SEM 

Google’s current FLoC tests aren’t GDPR compliant

Questions about whether a browser assigning users into cohorts counts as a use of personal data, without consent, may be a privacy violation.

“During a meeting of the Improving Web Advertising Business Group (IWABG) at the World Wide Web Consortium on Tuesday, Michael Kleber, a Google engineer, acknowledged that FLoCs might not be compatible with European privacy law,” wrote Allison Schiff. “Google will not proceed with FLoC testing in Europe due to concerns over which entity will serve as the data controller and which will serve as the data processor in the creation of cohorts.”

Questions on privacy in FLoC. The question seems to be around whether a web browser placing a user in a cohort counts as a use of personal data under the privacy laws. “Processing personal data to generate the cohort assignment without the proper consent could also be a violation,” says Schiff.

Google tells Techcrunch they plan to test FLoC in the UK at a later date.

“We are starting this FLoC origin trial for users in the US and select other countries, and we expect to make FLoC available for testing worldwide at a later date,” a Google spokesperson told us.

Chrome spokesperson Marshall Vale said in a tweet Google is “working to begin testing in Europe as soon as possible.”

Why we care. A common concern for advertisers regarding FLoC is the notion that the browser collects user data, sorts it into cohorts, and then Google uses those cohorts for advertiser targeting. Often cited as the “black box,” PPC marketers are skeptical that the tech company is actually protecting user data. In essence, Google becomes the arbiter of privacy, which doesn’t comply with wide-sweeping privacy and data-collection legislation in Europe.

We’ll have to keep an eye on how this plays out as testing begins in the U.S. The main questions we have include what’s next for FLoC abroad? Will Google be forced to hold off on testing for an official privacy ruling? And, if so, what happens if it’s not in their favor? GDPR has already had a large effect on privacy and compliance in the U.S. and abroad, and this may leave European advertisers in limbo as to what will replace third-party cookies.

Related posts