At first glance, it sounded like an accommodating change. In reality, its far from clear whether it truly gives privacy groups anything. First, giving up the 2038 date was easy, given that its highly likely the Google cookie of today (or of a few years ago) will be entirely irrelevant to the Web user of 2038.
Much more importantly, though, is the practical impact today. That two-year clock doesnt start ticking until the individuals last visit to Google. If they search for anything or follow a link from anywhere that happens to land on Google, the clock starts up again. The user doesnt have to visit Google once a week or once a month. If they visit just once within two years, theyre back to square one.
Peter Fleischer, Googles Global Privacy Counsel (guess thats like being the environmental advocate reporting to James Watt—who served as Secretary of the Interior under Ronald Reagan—or perhaps being the Public Librarian Delegate to Amazon.com), pointed out that users should always remove their own cookies themselves.
"We were mindful of the fact that users can always go to their browsers to change their cookie management settings, e.g. to delete all cookies, delete specific cookies, or accept certain types of cookies (like first-party cookies) but reject others (like third-party cookies)," Fleischer said in a Google blog post.
Of course, very few consumers bother to deal with cookie cleanup.
Also, in the world of privacy problems and Google, the expiration of a cookie is a minor matter. Any cookie data older than two years is probably worthless to an advertiser anyway—another reason this wasnt an especially generous concession—and there are many more significant privacy threats.