In 2020, Google announced their intention to move away from unpopular privacy-invasive third-party cookies for targeted marketing. They created an experimental "privacy sandbox" from which several products were released. The first was “Federated Learning of Cohorts” (FLoC), Google's AI-driven replacement for third-party cookies. However, FLoC was cut in January 2022, to be replaced by “Topics API” and “First Locally-Executed Decision over Groups Experiment” (FLEDGE).
We examined FLoC's background and ambitions, and created a computer simulation to test three claims: 1. users with similar, but not identical, browsing habits would be assigned to the same cohort ID – found true; 2. a bad actor could not infer user details given the user’s cohort ID – found not entirely true; and 3. cohort IDs retain anonymity for individual users – found not true. We went on to consider Topics API and FLEDGE and how PIPEDA and the European Union’s General Data Protection Regulation (GDPR) might impact upon all three products. We argue GDPR had an effect on the cancellation of FLoC, but PIPEDA is ill-equipped to deal with the complexities of new marketing technologies.
If Google is nowhere near ready to end targeted marketing, 'Federated Learning' is still planned for many other products from Google, Apple, Microsoft and Amazon, so regulators need to increase their expertise on cutting edge AI-driven techniques. Federated Learning could be more privacy-centric, but no practice is in itself better or more justified by virtue of being for training AI. Online marketing is also likely to (re)turn to less privacy-invasive and data-reliant techniques such as contextual advertising, and regulators need to keep a closer eye on future innovations here.