Google’s recent pivot on fingerprinting policies has drawn criticism from the UK’s Information Commissioner’s Office (ICO).
- Fingerprinting collects device data to uniquely identify users, potentially supplanting third-party cookies in 2024.
- The ICO regards fingerprinting as reducing user control and considers Google’s policy change irresponsible.
- Draft guidance on lawful use of fingerprinting has been released by the ICO to clarify data protection laws.
- Public consultation on the ICO’s guidance will commence on December 20, encouraging stakeholder feedback.
The UK’s Information Commissioner’s Office (ICO) has formally criticised Google over its recent policy shift concerning fingerprinting, a technology that aggregates device data for unique user identification. This policy shift, slated for implementation in 2024, suggests fingerprinting could replace third-party cookies, a move seen by the ICO as detrimental to user autonomy over personal data.
Fingerprinting involves the gathering of intricate details about a device’s software and hardware configuration, creating a digital signature unique to the device. While Google had previously opposed such practices in 2019, criticising them as subverting user choice, the company’s revised stance reflects a significant policy reversal.
Stephen Almond, Executive Director, Regulatory Risk at the ICO, expressed the organisation’s concerns, stating that fingerprinting might undermine individuals’ control over how their data is collected and used. He described Google’s policy update as irresponsible, stressing the necessity for advertising technologies like fingerprinting to be deployed transparently and in compliance with legal standards.
In response to these developments, the ICO has issued draft guidance to elucidate how data protection laws apply to technologies like fingerprinting. This aims to assist businesses in understanding the lawful deployment of such technologies and reinforce the importance of maintaining transparency in data management.
Additionally, the ICO announced the initiation of a public consultation process on December 20 to seek input from various stakeholders regarding the draft guidance, allowing organisations to contribute their perspectives and concerns. This engagement seeks to foster a collaborative approach to refining data protection practices in light of emerging technologies.
The ICO’s response serves as a cautionary reminder of the importance of transparency and legal compliance in deploying user-identifying technologies.
