Google is backtracking on its decision to keep advertisers from collecting user data outside the cookie realm, in what is technically described as “fingerprinting” – and the UK’s Information Commissioner’s Office is none too happy about the shift.
“Yesterday, Google announced to organisations that use its advertising products, that from 16 February 2025, it will no longer prohibit them from employing fingerprinting techniques,” reads the strong opening paragraph of a December 19 blog post by Stephen Almond, the ICO's executive director of regulatory risk.
“Our response is clear: businesses do not have free rein to use fingerprinting as they please. Like all advertising technology, it must be lawfully and transparently deployed – and if it is not, the ICO will act,” Almond said.
As we explain in our short guide to digital fingerprinting, unlike cookies, device fingerprints are a collection of signals generated by your online activity coupled with your device specs and settings. These beacons include:
· IP address
· Operating system type and version
· Browser type and version
· Screen resolution
· Language setting
· Time zone
…(etc)
Unlike browser cookies, which are stored locally and can be easily administered by the user according to their preferences, device fingerprints go directly to those who serve you your music, videos, and ads online.
Unlike cookies, digital fingerprints can’t be easily erased – nor is it immediately obvious that they’re being collected.
As the ICO stresses, fingerprinting “relies on signals that you cannot easily wipe. So, even if you ‘clear all site data,’ the organisation using fingerprinting techniques could immediately identify you again.”
Google’s position on fingerprinting in 2019 was very different. The web giant openly said at the time: “We think this subverts user choice and is wrong.”
Starting in February 2025, Google thinks it’s time to loosen up those shackles, citing advances in privacy-enhancing technologies (called PETs) that enable it to do so for everyone’s benefit.
PETs, Google says, “are unlocking new ways for brands to manage and activate their data safely and securely [and] give people the privacy protections they expect.”
The ICO, understandably on guard, calls out the tech titan on its U-turn on data collection.
“We think this change is irresponsible,” Almond says.
“Google itself has previously said that fingerprinting does not meet users’ expectations for privacy, as users cannot easily consent to it as they would cookies. This in turn means they cannot control how their information is collected. […]
“We are continuing to engage with Google on this U-turn in its position and the departure it represents from our expectation of a privacy-friendly internet. When the new policy comes into force on 16 February 2025, organisations using Google’s advertising technology will be able to deploy fingerprinting without being in breach of Google’s own policies. Given Google’s position and scale in the online advertising ecosystem, this is significant.”
The UK privacy watchdog also warns companies seeking to capitalize on the shift that “fingerprinting techniques for advertising will need to demonstrate how they are complying with the requirements of data protection law. These include providing users with transparency, securing freely-given consent, ensuring fair processing and upholding information rights such as the right to erasure,” Almond stresses.
In 2023, Apple anticipated that fingerprinting would be here to stay. The iPhone maker announced at the time new requirements for app developers eager to fingerprint, clarifying that to prevent the misuse of the technology, "developers will need to declare the reasons for using [it] in their app’s privacy manifest."
App creators who do business with Apple were told at the time they could no longer collect user data willy-nilly and were warned that the tech colossus knew full well how fingerprinting could be “misused to collect data about users’ devices.”
For more information about the topic:
Read: What Is a Digital ‘Fingerprint’ and Why Do Hackers Want Yours So Badly?
Read: Want to ‘Fingerprint’ an iPhone User? Tell Us Why, Says Apple
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024