The COVID-19 pandemic has thoroughly disrupted many things, including the digital world. Every industry and consumer now recognize the importance of digital channels and experience. Zoom has become our default handshake and remote work is now a mainstay. However, because of its continuing impact, little mainstream emphasis has been given to the death of third-party cookies and how that will change the $500 billion digital advertising industry in perpetuity.
Marketers have used third-party cookies for years as the primary anchor to inform digital advertising and user experience by tracking information about visitors and their behavior when they are not on your site. It has been used for data tracking, personalization and ad targeting based on user data like demographics, interest, location, etc.
A Christmas Surprise Ruined
Here is an example of third-party cookies in action: I wanted to buy a special Christmas present for my 10-year old boy that didn’t involve Fortnite or Roblox. I really wanted to make it a surprise. Call me nostalgic for the days when kids didn’t name their own presents and the look of awe on their faces when they first unwrap a gift on Christmas morning.
I landed on the idea of buying him a telescope, hoping to spark an interest in astronomy. After spending a few days on Amazon looking at different telescopes, comparing prices and reviews, I settled on a reasonably priced telescope with great reviews. I was really proud of my surprise gift, but little did I know what third-party cookies had in store for me. My 10-year asked this question out of nowhere: “Dad I was playing games on your phone and between matches I keep seeing ads for telescopes. Maybe we should get one!”
Just like that, the surprise was gone. This example shows the unintended consequences of third-party cookies. In general, they are used to improve the user experience. After all, what’s wrong with seeing more relevant content and ads versus things you don’t care about?
The Difference Between First- and Third-Party Cookies
Let’s take a step back and do a quick look at how third-party cookies differ first-party cookies.
When a person visits a website, the website saves data in the users’ browser to improve their experience, such as passwords, preferences, selections and more. These are first-party cookies.
Imagine you are a native Spanish speaker and you visit a sports website on your new laptop. The first thing you might do is select language to view the site in Spanish. When you visit the site again tomorrow, the site is in the Spanish language. Why? Because it had stored a first-party cookie on your new laptop indicating your preference for Spanish that it can read every time you visit the site.
Now imagine you leave the sports site and visit a news site for the first time. The page loads in Spanish as the default language. In this case, the news website is using a cookie not of its own to determine your preference, hence a third-party cookie.
Clearly third-party cookies are improving the user experience in this case. So why are third-party cookies under attack?
Unfortunately the majority of third-party cookie use is to help advertisers target users. This mechanism is what privacy-advocates have long criticized because users have little control or say on how much of their behavior is used or how advertisers track and target them. In acknowledgement of these concerns, the EU’s highest court ruled in October 2019 that the burden of obtaining user consent for their data falls on the site, not the user. With this ruling, EU users must consent to all cookies. Otherwise, the website has no right to track or target users.
Related Article: How Marketers Can Break Their Third-Party Customer Data Habit
Apple's Move to Block Third-Party Cookies
With more transparency and control in the user's hands, why are cookies going away? It's because companies like Apple, Google and Mozilla are finally responding to the concerns of privacy advocates around the world who have long decried the use of third-party cookies. Apple already killed a popular technology in Flash before, now it has cookies in its sights.
Apple released an update to its intelligent tracking prevention (ITP) for Safari in March 2020 which included a major privacy win. The new update allows users of its Safari browser to block all third-party cookies, effectively removing the benchmark technology for tracking and advertising. As a follow up, Apple announced in November that Safari 14 will contain measures against CNAME Cloaking. CNAME Cloaking is used to circumvent the line of demarcation between first- and third-party cookies by mapping an internal domain to an external one, allowing it to access users’ cookies as a first-party.
Given the popularity of Apple software, these moves dilute and will eventually rid the internet of third-party cookies.
Google's Plans to Phase Out Third-Party Cookies
Not to be outdone, Google made a splash of its own. Back in January 2020, Google revealed plans to completely phase out third-party cookies in Chrome “within two years” of the announcement. Doing so would create what Google referred to as a “Privacy Sandbox,” a secure and controlled environment to improve user experience without sacrificing user privacy.
The full details of this initiative are still unknown, which is why Google gave its engineers two years to figure it out. Google's move would most certainly spell the end of third-party cookies as we know them, as Chrome usage accounts for more than half of online browsing. Adding to this, Firefox has also banned third-party cookies since 2013 and the end of the third-party cookie seems all but guaranteed.
Related Article: Are Your Cookie Consent Banners Hurting or Helping?
A Profound Impact on Privacy and Experience Alike
Regardless of how you feel about third-party cookies, we can all agree this new direction will improve user privacy. Just as you don’t hear many arguments against seat belts, I can’t expect many people to line up on the side of less privacy or transparency. So what is the argument for third-party cookies and why is there any controversy surrounding their dissolution?
The argument is simple. When used correctly, third-party cookies can be very effective in helping marketers render relevant and improved user experiences. Remember the sports and news websites scenario above? That is a simple example of improving the user experience using third-party cookies. The same concept applies to advertising. Relevant ads are more effective for advertisers and less off-putting to users.
Getting rid of third-party cookies wouldn’t only decimate relevancy and experience, but also things we take for granted. A preview of that eventuality can be seen with the very public battle between Facebook and Apple over the new iOS updates which requires apps to ask users their permission to be tracked. The response is to be expected from companies like Facebook, whose business model and frankly livelihood are being threatened.
For many of us, paying for online services is unthinkable. We are more than happy to watch a 30-second ad before enjoying our favorite YouTube video or seeing a targeted advertisement every third post on Facebook, as long as we are not paying for those services. Now imagine a world where advertising is not as effective or lucrative when the third-party cookie goes away. Imagine not being able to enjoy news sites, sports sites, social media, etc. without paying a subscription fee or pay-for-use. I am sure no one, including privacy advocates, would like to see this world be our new reality. So what has to give?
Related Article: Facebook, A Case Study in Ethics
The Opportunity Forward
There are no easy solutions here. Cookies were a great idea which marketers then abused, leading to the current extreme move to end them. I am interested to see how Google’s “Privacy Sandbox” will unfold. That initiative can help pave the way to a brave new world beyond third-party cookies. It promises to resolve privacy issues by classifying cookies as well as “aggressively” blocking fingerprinting. Fingerprinting allows developers to use information like device type, fonts installed and other seemingly unimportant data to create a unique identifier for each user and use it across different domains. Unlike cookies, users cannot block, restrict or clear fingerprinting.
Advertising is a core part of Google’s business model, amounting to over $100 billion of its revenue in 2019, an amount that's larger than any one country’s advertising business except the United States. Clearly it's in Google's interest to invest in improving online advertising, not killing it.
Beyond Google, innovators, creators and startups now have an opportunity to find creative solutions for the advertising world. Nothing is as powerful as pioneers trail-blazing their way to the next great idea. Be it a new protocol that can replace third-party cookies without sacrificing privacy or an AI-driven mechanism that leverages first-party data more effectively, smart people always find a way.
However, our digital experiences cannot wait for the next Steve Jobs, Larry Page or Sergey Brin. Marketers and technologists need to fend for ourselves and cater to our users. The simplest path forward for us is focusing on giving the most relevant and frictionless journey to our customers using the information they feel comfortable sharing with only us. This starts by improving the consent mechanism we offer our users by providing them with a frictionless process to share their information. After consent, we should identify and collect the right data from our users — a step which is often poorly done. We also need to focus on leveraging that data more efficiently once shared by the user. In my experience, most organizations that identify and track the right data from their users fail to effectively utilize it to improve that user’s experience.
Admittedly, this is a high-level look that glosses over a ton of nuance. We have a lot of ground to cover, but at the end of the day let's all strive not to ruin anyone’s Christmas surprise.