Questions on the Google AdID

I’ve received a few inquiries about the recent announcement of Google AdID. Because Google hasn’t released many details about the implementation, I am a bit reluctant to speculate too broadly. However, I thought it would be useful to present some thoughts on the potential reasons for this shift and its impact on consumer privacy.

Google’s proposed advertising ID seems to be motivated by the following factors:

  1. The increasing number of consumers blocking 3rd party cookies. Recent studies indicate that consumers are increasingly concerned about their privacy online and as many as 20% have blocked browser cookies.  I suspect this figure will rise as privacy issues continue to capture public attention.
  2. The trend of advertisers moving to non-cookie based identifiers (e.g. browser fingerprinting).
  3. To avoid missteps along the same lines of Apple/Safari.
  4. The increased pressure to offer advertisers ‘enhanced’ cross-device tracking capabilities like they already do with google analytics.
  5. The tension (and lack of progress) in the Do-Not-Track negotiations–specifically, the Digital Advertising Alliance’s (DAA) recent abandonment of the process. (Google is a member of the DAA.)

The technical details are lacking, but my guess is that Google AdID will likely mimic the “advertisingIdentifier” on Apple devices. This would become a unique identifier associated with the browser that persistently identifies the user in order to let advertisers track user behavior, target ads, and measure conversion rates. I suspect there will be controls for users to opt-out, or to reset the identifier (recall Apple didn’t originally have a way for users to opt-out of UDIDs) although a great deal remains unknown.

As with most privacy related issues however, the key questions are:

  1. How easy will it be to delete or reset the identifier in order to be browse anonymously or sever the link to your past activities?  How long will they persist?
  2. How will it interoperate with Do-Not-Track? Will the AdID still be available in private browsing mode?
  3. How will it function across devices? Specifically, will Google enable cross-device tracking (as it currently does with analytics)?
  4. Will the identifier be linked to the user’s google account?  And will it change as we switch users?
  5. Will everyone get access? Or only select advertisers that “play nice” in Google’s network?
  6. Will Google still have access to the identifier, or be able to link it to previous identifiers, after the user has “opted out”? (something they’ve repeatedly argued for in the context of Do-Not-Track)

(Side note: I’m not an antitrust expert but I can imagine potential antitrust concerns raised by questions 5 & 6. Google’s primary industry is serving ads, so their move deeper into the business of determining which advertisers can and can’t collect data on users risks catching the attention of the Federal Trade Commission and/or the Department of Justice.)

Finally, most of the reporting (and my own speculation) assumes that this proposal is specific to Google’s Browser: Chrome.  However, Google could be contemplating utilizing this technology across the web more broadly by acting as an intermediary (like many of the tag management platforms), similar to how they currently do cookie matching. So while it’s hard to be specific about what impact Google AdID will have on consumer privacy, these are the questions and concerns I think we should pay attention to as the information unfolds. I look forward to hearing more from Google.