It is astonishing at first glance: At a meeting of the Improving Web Advertising Business Group (IWABG) at the World Wide Web Consortium (W3C), Google engineer Michael Kleber announced on Tuesday that the planned tests with the tracking alternative FLoC were initially planned not wanting to start in the European Union (EU).
Google fears GDPR penalties
The “Federated Learning of Cohorts” should become the data protection-friendly alternative to the previous tracking. FLoC is intended to bring large groups of people together in clusters and to work out commonalities from the group characteristics. The approach is intended to effectively “disappear into the crowd” for individuals. The device-internal processing is used to protect the browser history. It should no longer be possible to identify an individual user.
So what is stopping Google from using the supposedly better method to test in the EU? The answer is: open questions that cannot be answered quickly and reliably. Everything revolves around which company will act as data controller and which will act as data processor in the creation of cohorts and what counts as data processing at all.
Also interesting: Google alternatives – The 30 best search engines in a short test
It is possible, for example, that the Categorization into a cohort by the web browser and the link with a FLoC-ID could be considered personal data within the meaning of the European General Data Protection Regulation (EU-GDPR). Then the processing of personal data to generate the cohort assignment without the corresponding consent would already constitute a violation.
A Another problem could arise from the e-privacy directive. From this point of view, it could be a violation that users are not given a clear indication and have no choice about how their data is used to create cohorts. Privacy advocates hadn’t been convinced of Google’s plans for a long time.
Show publishers and advertisers gets cold
Google now wants to clarify these legal pitfalls first FLoC can also be tested in Europe. The tests with advertisers were originally supposed to start in the second quarter. This will now only happen for regions outside the scope of EU law.
Publishers and advertisers are reacting with suspicion to this previously unknown restriction on the part of Google. Privacy expert Robin Berjon from the New York Times sums it up on Twitter:
So, am I getting this right that no one at Google thought it might be a good idea to check if FLoC and FLEDGE could legally run in Europe before embarking on this project?
– Robin Berjon (@robinberjon) March 23, 2021
He asks if he understood correctly that nobody at Google, before embarking on the new technology, thought about checking whether it could even be legally used in Europe. This is very pointed and therefore enjoys some approval.
In fact, Google is rushing to assure you that the concept of the “privacy sandbox” with the core technology of the FLoCs will of course be rolled out worldwide and that this should take place “as quickly as possible”. Only the problem with the GDPR … well, the search engine giant will probably have to clarify that first!