On February 16, Google relaxed its restrictions on fingerprinting for ad targeting and user tracking across a wide range of devices. Their December 2024 announcement reignited debates about privacy, security and the role of passive device identification in digital advertising. The announcement was certainly a radical reversal from 2019, when Google said it would block fingerprinting for its lack of transparency. But with this recent change of heart, Google now refers to fingerprinting as a technology designed to make it easier for advertisers to reach audiences across the open Internet and to harness the hyper-growth of connected TV (CTV) programmatic advertising.  

Google justifies its about face because, they suggest, advances in privacy-enhancing technologies (PETs) make it possible to protect audience data—including IP addresses and device fingerprints—in ways that are now more sophisticated than they were in the past.  

Maybe, but there’s a catch

Open Internet digital advertising—particularly programmatic advertising—is all about real-time addressability, measurement and performance optimization. Facing signal loss from fewer cookies and mobile device IDs, our industry has cleverly created a handful of new identity systems that utilize hashed emails (HEMs) and device fingerprints. While each of these technologies delivers a unique value to advertisers and publishers, they all come with certain downside commercial risks beyond their challenges to online privacy. Among the group, fingerprints tend to elicit a more negative reaction from privacy professionals. Frankly, it’s entirely reasonable to be concerned.  

That’s because fingerprints are passive and permanent. They’re passive because fingerprinting technologies can uniquely identify a browser or mobile device without anyone’s active acknowledgement or consent. They’re permanent because fingerprints can’t be deleted unless you change your browser or device. 

An express lane to data commoditization  

When publishers permit their audiences to be fingerprinted, that unique—and permanent—identity data immediately falls into the hands of a third party. Each fingerprint has the potential to siphon away valuable audience data, eroding the very asset publishers rely on for revenue.  As they say, “you can’t put the genie back in the bottle.” The audience data leakage risk for publishers is acute, and the impact is inventory value commoditization. Simply stated, when advertisers can find your uniquely identifiable audience more cheaply, they will. 

Despite these data leakage risks, it’s important we don’t throw out the baby with the bathwater. Device fingerprints serve an important commercial purpose because the lion’s share of the open Internet remains unauthenticated. Thus, absent a third-party browser cookie or mobile device ID, deterministic addressability and measurement are simply impossible.  

To put this commercial challenge into perspective, Safari and Firefox block third-party cookies, leaving 35% of the U.S. web unmeasurable. Apple holds 58% of the U.S. mobile market and more than half of users have entirely opted out of third-party in-app tracking with the remainder only selectively opting in.  

Fingerprinting can be an effective way to mitigate the commercial downside of these open Internet statistics. Yet there’s clearly a tension that requires advertisers and publishers to balance the business benefit fingerprints create for addressability and measurement. They must also factor in the importance of privacy—both in the face of regulation and in the context of consumer trust—as well as the underlying economic value of each party’s customer data and intelligence. 

Choose your next PET carefully  

If the Google Chrome team makes good on its promise of a “global cookie prompt,” then it’s very clear why the Google adtech team is suddenly much less opposed to device fingerprinting. When Chrome third-party cookies disappear, extended IDs—and especially fingerprints—will become the open Internet’s most scalable options for addressability, measurement, insights and optimization.  

Which is why now is when advertisers and publishers need to be investing in solutions that balance data protection with data accessibility at the speed, scale and low-cost parameters required for open Internet programmatic advertising. For brands, customer intelligence is a key competitive advantage. And for publishers—so many of whom have experienced first-hand what a decade-and-a-half of audience data leakage has done to the value of their inventory—the negative economics of loose data sharing practices are abundantly clear. For both sides of the buy-sell equation, consumer data is the key to performance.  

As the industry grapples with the evolving landscape of identity and privacy, the debate over fingerprinting underscores a broader truth: no identifier—whether fingerprint-based, email-derived, or otherwise—is without risk. The key lies not in avoiding identifiers altogether but in implementing strong, enforceable protections that preserve consumer trust while enabling addressability, measurement and performance across the digital ad ecosystem.