The End of Third-Party Cookies

Tobias Pennings
September 10, 2024
Overview
This is also a heading
This is a heading

Google's decision to phase out third-party cookies in Chrome was initially announced in 2020, but was then delayed several times. By January 2024, Google had finally begun phase one of phasing out third-party cookies by applying it to 1% of all Chrome users as a test. And by the end of 2024, this would apply to 100% of Google Chrome users.

In the meantime Google is has already cancelled its plans to completely phase out third-party cookies but will instead, like Safari and Firefox, give users the choice to disable third-party cookies. They have also pushed back their initial deadline to 2025. Google says they will introduce a new experience in Chrome that will allow people to make an "informed choice" that applies to the users entire Internet use, and that the user would be able to change that choice at any time.

In this article, we will take a deep dive into the world of cookies, the reasons behind the elimination of third-party cookies, the alternatives that are emerging, and how you as a business can continue to navigate these changes. In addition, we invite you to an exclusive webinar where we take an even deeper look at the future of digital ads and give you practical tips on how to adapt your strategy.

What are third-party cookies and why are they so important?

Cookies are text files stored on a visitor's computer when they visit a Website. They play a crucial role in personalizing the user experience, for example, by remembering login information or storing shopping carts. If the visitor returns to the site at a later time, the same text files are invoked so they are instantly logged back in or their shopping cart is automatically refilled with the previous products. However, cookies can also be used to track users across different Web sites, which is known as cross-site tracking.

Third-party cookies are text files placed not by the website you visit, but by another party, such as an advertiser or a social media platform. These cookies have been essential to the advertising industry because they allow companies to show targeted ads based on a user's behavior across different websites. Collecting this data allows companies to build a detailed profile of a user's interests and preferences, leading to more effective ads. But that also used to ensure that interests a visitor showed by visiting a particular site, that anyone could use that collected data about that interest to target the visitor.

Because of increasing privacy concerns and the growing demands of Internet users for greater control over their personal data, third-party cookies are increasingly under discussion. These cookies, once introduced at a time when there was less attention to regulation on the Internet, have been a standard method for online marketers and business owners for many years.

As a result, they have become accustomed to using them to track visitor behavior and show personalized ads, for example. The disappearance of third-party cookies therefore poses a challenge because this trusted tool has become an important part of how online tracking and online marketing work. Tracking methods such as third-party tracking and client-side tagging depend on the visitor's browser and the use of cookies present in a user's session.

The difference between first-party and third-party cookies

First-party cookies are placed on a visitor's browser what is installed on the site by the website owner. What makes these cookies first-party is that they are set by the domain of the visited website itself. This distinguishes them from third-party cookies, which are set by a domain other than that of the website visited. Although first-party cookies are often associated with session cookies and essential cookies for a website's functionality, they can also be used for tracking and analytical purposes. It is a common misconception to assume that first-party cookies are only short-lived or exclusively essential to the website.

Third-party cookies, on the other hand, are often used for cross-site tracking. They allow third-parties to track users across multiple Web sites for personalized advertising and analytics. This ability to track users across sites, along with the fact that they are placed by a different domain, is the key distinction between third-party and first-party cookies. However, both types of cookies can be used for functions such as remembering user preferences or tracking session information. In addition, both first- and third-party cookies can be session cookies, which are deleted when the user closes the browser. Therefore, it is important to always seek consent through a Consent Management Platform before cookies are placed unless they are strictly necessary for core website functionality.

Browsers such as Firefox and Safari have already taken steps to block those third-party cookies making you dependent on first-party cookies there, and now Google Chrome, too, is about to phase out third-party cookies.

Why do all browsers stop third-party cookies?

The decision to abolish third-party cookies stems from growing concerns about privacy. Internet users are becoming increasingly aware of how their data is collected and used online, and this has led to a growing demand for greater control and transparency. In addition, various privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S., have increased pressure on companies to adjust their data collection practices.

Browsers such as Firefox and Safari have previously taken steps to block third-party cookies through their respective Enhanced Tracking Protection (ETP) and Intelligent Tracking Prevention (ITP) programs. These features limit the ability to track users across websites, which poses a challenge to advertisers who rely on personalized ads.

Google Chrome, the most widely used browser worldwide, has taken a different approach. In addition to giving Chrome users the ability to block third-party cookies, Google is also introducing a new initiative called the Privacy Sandbox. This initiative aims to develop alternatives that can replace the functionality of third-party cookies while respecting users' privacy. In fact, Google is in a difficult situation. As a browser, like Safari and Firefox, they want to ensure the privacy of their users, but Google also has a large advertising platform which relies on third-party cookies.

What will replace third-party cookies?

Google's Privacy Sandbox is one of the most promising initiatives to replace third-party cookies. The Privacy Sandbox consists of several APIs aimed at protecting users' privacy while still allowing advertisers to show effective, targeted ads.

Here are some of the key APIs within the Privacy Sandbox:

  1. Topics API: This API allows browsers to categorize users based on broad topics such as /Arts & Entertainment/Music & Audio/Rock Music or /Computers & Electronics/Software/Web Browsers without tracking their behavior across websites. Ads are then displayed based on these topics, allowing users to see relevant ads without compromising their privacy.
  2. Protected Audience API: This API allows users to become members of specific interest groups, managed within their Google Chrome browser. This gives users more control over which ads they want to see based on stated interests without having to be tracked across the Internet by a third party.
  3. Attribution Reporting API: This API helps advertisers understand which ads are effective without collecting personal information about the users. So as an advertiser, you do get to see how effective your campaigns are without seeing personally identifiable information (PII).
  4. Shared Storage API: This API lets advertisers store information about users in a way that protects their privacy. It is designed to provide the required data storage, processing and sharing without the ability to track and profile users.
  5. Fenced Frames API: A fenced frame is an HTML element similar to an iframe, but with additional privacy protection. Whereas iframes can normally exchange data with the page in which they are embedded, a fenced frame restricts this communication. This ensures that the frame can access cross-site data without sharing it with the page in which it is embedded. This prevents advertisers from collecting information about the user through the ad itself.

While the Privacy Sandbox is promising, it has also received criticism, particularly from the U.K. Competition and Markets Authority (CMA). The CMA is concerned that Google's new technologies could limit competition in the advertising market and further strengthen Google's dominant position. This has led to a delay in the rollout of the Privacy Sandbox as Google works closely with the CMA to ensure the new technologies are both privacy-friendly and fair.

The CMA also raised specific concerns about the various APIs within the Privacy Sandbox, including the need for greater transparency and better control mechanisms to prevent abuse. This underscores the complexity of developing new technologies that both protect user privacy and preserve advertising opportunities.

The Role of Consent Management Platforms

With the elimination of third-party cookies and the introduction of new technologies such as the Privacy Sandbox, it is becoming increasingly important for companies to have a solid data management and consent strategy. Consent Management Platforms play a crucial role in this regard.

A CMP helps companies manage users' permissions to set cookies and collect data. It ensures that companies comply with privacy regulations such as the AVG and the CCPA by informing users about what data is collected, why and how it is used. This not only helps minimize legal risks, but also helps build consumer trust.

For example, a good CMP can automatically distinguish between first-party and third-party cookies, and ensure that only the necessary cookies are set until the user explicitly consents to other cookies. This is essential at a time when users want more and more control over their own data. We, at AdPage, always set our Server-Side Tagging implementations via Cookiebot or Cookiecode because these CMPs also work well in conjunction with Google Tag Manager where other Google Certified CMPs often fail to do so.

Prepare for the future

The future of online marketing is complex, but it also presents opportunities at this time. Want to learn more about how to prepare for the slow decay of third-party cookies and how to leverage new technologies? Then join our exclusive webinar!

During this webinar, we'll discuss in detail the changes that are coming, share practical tips and strategies, and answer all your questions about how to keep running successful online campaigns.

Sign up today and make sure you and your clients are ready for the future of digital marketing.