What Google Chrome's New Privacy Features Mean for AdTech
Transparency, choice, and control over personalized digital advertising — that's the stated goal behind Google Chrome's then-announced privacy overhaul.
Rumours had circulated the AdTech industry for some time before Google made it official on May 7th, 2019, at the Google I/O conference, announcing a set of new privacy and transparency features coming to Chrome. A Q4 2019 release was considered likely at the time.
The changes followed moves already made by Safari and Firefox — similar in direction, but less severe in scope. Here's what was on the table.
Transparency
Google planned to introduce an open-source browser extension giving users visibility into which companies are involved in serving a given ad — intermediaries like ad networks, demand-side platforms (DSPs), and supply-side platforms (SSPs). The extension would work across browsers, explain to users why specific ads were shown to them, and surface a recent ad history.
An open API would also be available for AdTech companies to present this same information directly.
Choice and Control
Two new privacy features were announced for Chrome.
The first would let users see which cookies are stored in their browser and selectively block or delete them. The controls would focus on third-party cookies — the kind used for ad targeting, measurement, and attribution — while leaving first-party cookies largely untouched. First-party cookies handle practical things like keeping a shopping cart intact or maintaining a logged-in session. Cross-site cookies would also be required to travel over HTTPS, preventing interception or modification during server-to-server transmission.
The second aimed to prevent device fingerprinting, though Google offered little detail on the mechanics or timing of that specific feature.
What This Means for AdTech
Chrome's new privacy features aren't as restrictive as Apple's Intelligent Tracking Prevention (ITP), but that doesn't mean the AdTech industry can afford to shrug them off. A few key considerations:
1. Chrome's market share changes the math entirely.
At the time of the announcement, Chrome held approximately 62% of the global browser market. Safari, the second-largest, sat at around 15.8%. Enhanced privacy features in Firefox and Safari collectively affected roughly 13% of global internet users. Chrome's new features would push that figure to approximately 78% — even accounting for the fact that the level of restriction would vary across browsers.
That scale means Chrome's moves carry more weight for online advertising than anything Safari or Firefox has done independently.
2. Third-party cookies aren't dead yet — but their reach could shrink.
Chrome users have technically been able to disable third-party cookies for years; they just weren't off by default. The new controls would let users block and delete third-party cookies while keeping first-party ones intact.
The real question is how Google manages consent. If it moves toward an explicit opt-in for third-party cookies — rather than having them on by default — the knock-on effects for ad targeting, retargeting, measurement, and attribution could be significant. Opt-in rates for that kind of permission tend to be low.
3. Developers will need to update how cookies are set.
To make the selective blocking of third-party cookies work, site developers would need to explicitly declare cookie intent using the SameSite attribute — specifically SameSite=None — when setting a cookie. This tells Chrome whether a given cookie is scoped to the current site or intended for cross-site use. Cookies with SameSite=None would also need the Secure attribute, meaning they'd only be set over HTTPS.
Chrome was actually the first browser to support the SameSite attribute, and the change shouldn't cause problems in browsers that don't support it yet.
More information on the mechanics is available at web.dev.
Once cookies are properly labelled, Chrome gains a reliable signal to distinguish first-party from third-party. Down the line, if Chrome prompts users to block third-party cookies, anything set with SameSite=None would be the target.
4. Device fingerprinting is probably on the way out.
Device fingerprinting identifies internet users by examining browser configuration details — version number, installed fonts, active plugins, and similar attributes. It has legitimate uses, like fraud prevention in online banking, but AdTech companies have used it as a tracking mechanism that sidesteps cookie-based controls entirely.
The reason it's more privacy-invasive than cookie tracking is straightforward: users have no way to access or delete their fingerprint. There's nothing to clear.
AdTech vendors that rely on device fingerprinting to build cross-session user profiles will need to find alternatives. Canvas fingerprinting and similar cross-browser matching techniques would likely fall under the same restrictions, though exactly how Google planned to enforce the limits remained unclear.
The Bigger Picture
For most AdTech companies, the immediate technical lift from these changes was modest — a few attribute updates in cookie-setting code. The longer-term implications are more significant.
If Google moves toward explicit user consent for third-party cookies, opt-in rates will almost certainly be low, and the data available for targeting and measurement will shrink accordingly. Device fingerprinting restrictions will compound this by closing off a fallback method that many vendors quietly relied on.
The restraint in Chrome's approach is deliberate. Approximately 86% of Google's revenue comes from advertising. Going as far as Apple has with ITP — aggressively restricting third-party cookies — would damage Google's own business and invite further antitrust scrutiny. That makes a more measured approach almost inevitable.
Still, this announcement is another clear signal that the web is moving toward greater privacy. GDPR, ITP, and now Chrome's changes have been visible on the horizon for years. The AdTech industry has largely responded by looking for workarounds rather than rethinking its architecture. The browsers that carry AdTech's inventory are increasingly unwilling to play along with that strategy.