Google Chrome is getting a major update next month, so we spoke with our Vice President of Engineering, James Jackson to break down the release and appropriate next steps for publishers.
The update will roll out to all users on February 4th, 2020.
What is the Chrome 80 release?
It’s a new version of the Chrome browser with some significant changes aimed at data subject privacy that will ripple across the publisher and advertising ecosystem.
What changes will be made to Chrome after the release?
Chrome has introduced changes that affect the handling of cross-site cookies. Prior to this change, cookies were treated as cross-site by default and the SameSite cookie attribute was opt-in. With this change, the new default will be SameSite=Lax, and cookies that need to work cross-site must be explicitly labeled with a new SameSite=None attribute value. Additionally, this will require HTTPS (not plaintext HTTP) because browsers will ignore the SameSite=None attribute unless it is accompanied by the Secure attribute.
James adds that it is important to keep top of mind that Google is going to eliminate the basic functionality that allows data subject identification over a period of two years. We should be grateful for the timeline but wary that we should start preparing as soon as possible.
The Chrome 80 release is a new version of the Chrome browser with some significant changes aimed at data subject privacy that will ripple across the publisher and advertising ecosystem.
What do the SameSite and Secure attributes mean?
As a user browses the web, the Secure cookie attribute means that these cookies can only be passed from secure pages. SameSite is a way of determining the scope.
What do publishers need to do?
Publishers need to make sure all assets on their pages are served via SSL, otherwise, the browser will not certify the page as Secure and the cookies will not be passed. If you manage cross-site cookies, you will need to apply the SameSite=None; Secure setting to those cookies.
It is important to keep in mind that not all languages and libraries support the None value yet, requiring developers to set the cookie header directly. This Github repository provides instructions for implementing SameSite=None; Secure in a variety of languages, libraries and frameworks.
What does this mean for Freestar?
Freestar cookies are now compliant with the coming requirements of SameSite=None and Secure attributes. Broadly speaking, we’re going to have to do a lot of work to try and maintain the value of our publisher’s content but we will do everything in our power to ensure a smooth transition for our publishers by keeping Freestar in the forefront of industry changes.
While the digital world has a lot to learn, browsers are finally starting to change their behavior to enforce more privacy-preserving defaults and shifting focus to protecting the user. While publishers should make sure that they are following the necessary steps to remain compliant throughout these changes, they should feel reassured that these stepping stones are placed to make the internet a better and safer place.