditional cookies, performs a similar function by tracking user behavior across various websites. This could fall under the scope of the ePrivacy Directive, which requires informed consent for such activities.

Nature of FLoC Data Processing: FLoC involves creating cohorts based on users’ browsing histories. Even though it groups users and does not directly expose individual browsing histories, the very act of categorizing and using this data for targeted advertising purposes would be subject to GDPR’s consent requirements.

Recent Developments in Privacy Laws: There is a growing emphasis on user privacy and data protection in the EU. Any technology that processes personal data, especially for profiling and advertising purposes, is scrutinized under GDPR and the ePrivacy Directive.

In conclusion, given the nature of FLoC’s data processing activities, it would likely require explicit consent from users in the EU to comply with GDPR and the ePrivacy Directive. This would involve clear and informed consent mechanisms, ensuring that users understand what data is being collected and how it is being used.

Google Topics API

Google’s Topics API is a privacy-focused initiative designed as part of their Privacy Sandbox project. It aims to address privacy concerns while still allowing advertisers to serve relevant ads. Here’s an overview of what Topics API is and how it works:

Purpose: The Topics API is intended to replace third-party cookies as a means of tracking users for advertising purposes. With increasing privacy regulations and a shift in public sentiment towards greater privacy, Google developed the Topics API as a way to balance the need for user privacy with the requirements of the online advertising industry.

Functionality: The Topics API works by having the browser track the user’s browsing habits and then categorizing these interests into a set of topics. These topics are broad enough to maintain user privacy but specific enough to be useful for advertisers. For example, if you frequently visit sports websites, the browser might categorize your interest under a topic like “Sports.”

Data Handling and Privacy: Unlike traditional cookie-based tracking, which can be very granular and personally identifiable, the Topics API limits the amount of data collected and keeps it on the user’s device. This approach significantly reduces the risk of personal data being shared with advertisers or other third parties.

Ad Targeting: When visiting a website that uses the Topics API for ad targeting, the website will have access to a handful of the topics associated with your browser. Based on these topics, you can be served relevant ads without the advertisers knowing your individual browsing history or personal information.

User Control and Transparency: Google has emphasized that the Topics API will provide users with transparency and control over their data. Users will be able to see the topics assigned to them and have the option to remove topics or opt out of the Topics API tracking altogether.

FLoC vs Topcis API: Bid differences:

Topics API and Privacy Regulations:

While Google’s Topics API is designed to be a more privacy-conscious alternative to third-party cookies, there are still several concerns regarding its impact on privacy:

General Data Collection: Even though the Topics API collects data in a more generalized form (i.e., topics rather than specific browsing history), it still involves the collection and processing of users’ browsing data. This continues to raise concerns about how much data is being collected and how it is being used.

Potential for Profiling: While the Topics API aims to limit the granularity of the data collected, there is still a potential for user profiling. Advertisers receiving topics related to a user’s interests can infer certain things about the user, which could lead to targeted advertising based on these inferences.

User Consent and Awareness: There are concerns about whether users are adequately informed and have sufficient control over their participation in the Topics API. Users may not fully understand how their data is being used or may not have a straightforward way to opt out of this data collection.

Risk of Data Leakage: As with any system that categorizes and shares user data, there is a risk of data leakage or unintended use of the data. Even if the data is supposedly anonymized or generalized, there is always the possibility that it could be combined with other data sources to identify individuals.

Limited User Control: While the Topics API provides some level of user control (such as viewing or deleting topics), this control is limited. Users might not have full autonomy over what data is collected and how it is shared or used.

Dependence on Algorithmic Categorization: The Topics API relies on algorithms to categorize users’ interests. These algorithms might not always accurately represent a user’s interests or might categorize users in ways that they find inappropriate or misleading.

For Google’s Topics API, the requirements under the General Data Protection Regulation (GDPR) and the ePrivacy Directive in the European Union would likely necessitate user consent as well:

GDPR Considerations: Under GDPR, any processing of personal data requires a lawful basis, and consent is often the most relevant basis for online tracking and advertising technologies. The Topics API involves categorizing users’ interests based on their browsing history, which constitutes personal data processing. Even though this processing is less granular than traditional cookie-based tracking, it still requires user consent for GDPR compliance, particularly since it’s used for targeted advertising.

ePrivacy Directive and Cookies: While the Topics API is designed as an alternative to cookies, it still involves tracking user behavior across websites. The ePrivacy Directive (Cookie Law) requires explicit consent for storing and accessing information on users’ devices. Since Topics API involves a form of user tracking and profiling, even if it’s less intrusive than traditional methods, it would still fall under the scope of the ePrivacy Directive.

Transparency and Control: GDPR emphasizes not just consent, but informed consent. This means users must be clearly informed about how their data is being used. The Topics API, therefore, would need to provide users with transparent information regarding the data collection, the topics assigned, and their use in advertising.

User Control Mechanisms: Both GDPR and the ePrivacy Directive emphasize user control over their data. The Topics API must ensure that users have the ability to view, modify, or opt out of topic assignments, aligning with the principles of user consent and control.

In summary, just like FLoC, Google’s Topics API would likely require user consent to operate within the EU, in accordance with the GDPR and ePrivacy Directive. This consent must be explicit, informed, and involve clear mechanisms for users to exercise control over their data.

TURTLEDOVE

TURTLEDOVE (Two Uncorrelated Requests, Then Locally-Executed Decision On Victory) is an initiative proposed by Google as part of its Privacy Sandbox project. It’s designed to address privacy concerns in online advertising. Here’s an overview of TURTLEDOVE and its role in privacy:Purpose: TURTLEDOVE is intended to offer a privacy-preserving method for interest-based advertising. It aims to allow advertisers to serve targeted ads without compromising individual user privacy, which is a growing concern with traditional cookie-based ad targeting.

How It Works: The key idea behind TURTLEDOVE is to separate the information about an individual’s browsing activity from the ad auction process. It involves two uncorrelated requests:

The first request fetches ads based on the user’s interests, without any specific user data being sent to the server.

The second request provides contextual information about the current website the user is visiting.

Local Ad Decision: The decision on which ad to show is made locally on the user’s device, rather than on an external server. This means that the user’s browsing history and the information used to decide which ad to display are not combined or shared externally.

Privacy Focus: By keeping the user’s browsing data on the device and making ad selection decisions locally, TURTLEDOVE significantly reduces the risk of personal data leakage and prevents advertisers from tracking individual users across sites.

Interest Groups: Users are grouped into “interest groups” based on their browsing behavior. Advertisers can target these groups without knowing the identities of the individuals in them.

Challenges: Implementing TURTLEDOVE in a way that balances the needs of advertisers, publishers, and users is challenging. It requires careful consideration to ensure that it does not inadvertently reduce the effectiveness of ads or harm publisher revenues.

Turtledove and privacy regulations:

TURTLEDOVE would likely require user consent to operate, particularly in jurisdictions with stringent privacy laws like the European Union under the General Data Protection Regulation (GDPR) and the ePrivacy Directive. Here’s why:

Data Collection and Processing: Even though TURTLEDOVE is designed to be privacy-preserving by making ad selection decisions locally on the user’s device, it still involves the collection and processing of data related to users’ browsing habits. This data is used to categorize users into interest groups.

GDPR Compliance: Under the GDPR, any processing of personal data requires a lawful basis, and the most applicable basis in the context of advertising technologies is often consent. Given that TURTLEDOVE processes data that could be considered personal (such as interests inferred from browsing history), obtaining explicit and informed consent from users would be necessary for compliance.

ePrivacy Directive: Also known as the “Cookie Law,” the ePrivacy Directive regulates the use of tracking technologies for storing and accessing information on a user’s device. TURTLEDOVE, while not using traditional cookies, still involves a form of tracking user behavior for ad targeting purposes. This would likely necessitate obtaining user consent.

Transparency and User Control: Both GDPR and the ePrivacy Directive emphasize not just consent, but also transparency and user control over data. TURTLEDOVE would need to ensure that users are informed about how their data is being used and provide them with control over their participation in interest group-based advertising.

In summary, TURTLEDOVE’s operation, which involves processing user data for ad targeting, aligns with the kind of activities that require user consent under current privacy regulations like the GDPR and ePrivacy Directive. This consent must be informed, specific, and freely given.

The Need for an Independent, Comprehensive Data Tool

However, there’s a growing need for an independent tool that goes beyond what Google offers, one that ensures the accuracy and completeness of data from all traffic and sales. Such a tool should be capable of importing conversions from various platforms, including Google Ads and Facebook Ads, with two clear objectives:

a) Ensuring No Loss of Sales: It’s crucial for brands, especially by 2024, to have technology that syncs conversions across major acquisition channels in a way that’s completely private for website visitors and without legal loopholes. This synchronization is vital to prevent the loss of sales and ensure that algorithmic campaigns like Google Ads and Facebook Ads measure correctly. Without accurate measurement, these algorithms might “unlearn” or misinterpret the effectiveness of campaigns, leading to missed opportunities and decreased ROI​

b) Ensuring Continuous Learning of Algorithms and Sales Generation: An independent data tool is vital for maintaining the efficiency of algorithmic advertising campaigns, such as those run on Google Ads and Facebook Ads. The tool should enable these algorithms to continually learn and adapt based on accurate, comprehensive data. This continuous learning is crucial for identifying and capitalizing on sales opportunities. Without accurate data feeding these algorithms, there’s a risk that they may ‘unlearn’ or misinterpret user behaviors and market trends, leading to less effective targeting and potentially missed sales.

The integration of an independent data tool would ensure that the algorithms consistently receive the full spectrum of conversion data across various platforms. This comprehensive insight allows the algorithms to optimize ad targeting effectively, enhancing the chances of generating sales and improving the overall return on investment for advertisers.

Sources:

https://support.google.com/google-ads/answer/9888656?hl=en&ref_topic=11337914&sjid=15738097326934051660-EU

https://support.google.com/analytics/answer/9976101

https://brianclifton.com/blog/2022/03/14/google-consent-mode-breaks-privacy-laws/

https://support.google.com/google-ads/answer/10000067?hl=en&sjid=3233034088590446038-EU#zippy=%2Cconsent-mode-behaviors-in-your-conversion-tracking-tags

https://support.google.com/google-ads/answer/10548233

https://support.google.com/tagmanager/answer/10718549?sjid=13772168189651314517-EU

https://support.google.com/tagmanager/answer/7549390?hl=en

https://privacysandbox.com/

https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

https://developer.chrome.com/docs/privacy-sandbox/topics/

https://blog.google/products/chrome/get-know-new-topics-api-privacy-sandbox/

https://blog.google/products/marketingplatform/360/measure-conversions-while-respecting-user-consent-choices/