Privacy advocates have criticized Google’s latest online tracking policies, labeling them as “a clear violation of user privacy.”

Starting this Sunday, the new regulations allow for “fingerprinting,” a method that enables online advertisers to gather extensive user data, including IP addresses and device specifications.

Google contends that this information is standard practice among other firms, and it continues to promote ethical data practices.

This shift in policy contrasts sharply with Google’s previous stance against such data collection methods, highlighted in a 2019 blog post where the company asserted that fingerprinting “undermines user choice and is unethical.”

In a recent announcement explaining the policy changes, Google cited evolving internet usage, including smart TVs and gaming consoles, which complicate traditional methods of ad targeting reliant on cookie consent.

The company also claimed that expanding privacy options would enhance user security.

A Google spokesperson stated, “Privacy-enhancing technologies provide innovative solutions for our partners to succeed on new platforms while safeguarding user privacy.”

Critics argue that permitting fingerprinting and IP address collection significantly undermines privacy, making it more challenging for users to manage their own data.

Martin Thomson, a distinguished engineer at Mozilla, expressed concern: “By endorsing fingerprinting, Google has granted itself and the advertising industry it dominates the authority to utilize tracking methods that are difficult for users to counter.”

Fingerprinting compiles data regarding a user’s device and browser to create a unique profile. While the data isn’t explicitly gathered for advertising, it can be employed to target specific ads based on collected information.

For instance, details like screen size or language settings are necessary for proper website functionality. However, when combined with additional data points like time zone, browser type, and battery level, it forms a distinctive set of identifiers that can unveil the identity of a web service user.

Previously, Google prohibited the use of these details, along with IP addresses—the unique identifiers for internet-connected devices—in advertising strategies.

Privacy advocates contend that, unlike cookies—which users can control since they are saved on local devices—fingerprinting offers little to no user control over the information transmitted to advertisers.

Lena Cohen, a staff technologist at the Electronic Frontier Foundation, remarked, “By explicitly endorsing a tracking method they once deemed incompatible with user control, Google emphasizes its preference for profits over privacy.” She added, “The same tracking techniques that Google argues are vital for online advertising also compromise individuals’ sensitive information, making it accessible to data brokers, surveillance agencies, and law enforcement.”

Pete Wallace from the advertising tech company GumGum shared his thoughts: “I would argue that fingerprinting exists in a somewhat ambiguous space.” He further stated, “Should individuals feel comfortable navigating a privacy grey area? I believe not.”

GumGum, which has previously collaborated with the BBC on advertising initiatives, utilizes contextual advertising—targeting ads based on website-related data, like keywords, instead of personal user information.

According to Mr. Wallace, the allowance for fingerprinting indicates a shift in the industry’s focus. “Fingerprinting aligns more with a business-driven approach to consumer data rather than a consumer-centric perspective,” he explained.

He expressed concern that this trend could undermine the movement toward prioritizing consumer privacy in the advertising sector. He hopes that ad tech companies will recognize that fingerprinting isn’t an appropriate method for data usage, though he anticipates they will still explore it as an option for improved ad targeting.

Online advertising plays a crucial role in the internet’s economic model, allowing many platforms to remain freely accessible to users without direct fees. However, this generally requires individuals to relinquish personal information for advertisers to deliver tailored ads.

The UK’s Information Commissioner’s Office (ICO) has stated that “fingerprinting is not a fair approach to track online users as it likely diminishes individuals’ choice and control over their data collection.”

In a blog entry from December, Stephen Almond, the ICO’s Executive Director of Regulatory Risk, commented: “This change appears irresponsible.” He noted that businesses opting to use this technology must prove their compliance with data and privacy regulations in the UK. “Given our insight into the current use of fingerprinting methods for advertising, this is a challenging requirement,” he mentioned.

In response, Google stated, “We anticipate further discussions with the ICO regarding this policy alteration.” The company emphasized that data signals, such as IP addresses, are extensively utilized by industry peers, asserting that Google has responsibly employed IP for fraud prevention for years.

A Google spokesperson reiterated, “We continue to offer users the choice to receive personalized ads and strive to foster responsible data utilization across the industry.”