Google: Device Fingerprinting is okay
In February, Google will allow tracking of consumers via device fingerprints for advertising purposes - a major departure from its previous stance.
(Image: Mit Midjourney erzeugt von heise online)
Shortly before Christmas, Google announced a change to its policy regarding the use of fingerprinting technology for advertising purposes. Previously, this policy prohibited fingerprinting:
You must not use device fingerprints or locally shared objects (e.g., Flash cookies, Browser Helper Objects, HTML5 local storage) apart from HTTP cookies, or user-resettable mobile device identifiers designed for use in advertising, in connection with Google's platform products. This does not limit the use of IP address for the detection of fraud.
This clause will be removed in the new version, which is due to come into force on February 16.
(Device) fingerprinting is the generic term for a range of techniques that make devices recognizable for advertisers, for example. Browsers, for example, render objects in the background that are invisible to the user. The differences in the results can be used to generate a kind of fingerprint that makes the browser recognizable. A recent study shows that CSS can be used to track users via email in a similar way.
Videos by heise
Fingerprinting runs unnoticed by the user in the background. Furthermore, it is usually difficult or impossible for those affected to defend themselves against fingerprinting because – unlike cookies, for example – fingerprinting is based on signals that they cannot simply delete. So even if you delete all session data in your browser, for example, you can be immediately identified again by an advertiser who uses fingerprinting.
Google's departure
Google does not explicitly explain why it will allow fingerprinting in the future. However, the notice announcing the change refers to new device categories such as smart TVs: “Companies advertising on smart TVs need to be able to connect with relevant audiences and understand the effectiveness of their campaigns. As people and households increasingly switch to streaming platforms, the ecosystem should invest in and develop solutions that are effective and measurable in an incredibly fragmented environment.”
Allowing fingerprinting for user targeting is a complete departure from Google's previous stance on this technology. Stephen Almond, Director of Regulatory Risk at the UK Data Protection Authority, also points this out in his statement: “Google itself has already stated that fingerprinting does not meet users' expectations in terms of data protection.” He quotes Google's own position on fingerprinting from 2019: “We think this undermines user choice and is wrong.”
Almond considers Google's change to be irresponsible. And he points out to companies that they must give users a “fair choice” whether they want to be tracked before using fingerprinting and, if necessary, obtain user consent.
(jo)
