Google Walks Back Cookie Privacy Protections

Google’s reversal on third-party cookies underscores how, when privacy and profit collide, the needs of advertisers continue to shape the web’s most widely used browser.

whiteout
Photo by charlesdeluvio / Unsplash

By Raphaël Mimoun, public interest technologist and founder of Horizontal

In January 2020, Google announced it would phase-out third-party cookies from its web browser, Chrome. Privacy advocates, who had for years denounced the invasive nature of third-party cookies, welcomed the announcement. Five years later, in April 2025, Google reversed course: third-party cookies will remain in Chrome for the foreseeable future. The reversal cements the surveillance-capitalist nature of Google’s business model and sheds any pretense of prioritizing user privacy. Billions of Chrome users will continue to have their online activities tracked, recorded, and sold without their consent—not just by Google but also by countless companies and data brokers.  

What Cookies Are and Why They Matter

A cookie is a small file that websites store in our web browser when we visit them. They help these websites remember information about us: for example, websites use cookies to save our login details so we don’t have to enter our password every single time; shopping sites use cookies to remember what we add to our shopping cart. Many websites also use cookies to learn how we use their services—which page we visit, how long we spend on the website—so they can improve their user experience or the services they offer. The cookies installed by websites to remember our account information or preferences are called first-party cookies. While they may be invasive at times, first-party cookies play an important role in making the web usable.

Third-party cookies, on the other hand, are used to track and surveil users in worrying ways. Unlike first-party cookies, third-party cookies aren’t created by the websites we visit; they’re created by other services or companies whose technology the websites we visit rely on. These cookies are used to follow users beyond the website that installs them in our browser, and across other websites. For example, if you visit an online kitchenware store, a third-party cookie may be installed by an advertiser in your browser. From there, this cookie will record the other websites you visit—a second kitchenware store and a recipe blog. This information will then be used by the advertiser to show you ads in Instagram, Google Search, or YouTube. 

But third-party cookies do not stop at shopping websites: all of our searches and activities are recorded. Looking up information about a health condition you have? Seeking a divorce lawyer? Searching for an abortion clinic? All of this will be recorded. Data brokers, the companies that buy, collect, and aggregate data about us into detailed profiles, then sell this information. Our most intimate data becomes accessible with few restrictions or regulations, whether to health insurers who may use health data to discriminate against customers, or to evangelical groups targeting pregnant women with anti-abortion campaigns. Even law enforcement agencies buy data they are not allowed to collect themselves from these brokers.

Google Chooses Advertisers 

In this landscape of complex and poorly-regulated tracking technologies, Google plays a central role. Over two-thirds of the world’s internet users rely on Chrome. Any changes to the browser's policies on third-party cookies directly impacts the privacy of billions of internet users.

In January 2020, when Google announced its decision to phase out third-party cookies, it cited the ever-increasing user demands for privacy and transparency. At the same time, Google presented new technologies to provide advertisers with more privacy-friendly ways to serve ads to users. These technologies—carrying technical names like called Privacy Sandbox or Federated Learning of Cohorts (FLoC)—aimed to preserve individual internet users’ privacy while still giving advertisers the ability to target them with ads relevant to them. 

Other internet browsers like Mozilla’s Firefox had already banned third-party cookies, without needing to look for a fallback solution to satisfy advertisers. But unlike these other browsers, Google isn’t just a technology company; it is also the world’s largest advertising platform. Google serves billions of ads on Google Search or YouTube every single day. This dual role as both a technology company and a seller of ad spaces meant that Google was unwilling to alienate those who make it such a profitable company: advertisers. Seeking to satisfy both privacy-hungry users and data-hungry advertisers, Google’s approach ended up offering the worst of both worlds. Privacy advocates found that Privacy Sandbox and FLoC still breached users' privacy and, ironically, advertisers also found those technologies inadequate for their needs. 

In the end, after five years of searching for a middle ground, Google announced that it was shelving the project altogether: Chrome will continue to allow third-party cookies for the foreseeable future. Google explained that there were “divergent perspectives” on the question of third-party cookies. Ultimately, Google was not able to reconcile the need to protect user privacy with the goal of accommodating advertisers’ ability to target users. Between users and advertisers, Google chose advertisers.   

The decision leaves billions of Chrome users vulnerable to tracking by advertisers and data brokers. The most popular internet browser on earth will remain a tool of corporate surveillance, and the systematic tracking of users will remain the norm in our web ecosystem. 

Browser Privacy: A Regulatory Blind Spot

Browsers are central to how the internet functions, and regulators have taken notice. Chrome has faced antitrust lawsuits by both the European Union and the US government. But while these cases focus on anti-competitive practices, the privacy risks inherent to browsers remain under the radar. The EU’s GDPR has dealt with third party cookies at the website level, requiring each website to get user consent before installing cookies on a user’s browser. The requirement has had questionable results: most users accept cookies without fully understanding their implications, and consent pop-ups have made browsing the internet noticeably less smooth. 

Other approaches to bring privacy to the masses have proven far more successful: in 2021, Apple started asking users each time they install a new app on an iPhone or iPad, whether to let the app track them. Studies showed that a whopping 96% of users opted against tracking. This experience showed that when users are given a simple and understandable choice to stop tracking, they overwhelmingly reject it. Regulators could require browsers like Chrome to follow a similar path and let users decide whether to allow third-party cookies at all. 

Privacy-First Browsers You Can Use Today 

Until regulators step up to force dominant browsers like Chrome to protect user privacy, users still have the option to ditch Chrome for other browsers. Firefox, for example, is a longtime favorite among privacy advocates and it has everything one expects from an internet browser plus privacy by default. The DuckDuckGo browser, made by privacy-friendly search engine DuckDuckGo, is a minimalist option with few features (no extensions, for example) but strong protection against invasive trackers. And for adventurous users, the Brave browser offers the most robust privacy protections of all, though some features such as cryptocurrency rewards and built-in AI tools may get in the way of a simple user experience, but users can disable these in the browser's settings. 


Our brilliant PR and Communications Lead, Ramma Shahid, has been named one of the 40 Over 40 Women in PR!

Ramma leads strategic communications focused on inclusion, behavior change, and real-world impact. As host of the Women in Transport podcast, she spotlights key issues like menopause, disability, and racial equity. She co-leads leadership programs, facilitates #IAmRemarkable sessions, and serves on the Met Police’s Scrutiny Panel on Violence Against Women and Girls. With a background in psychology, Ramma creates messaging that helps people feel seen, heard, and safe.

👏 Congratulations Ramma! 👏


Support the Internet Exchange

If you find our emails useful, consider becoming a paid subscriber! You'll get access to our members-only Signal community where we share ideas, discuss upcoming topics, and exchange links. Paid subscribers can also leave comments on posts and enjoy a warm, fuzzy feeling.

Not ready for a long-term commitment? You can always leave us a tip.

Become A Paid Subscriber


From the Group Chat 👥 💬

This week in our Signal community, we got talking about:

Cloudflare has been making some interesting moves lately. Most notably, they launched Pay per Crawl, a private beta marketplace that lets website owners charge AI companies micropayments for scraping their content. The move comes as concern grows over companies like OpenAI and Anthropic collecting massive amounts of data without offering meaningful referrals or compensation. Cloudflare also announced the upcoming launch of Containers, a new feature that allows developers to run complex, stateful workloads alongside Workers without relying on traditional orchestration tools.

Other approaches to managing and monetizing AI bot traffic are emerging as well—like the Fastly + TollBit integration, which lets publishers detect AI bots and redirect them to a custom paywall where access is granted only if the bot presents a valid token or pays.


Internet Governance

Digital Rights

Technology for Society

Privacy and Security

Upcoming Events

Careers and Funding Opportunities

United States

Global

What did we miss? Please send us a reply or write to editor@exchangepoint.tech.

💡
Want to see some of our week's links in advance? Follow us on Mastodon, Bluesky or LinkedIn, and don't forget to forward and share!

Subscribe to Internet Exchange

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe