The death of third party cookies

Google's recent delay of the phase-out of third-party cookies has reignited commentary surrounding the future of the ad tech industry.

Although the death of third-party cookies has long been on the cards — thanks to mounting privacy concerns and the rise of mobile web browsing and its associated tracking challenges — Google has been somewhat slow to take action on this front.

While browsers such as Safari and Firefox had already blocked third-party cookies, it wasn't until 2020 that the search giant announced its own plan for deprecating third-party cookies on the Google Chrome browser within a two-year window. Yet, after having already delayed the phase out until 2023, the search giant has decided to postpone it a second time — this time until the second half of 2024.

The search giant's decision has caused quite a stir in the advertising industry, given that Chrome is the preferred browser of more than 60% of global web users.

But with third-party cookies thrown another short-term lifeline, should advertisers feel safe in their continued use?

Perhaps not. Considering that Google's decision only represents a temporary stay of execution, and the continuing emergence and evolution of privacy regulations, advertisers should be weighing alternative solutions sooner rather than later.

‍What Are Cookies?

A cookie is a small bit of data stored as a text file in a browser that allows websites to both track users and customize their browsing experience.

Why Do Cookies Matter?

Website cookies are used for core website functions such as shopping carts, remembering login details, and preferred language and location settings, etc.

‍What Are the Different Types of Cookies?

There are two types of cookies—first-party and third-party—and both collect personal data. The difference lies in how they are created and used.

There are different benefits to first vs third-party cookies.

Let's take a closer look.

What Are First-Party Cookies?

A first-party cookie, which is generated by the website the user is currently visiting, collects personal data for use within that website.

First-party cookies are used to help websites track your visits and activity, which isn't a bad thing. This data is used and shared internally, not with other sites. Unlike third-party cookies, first-party cookies will not be phased out.

Many eCommerce stores can use first-party cookies to keep track of your login details, what's in your shopping cart, or store language preferences.

For example, airline companies use first-party cookies to show your last flight searches and dates. These cookies help with improving the user experience and make your internet browsing more seamless.

What Are Third-Party Cookies?

Third-party cookies, which are created by other websites and platforms, are used for ad retargeting and behavioral advertising.

By adding tags to a page, advertisers can track a user across the web as they visit different websites. This allows advertisers to build user profiles based on search habits so they can serve more relevant ad content.

Advertisers use cookies to ensure their ad campaigns reach their target audience. Third-party cookies have long been seen by many as an invasion of people's privacy. Because of this, browser extensions that block both ads and third-party cookies have grown in popularity.

It's now common to see some websites not enable third-party cookies by default and Chrome allows users to delete cookies stored on the user's browser.

‍How Do Third-Party Cookies Work?

Third-party cookies track and share user information between multiple websites and are most commonly used by the digital advertising industry to help serve more relevant ads to users.

The cookie syncing process helps to streamline data sharing between websites that may use different ad tech solutions

At a basic level, cookie syncing involves multiple ad tech platforms—including supply-side platform (SSPs), demand-side platform (DSPs), and data-management platform (DMPs)—sharing and matching their data to build a unified profile for each user.

All these platforms use cookies during the real-time bidding (RTB) process.

How Are Third-Party Cookies Created?

Third-party cookies are generally created by a website or platform that has received a request to provide a third-party service—such as ad serving or live chat—for another website.

Let's say you've visited a publisher that focuses on pets. That publisher may submit a display ad request for the pages you've visited. These ads can then install a cookie on your browser to track which websites you visit.

‍Why Are Third-Party Cookies Bad?

Third-party cookies enable brands and vendors to create user profiles based on their online behavior and activities, including third-party cookies set by companies the user hasn't even heard of or interacted with.

Other than public perception around user privacy, third-party cookies are becoming increasingly inefficient and ineffective for advertisers to target users and track performance.

Users are now spread across multiple connected devices and use them interchangeably. Third-party cookies are unable to bridge the gap between devices and apps, meaning it is very hard to track the full customer journey.

This causes issues with correctly attributing conversions and budgeting to the right channels, ultimately causing wastage. It also means users don't enjoy a seamless experience with incorrect or out-of-date cookie data being fed to advertisers.

Advertisers guided exclusively by third-party cookies receive an incorrect view of performance, with users being counted multiple times.

In a privacy-oriented world, the online advertising industry must seek out a new alternative to third-party cookies.

Why Has Google Delayed Phasing Out Third-Party Cookies?

Google’s Privacy Sandbox product director, Vinay Goel, said in a blog post that the phase-out of third-party cookies had been in response to “consistent feedback” from its partners.

Goel said: “While there’s considerable progress with this initiative, it's become clear that more time is needed across the ecosystem to get this right.”

Developers, publishers, marketers, and regulators have all apparently told Google that more time was needed “to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome”.

Google announced its Privacy Sandbox in 2019, with a focus on developing the Federated Cohort of Learnings (FLoC). FloC was designed to group people that shared the same browsing interest into cohorts, which then be shared with advertisers, anonymizing the user in the process.

However, the implementation of FLoC was imperfect and there are ways to exploit FLoC (such as reverse engineering the algorithm) that could still lead to trackers building a unique digital fingerprint of the user.

Google has evolved FLoC into Google Topics, which involves the individual’s Chrome browser monitoring their weekly usage before determining a handful of topics that represent their top interests for three weeks.

While Google’s delay is beneficial for both publishers and advertisers still looking for an alternative to third-party cookies, it also benefits the search giant’s own bottomline.

Publift's head of sales and marketing, Ben Morrisoe, said: “The setback in dates gives publishers some welcomed time to find an alternative to third-party tracking. It also shows Google will be looking to make sure they can find something suitable and comparable in performance before ditching the technology.”

He added: “Google has a lot of revenue attached to online publishing, both directly from display advertising and indirectly through their main money printer, search ads. Moving away from cookies before there is a viable alternative would be detrimental to them and the publishing industry as a whole.”

While third-party cookies are safe from being phased out on Chrome for the next couple of years, that doesn’t mean advertisers can relax too much.

The CEO of IT services provider D4t4 Solutions, Bill Bruno, said: “Just because Google has delayed things yet again doesn't mean brands can wait to take action. Google continues to struggle with the decision and way forward given their massive advertising business. But the reality is that other browsers, devices, and operating systems have made changes that restrict and remove third-party cookies.”

Bruno added: “Brands must deliver positive experiences for consumers and the path forward to that is first-party data and ID graphs that provide better opportunities in a fully compliant way. This isn't a time to celebrate a delay; it's time to get to work and future proof your businesses.”

How Does Phasing Out Third-Party Cookies Affect Google?

While Google’s decision to block third-party cookies has undoubtedly been driven by growing regulatory scrutiny over data privacy issues, this is likely only one part of the puzzle.

Google’s plan to phase out third-party cookies has been described by some observers as an advertising power play that will strip competitors of the ability to track users and target them.

The search giant could strengthen its dominance in the segment, dealing a blow to other digital marketing companies that will have less access to tracking data. Website cookies allow for increased competition in the advertising space, allowing digital firms to collect their own data and sell premium ads based on it.

Though Google will also be losing out on website cookie data, it will still have its troves of user data on individuals that it collects through its many, widely used products.

Without third-party cookies, a good chunk of advertisers will turn to first-party data available in Google's tools, which the search giant could profit from immensely.

‍Third-Party Cookie Alternatives: Retargeting Without‍ Third-Party Cookies

Third-party cookies are far from the only way to serve ads, which is good news for both publishers and advertisers. Let's take a look at each of the most widely used cookie alternatives.

1. Device Fingerprinting

Device fingerprinting is a technique marketers use to follow potential customers around the internet.

You may have come in contact with this before if you have ever signed into Gmail or your Apple account from a new device. It's a technique for identifying a device right down to the individual, effectively deanonymizing us and monitoring our actions online.

Device fingerprinting will look at the device you use and several other related data points such as your location, time zone settings, plugins, apps, and operating system version. All this allows marketers to track users in a very similar way as when using third-party cookies.

However, Google intends for device fingerprinting to be phased out alongside third-party cookies as part of their Privacy Sandbox initiative. Considering the search giant's intentions, it might be best to look for a different alternative.

2. Universal IDs

Universal IDs are created by merging multiple sources of a user's identification—for example, email addresses, phone numbers, or even third-party cookies—into a single user identifier. That identifier is then assigned to users to allow for cross-device tracking.

What this results in is better available user data and higher ad prices without risking the anonymity of individual users. Universal IDs also allow for websites to skip the cookie syncing process, speeding up the user experience of websites and preventing bugs.

There are different types of universal IDs that are being tested in the market, including some that still use third-party cookies as part of their ID.

However, universal IDs such as LiveRamp's RampID are driven primarily by first-party data for their ID. So when cookies are dropped from Google in 2024, universal IDs like RampID will be safe.

Final Thoughts

Various privacy updates, including blocking third-party cookies, will hurt the ability to programmatically retarget users.

Apple has already introduced its Intelligent Tracking Prevention (ITP) as a way to prevent ad tech from using third-party cookies. This includes closing a recent loophole that disguised third-party cookies as first-party cookies by redirecting users that clicked on ads to the ad tech's own domain.

If Google's privacy tools and Apple's ITP work as well as many fear, it will mean a significant change to the programmatic industry as we know it, with DMPs possibly even becoming redundant.

The industry will have to find a way to cope with this major change, although many in the industry are touting the use of universal IDs as an alternative.

However you view it, these new updates will lead to some volatility within the digital advertising industry, with online publishers likely to feel the pinch as advertisers develop new strategies to accurately target website visitors. Reduced targeting means decreased cost per thousand (CPM) rates, resulting in a drop in revenue.

With third-party cookies gone, publishers may be inspired to adapt and launch their own ad solutions. With rich databases of first-party data, publishers and media organizations are well positioned to survive in the cookie-free world.

As for advertisers, the new business landscape is likely to push them closer to collaborating with publishers and relying on customer data for targeted campaigns. Ad reach is likely to shrink while pricing will climb.

Because of how things will change, tracking attribution will become more challenging. One thing's for sure: both advertisers and publishers will need to adapt. The ecosystem is yet to go through severe changes, but a new solution will certainly emerge.

Publift helps digital publishers get the most out of the ads on their websites. Publift has helped its clients realize an average 55% uplift in ad revenue since 2015, through the use of cutting-edge programmatic advertising technology paired with impartial and ethical guidance.