For several years now, cookies have been used in online advertising to track website visitors and collect analytics data for ad targeting.
As web servers have no innate ability to track users, cookies exist not only to allow marketers to analyze visitors’ behavior but also to remember this information so that web users don’t have to perform tasks repeatedly, making for a better user experience.
With the goal of enhancing web privacy, Google recently announced they would be eliminating third-party cookies from its Chrome browser over a three-month period, starting in mid-2023 and ending in late 2023.
How will these changes affect publishers and marketers and their advertising strategies as we move into a third-party cookie-less world?
This article examines the difference between first-party and third-party cookies and how website owners can pivot to prepare for the impending phase-out.
What Are Cookies?
Cookies allow website owners to identify and track online users. Cookies are central to online marketing strategies.
From a technical perspective, first-party cookies and third-party cookies are the same types of files. The difference between them lies in how they are created and used by websites.
What is a First Party Cookie?
First-party cookies are created by the host domain, the domain which the user is visiting. First-party cookies are generally considered to be positive for everyone involved in the browsing experience. They allow the session to be kept open and help to provide a better UX.
First-party cookies enable the browser to store key pieces of user information, allowing it to remember language preferences, user names, and passwords.
First-party cookies also communicate user data with e-commerce sites, allowing them to store items users have put in their shopping carts as well as their browsing history.
If you ever wondered how Amazon remembers your personal information, such as your login details, language settings, and shopping history, a first-party cookie is the answer.
What is a Third-Party Cookie?
Third-party cookies are cookies placed on a user’s device by a company other than the one the user is visiting. These companies are known as third-party associate sites.
Third-party cookies are predominantly used for collecting data and tracking users for online advertising purposes.
They also allow sites to provide certain services, such as live chats.
The third-party cookie is the cookie that is at the center of the debate surrounding cookies and consumer privacy.
Third-party cookies are commonly used for the following purposes:
Cross-site tracking is the process of collecting browsing data from several sources, detailing user activity.
Retargeting uses previous search information from different websites detailing products and services for which a user has shown interest to retarget visitors with ads.
Third-party cookies are used to deliver personalized and relevant ads. Advertisers use them to make decisions about serving ads; which ads will appear, and when. They then collect data, such as clicks and impressions, to inform future marketing strategies.
What about Second Party Cookies?
Second-party cookies, though rarely discussed, also play a role in online data collection. Second-party cookies are cookies that transfer first-party data from one company (the company that created the first-party cookie) to a second party via a data partnership.
It is becoming increasingly popular in programmatic advertising for large companies to share their first-party data with other websites—in another industry—that have overlapping customer types.
Second-party cookies are the conduit here, and they are used to increase conversion rates and influence more efficient ad spend.
Key Differences Between First Party and Third Party Cookies
While first-party and third-party cookies are the same file type, there are a few key differences in how they operate. The three main differences are as follows.
Setting the Cookie
Availability of the Cookie
When it comes to first-party cookies, only the domain that created them can access and track them. However, third-party cookies are accessible to any website that loads the third-party server’s code.
Browser Support, Blocking, and Deletion
All browsers support first-party cookies. And while they can be turned off, it often leads to poor UX and the appearance of a ‘broken’ website.
While all browsers also support third-party cookies, many have now made it a default setting to block them.
Third-Party Services That Leave Cookies
Several third-party service providers leave third-party cookies in the user’s browser. Here are the main culprits:
Ad retargeting is a marketing strategy that involves tracking third-party data of the products and services a user has previously interacted with and then showing them ads for said products. Retargeting is used across several channels, including social media, display advertising, and email marketing.
Many social media plugins use third-party cookies. These enable users to log in, as well as like and share content on third-party sites.
The social media sites where these third-party cookies originate can then track the sites a user visits. This data is then used to serve relevant ads when they return to the social site. Privacy can be a genuine concern with this type of third-party cookie, as these cookies can still identify users even if they are not logged in. They do this by identifying a user’s cookies, deterministic matching, and in some cases, even ‘fingerprinting’ a user’s device.
When it comes to cookies, live chat pop-ups operate in a very similar way to social buttons. Because the chatbox can identify the user via the third-party cookie, it is able to remember the user’s details and conversation history. This data will be removed when the user deletes their cookies.
Third-Party Cookie Phase-Out
In an increasingly digitally-savvy world, user privacy has become a contentious issue. Users are demanding greater privacy, transparency, and control over how their data is used. This demand led Google to announce that it would phase out third-party cookies on its chrome browser by the end of 2023.
An initiative Google has termed "Privacy Sandbox" will be used by the company to "sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete".
While discussions for Privacy Sandbox are still in their infancy, Google has announced that the tool will enable marketers to continue to serve ads with a reduced amount of data.
‘Some ideas include new approaches to ensure that ads continue to be relevant for users, but user data shared with websites and advertisers would be minimized by anonymously aggregating user information, and keeping much more user information on-device only. Our goal is to create a set of standards that is more consistent with users’ expectations of privacy.’
While the death of third-party cookies may come as a surprise to publishers, it has been a long time in the making.
Governments worldwide have been making recent policy changes in the wake of investigating privacy concerns. In October 2019, Europe's highest court ruled that website users in the EU must now actively consent to the use of all analytics cookies when they log on to a website.
This ruling means that sites in the EU must gain explicit opt-in consent from users before they can load third-party cookies onto the user’s browser.
With research showing that less than 46% of marketers feel prepared for these changes around third-party data, advertisers need to look at other methods for tracking visitor’s behavior.
Publishers, advertisers, and agencies will have to pivot their marketing strategies, employing alternative tools to continue to deliver personalized advertising.
By exploring how to leverage first-party and transactional data, publishers can continue to monetize their sites successfully.
For publishers who still rely on third-party cookies to inform their monetization efforts, Publift can help. We have years of experience utilizing first-party strategies to deliver personalized, relevant ads, and we can help you move successfully into the third-party cookie-free world.