Getty Images/iStockphoto
The death of third-party cookies: What marketers need to know
Marketers need to revisit their marketing strategies now before third-party cookies disappear forever. Here's what you need to know.
Cookies have enabled the growth and success of many digital marketing and sales efforts across the internet.
In the physical world, marketers rarely -- if ever -- knew exactly how many people actually looked at an advertisement. But internet cookies have enabled marketers to identify if a user has previously visited a site, along with other customer data points.
Cookies have also enabled marketers to deliver more relevant and targeted ads to users. Instead of a generic display ad, cookies can enable delivery of ads that are more attractive to specific users.
Advertisers have relied on third-party cookies since the 1990s. But third-party cookies in the marketing landscape may soon come to an end, due to security and data privacy concerns.
What are third-party cookies?
A cookie is a small amount of data that is stored in a user's web browser. It can track if a user has visited a website before, login information or other user behavior attributes. Cookies can also improve user experience and collect a limited amount of customer data.
For web browsers, there are two foundational types of cookies: a first-party cookie and a third-party cookie.
A first-party cookie is set and accessed by the same website the user is visiting. It is also sometimes referred to as a SameSite cookie. First-party cookies help with personalization for the specific site a user is visiting.
A third-party cookie is set and accessed by a different entity than the local domain or website the user is browsing. A third-party cookie can help to track users across multiple sites to better understand user behavior beyond a single site. Marketers and social media platforms often use third-party cookies for advertising purposes.
Google postpones death of third-party cookies
While third-party cookies are a good thing for marketers, the same cannot be said for user privacy. Third-party cookies have long been viewed as a tracking mechanism that can potentially violate user privacy.
While generally safe, third-party cookies could potentially represent a security risk. For example, there could be user risk if the cookie is not properly secured, if data includes personally identifiable information or other forms of personal data, and if the data is shared without authorization.
Major tech companies and browser vendors including Apple, Mozilla and Google have all announced initiatives to phase out support for third-party cookies over time. Apple's Safari and Mozilla's Firefox browsers have already blocked third-party cookies by default. Google is still in the process of cookie deprecation for third-party cookies in its Google Chrome web browser.
In August 2019, Google announced a plan to block and disable third-party cookies in its Chrome browser. Then in January 2020, Google's Privacy Sandbox project was unveiled. The intent was to bring in a more privacy-sensitive approach than third-party cookies. At that point, Google expected to declare third-party cookies dead by 2022. As it turns out, the 2022 deadline was never met and Google has repeatedly delayed the ultimate demise of third-party cookies.
On June 24, 2021, Google gave third-party cookies an initial stay of execution, delaying the transition to 2023. The delay has since been extended several times.
In January 2024, Google began to phase out some third-party cookies with the introduction of the Tracking Protection feature -- part of the Privacy Sandbox feature in Chrome. The feature was initially rolled out to 1% of Chrome users with the idea that all users would get it by the end of 2024.
In April 2024, Google announced that it delayed plans again and would not be able to complete the process by the end of 2024.
Among discussions with regulators is an ongoing investigation by the European Union into Google's advertising activities. The United Kingdom's Competition and Markets Authority is also investigating Google's Privacy Sandbox plans.
As of April 2024, neither Google nor regulators have provided a precise timeline or exact date for when third-party cookies will finally be eliminated for all users. There is some speculation that the actual date will be some time in 2025.
Why businesses need to create a new marketing strategy now
To comply with privacy laws and regulations -- including General Data Protection Regulation and California Consumer Privacy Act -- website operators have had to identify when third-party cookies are used and ask users to allow them.
The need to allow cookies creates a friction point for some users when they don't allow cookies. Without cookies, marketers may not be able to accurately deliver targeted digital advertising. So, even in the absence of an outright ban on third-party cookies, users need to opt-in to allow them, which not all users will do.
There is also a growing use of ad blockers inside browsers, including Google Chrome. Ad blockers often rely on blocking third-party cookies to be effective.
It's no longer a good strategy for marketers to rely on third-party cookies, as they did during the early days of the internet. It is necessary for marketers to have an alternative online advertising and marketing strategy.
Alternatives to third-party cookies
There are alternatives to third-party cookies that can help with online marketing efforts.
One of the primary hurdles behind the death of third-party cookies is the delay in Google's suggested replacement, known as Federated Learning of Cohorts (FLoC). FLoC's premise is that privacy can be protected by clustering groups of users together by interests. It would hide individual users and enable advertisers to reach an appropriate audience. FLoC is positioned by Google as a potential industry standard.
However, FLoC isn't the only alternative to third-party cookies. Here are some others:
- First-party cookies. While third-party cookies may not be around for long, there is no indication that first-party cookies are going away. With a first-party cookie, the origin site can still collect and understand customer data that it can use to improve user experience. This data collected directly from a company's own sources is known as first-party data.
- Zero-party data. The concept of zero-party data is one where users voluntarily provide information to a site or platform.
- Identification (ID) providers. With ID providers, users opt into a service, giving permission to provide information about themselves to marketers. There are also ongoing efforts to develop email address-based identity associations known as unified identifiers (UID 2.0).
- Authenticated traffic solutions. ATS enables publishers and advertisers to identify users through direct authentication methods -- such as logins -- in a privacy-compliant manner. As third-party cookie tracking declines, ad tech platforms that use alternative user identification methods are becoming increasingly important for marketers.
- Device fingerprinting. This method enables a site operator or marketer to collect information about a user's device or browser. device fingerprinting makes it possible to profile a device and its usage for more targeted marketing.
- Contextual targeting. Also known as contextual marketing, this approach relies on the context of the site the user is visiting. For example, if a user is on a site searching for a keyboard, they will be shown advertisements about keyboards.
- Tracking pixels. Tracking pixels serve as an alternative to third-party cookies by providing a different method for tracking user behavior. Tracking pixels collect data from users when they visit a webpage and then deliver this data directly to a server.
Read more on tips for creating a personalized marketing strategy here.
