I believe some browsers will insist on a policy that users must give consent before data is shared between different eTLD+1 domains. Other browsers may decide that such consent is not needed.

To make sure it's possible for browsers to obtain consent, I would like to propose a general policy to be included in the First Party Sets proposal, to limit how data is shared between domains in first party sets. To get cross-domain access to cookies/data, a website should be required to make an async call, which would give the browser the opportunity to ask the user permission before sharing that cross-domain data. Browsers that don’t see a need to ask for user consent can simply resolve the promise immediately with the cross-domain data.

I think this policy addition is extremely crucial for user consent. If the FPS permission is granted synchronously (as the explainer currently describes), then it is impossible to for browsers to ask user permission first before data is leaked between domains. Browsers that decide not to implement First Party Sets are then placed at a disadvantage, and will potentially be confronted in the future with web compatibility problems.