Privacy campaigners have strongly criticised Google’s latest changes to its tracking policies, branding them a “blatant disregard for user privacy.” The new rules, which come into effect on Sunday, will allow for a controversial data collection technique known as “fingerprinting.”
Fingerprinting enables online advertisers to gather extensive information about users, including their IP addresses and device specifications, making it easier to track individuals across the web. While Google insists this data is already widely used by other companies and maintains its commitment to responsible data usage, critics argue that the move represents a significant step back in terms of user privacy.
The shift is particularly striking given that Google previously condemned fingerprinting. In a 2019 blog post, the tech giant stated that the technique “subverts user choice and is wrong.” Privacy advocates now question why the company has reversed its stance, with many suggesting that the change prioritises business interests over consumer rights.
What is fingerprinting?
Fingerprinting involves collecting various details about a user’s device and browser to construct a unique profile. Unlike cookies, which require user consent and can be deleted, fingerprinting operates covertly, making it difficult for individuals to opt out.
For instance, a user’s screen resolution or language settings are typically collected to optimise website display. However, when combined with additional data such as time zone, browser type, and even battery level, these seemingly trivial details can generate a distinctive digital fingerprint. This identifier can then be used to track users across different websites without their explicit knowledge or consent.
Previously, Google had prohibited the use of fingerprinting for ad targeting, but the new policy reverses that decision. Critics argue that this change will significantly erode consumer privacy by allowing advertisers to track users in a manner that is nearly impossible to block.
Lena Cohen, staff technologist at the Electronic Frontier Foundation, expressed concern over Google’s decision. “By explicitly allowing a tracking technique they previously described as incompatible with user control, Google highlights its ongoing prioritisation of profits over privacy,” she said.
She further warned that “the same tracking techniques that Google claims are essential for online advertising also expose individuals’ sensitive information to data brokers, surveillance companies, and law enforcement.”
An ‘Irresponsible’ change?
Advertising technology experts have also weighed in on the controversy. Pete Wallace, from the ad tech company GumGum, described fingerprinting as a “grey area” in privacy protection.
“Should people feel comfortable staying in a grey area of privacy? I’d say no,” Wallace stated. He highlighted how companies like GumGum focus on contextual advertising—targeting ads based on webpage content rather than personal user data—as an alternative to invasive tracking techniques.
He also pointed out that the move represents a shift towards a more business-centric approach to consumer data rather than a user-centric one. “This sort of flip-flopping is, in my opinion, detrimental to the industry’s progress towards truly prioritising consumer privacy,” Wallace added.
While Google argues that fingerprinting helps advertisers serve more relevant ads, privacy campaigners see it as another example of tech companies prioritising profit over user protection. The backlash is particularly strong given Google’s past commitments to phasing out invasive tracking methods, such as third-party cookies, in favour of more privacy-friendly alternatives.
The role of the ICO
In the UK, the Information Commissioner’s Office (ICO) has expressed serious concerns about the implications of Google’s policy change. The ICO has previously warned that fingerprinting “is not a fair means of tracking users online because it is likely to reduce people’s choice and control over how their information is collected.”
In a December blog post, the ICO’s Executive Director of Regulatory Risk, Stephen Almond, went even further, calling the change “irresponsible.” He stated that companies implementing fingerprinting will need to demonstrate compliance with UK data protection laws—a challenge he described as “a high bar to meet.”
More Read
Google’s response
In response to the criticism, Google issued a statement defending its decision. A spokesperson said, “We look forward to further discussions with the ICO about this policy change.”
The company also emphasised that fingerprinting data is already commonly used across the industry and that Google itself has used IP addresses “responsibly to fight fraud for years.” Google insists that it still gives users the option to disable personalised ads and remains committed to encouraging responsible data use within the advertising industry.
However, privacy advocates remain sceptical, arguing that allowing fingerprinting normalises a practice that was once widely condemned. They fear that this decision could pave the way for broader adoption of tracking methods that leave consumers with little control over their online privacy.
As the changes take effect, all eyes will be on regulators to see whether they will take action against Google’s policy shift—or if this marks the beginning of a new era in online tracking where privacy takes a back seat to profits.
