FLoC in Europe: what the GDPR concerns around Google’s new initiative mean for you

News broke on March 23rd that Google’s Federated Learning of Cohorts (FLoC) initiative may be running into some roadblocks in Europe. Unsurprisingly, those roadblocks are labelled ‘GDPR’ and ‘ePrivacy Directive’. 

 

The problems came to light when proposed FLoC origin testing in Europe – due to start on Chrome this month – was put on hold. While Google later reiterated that this hold-up was temporary and that they are “100% committed to Privacy Sandbox in Europe”, European buyers and publishers have been left in limbo. 

 

Google has two key questions to answer. Firstly, when a user is placed in a FLoC cohort, who’s responsible for controlling and processing their data? Secondly, how is proper user consent captured in these instances? To date, it doesn’t have answers to either one. 

 

Google isn’t alone in seeming to struggle through the choppy waters of European adtech compliance – many have tried and failed here. For the many adtech players based in the US, landing in Europe and facing the onslaught of privacy laws is like arriving on vacation, only to realise just after passport control that nobody here speaks your language. 

 

Zeotap was born and raised in Europe, which means we’ve never had this challenge – we’re fluent in the language of compliance by default, because we would never have made it out of the gate otherwise. This is exactly why ID+, our Universal ID solution, has explicit user consent baked into every record and is integrated with leading consent management platforms such as Usercentrics

 

The open questions left by FLoC show how important it is to the European adtech space to have watertight privacy and compliance from the start – these aren’t questions that can be figured out later. Issues of privacy and trust are exactly why third-party cookies are disappearing in the first place, and the solutions that take their place can’t afford to make the same mistakes. 

 

Advertisers and publishers are asking these questions of Google, and they’re right to do so. Anyone providing an ad tech solution needs to be transparent, and that’s where the emerging independent solutions may have an advantage: there are no ‘black boxes’ here, unlike some of the walled gardens. It’s incumbent on us as new solutions to stay true to that transparency if publishers, advertisers and consumers are to rebuild the confidence that has been lost.  

 

So while you wait for Google to answer its open questions, invest your energy in vetting the other solutions you’re going to need to navigate the post-cookie world (it’s really not far off). Apply real scrutiny to their privacy and compliance credentials and begin to evaluate universal identity options as soon as possible. Some (like us) will have done the work, but with the complexity of the hoops to jump through, not every solution will be able to say the same – ask the questions and test now to avoid vulnerability later.