For years, brands have been using them to track website visitors, improve the user experience, and collect data that helps us target ads to the right audiences. We also use them to learn about what our visitors are checking out online when they aren't on our websites.
The third-party phase-out was initially announced in February 2020, but Google accelerated buzz around it this month when they announced that they won't be building "alternate identifiers to track individuals as they browse across the web, nor will we use them in our products."
"We realize this means other providers may offer a level of user identity for ad tracking across the web that we will not — like PII graphs based on people’s email addresses," a Google post wrote.
"We don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long term investment. Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers," says Google.
While numerous advertising agencies criticized Google's pivot, companies like GetApp have begun to research potential marketing impact. In a recent survey. GetApp, which provided HubSpot with exclusive data, discovered that:
- 41% of marketers believe their biggest challenge will be their inability to track the right data.
- 44% of marketers predict a need to increase their spending by 5% to 25% in order to reach the same goals as 2021.
- 23% of marketing experts plan on investing in email marketing software due to Google’s new policy.
Below, I'll note a brief history of how the third-party cookie phase-out, and Google's pivots for tracking security, came to be. Then I'll highlight a few things marketers should keep in mind as we get closer to 2022.
A Brief History of the Third-Party Cookie Phase-Out
While you might be seeing this news for the first time, we've been following it since 2020 and just recently updated this post to reflect Google's most recent statements.
In February of last year, a Google blog post announced the phaseout ang gave initial reasoning for the pivot. Like the statement noted in the intro, Google similarly explained that this move was being done to protect users asking for more privacy.
"Users are demanding greater privacy--including transparency, choice, and control over how their data is used--and it’s clear the web ecosystem needs to evolve to meet these increasing demands," the post wrote.
Although Firefox and Safari had already phased out the third-party cookie, Google's post said that its changes will happen over the course of two years as the tech company works with advertisers to ensure that this pivot doesn't destroy the online advertising business.
"Some browsers have reacted to these concerns by blocking third-party cookies, but we believe this has unintended consequences that can negatively impact both users and the web ecosystem," the blog post notes. "By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control. We believe that we as a community can, and must, do better."
Although Chrome isn't the first browser to phase out the third-party cookie, it's the biggest. In late 2019, Google Chrome made up more than 56% of the web browser market. Chrome also accounts for more than half of all global web traffic.
Meanwhile, Safari and Firefox, which have blocked third-party cookies since 2013, come in a distant second and third place, respectively.
Because Chrome, Safari, and Firefox will all no longer support this type of data tracking by 2022, publications like Digiday are calling Google's phase-out the "death of the third-party cookie."
What happens next?
As with any major shift involving privacy, data, and advertising, business experts and publications have been frantically buzzing about how the phase out and Google's rejection of ad-tracking will change the way we do business online.
But, do we really need to panic?
The truth is, Google Chrome's privacy efforts could heavily impact some areas of the marketing and advertising space, while other tactics will still stay pretty much the same.
However, if you're an advertiser or a marketer who's thrived on third-party data or individual data for pinpointed online audience targeting strategies, you might be worried about how you'll navigate this pivot.
Although some big changes might be underway, new alternatives are also emerging. To help you prepare for a world without third-party cookies, here are four things you should keep in mind about the latest cookie phase-out.
5 Things to Know About Google's Cookie Phase-Out and Privacy Pivots
1. Google isn't banning all cookies.
If you're thinking that all your cookie-fueled marketing strategies will soon be rendered obsolete, take a breath.
So far, Google says it's only planning to phase out the third-party cookie on its browsers. However, first-party cookies that track basic data about your own website's visitors are still safe.
In fact, in Google's 2021 announcement, the tech giant called first-party relationships "vital." So, ultimately, any first-party data you gain from your website's visitors on all browsers will still remain in-tact.
Still not sure about the difference between first-party and third-party cookies? Here's a quick breakdown.
A first-party cookie is a code that gets generated and stored on your website visitor's computer by default when they visit your site. This cookie is often used for user experience as it is responsible for remembering passwords, basic data about the visitor, and other preferences.
With a first-party cookie, you can learn about what a user did while visiting your website, see how often they visit it, and gain other basic analytics that can help you develop or automate an effective marketing strategy around them. However, you can't see data related to your visitor's behavior on other websites that aren't affiliated with your domain.
Ever wonder how Amazon always remembers your login information, the language you speak, the items in your cart, and other key things that make your user experience so smooth? This is because Amazon uses first-party cookies to remember these basic details.
On the other hand, if you're a marketer running a website on a CMS, you'll have access to analytics dashboards that track first-party cookie data. For example, you'll usually be able to see basic analytics, such as the number of web sessions on a page, the number of pages people click on during a visit, basic browser types, geographical demographics, or even referring websites where visitors clicked a link to your site's URL. However, this data doesn't inform you of everything your visitors do online.
Third-party cookies are tracking codes that are placed on a web visitor's computer after being generated by another website other than your own. When a web visitor visits your site and others, the third-party cookie tracks this information and sends it to the third-party who created the cookie -- which might be an advertiser.
If you're an advertiser, third-party cookie data allows you to learn about your web visitor's overall online behaviors, such as websites they frequently visit, purchases, and interests that they've shown on various websites. With this detailed data, you can build robust visitor profiles. With all of this data, you can then create a retargeting list that can be used to send ads to your past visitors or people with similar web profiles.
Want to visualize how third-party cookie data might work? Say you research a particular smart TV on Amazon. Then, you go to another site later in the day and see an ad Amazon advertisement for the same exact product. If you aren't on an Amazon-owned site, it's very possible that this advertisement was triggered by third-party cookie data.
While first-party cookies are accepted automatically, visitors must be informed that they are accepting a third-party cookie due to the amount of data that companies can retain from them.
The bottom line? If you're just aiming to track your website's visitors' behaviors, preferences, and basic demographics only while they're on your website, you probably won't be deeply impacted by this change.
However, if you're a marketer that relies on robust data for online advertising, pop-up ads, or a pinpointed audience-targeting strategy, you'll need to continue to follow the news around this phase-out, and consider alternative first-party strategies, as the phase-out nears.
2. Many marketers saw the cookie phase-out coming.
While the "death of the third-party cookie" might seem shocking, it certainly wasn't a surprise.
Recently, governments around the world have been investigating and cracking down on data privacy issues. For example, in an October 2019 shakeup, Europe's highest court ruled that users in the EU must actively consent to all analytics cookies when they log on to a website. If not, the website can’t drop analytics or web tracking cookies on the user’s browser.
The GDPR ruling means that websites can no longer rely on implicit opt-in (meaning, a website displays a cookie banner but the user continues to browser. Websites must not capture opt-in consent before any analytics or web tracking cookies are placed on a browser.
If your website only catered to local or domestic users outside of the affected countries, you might not have been impacted. However, international websites took a major reporting hit as numbers from Google Analytics -- which relies on cookies -- started to appear inaccurately low.
For international brands that relied on Google Analytics, this was a scary reminder that data-driven brands are vulnerable to software-related issues. It also showed us how governance and privacy regulations could dramatically impact our strategies.
Earlier, in August, Google announced it was developing a "Privacy Sandbox." Although Google didn't have a product created when they announced the move, a blog post explained that the tool that could allow marketers to continue to publish and circulate ads to the right audiences without having the same amount of user data.
"We’ve started sharing our preliminary ideas for a Privacy Sandbox -- a secure environment for personalization that also protects user privacy," wrote Justin Schuh, Director of Chrome Engineering, in the Google blog post. "Some ideas include new approaches to ensure that ads continue to be relevant for users, but user data shared with websites and advertisers would be minimized by anonymously aggregating user information, and keeping much more user information on-device only. Our goal is to create a set of standards that is more consistent with users’ expectations of privacy."
In a January 2020 interview with Digiday, Amit Kotecha, a marketing director at data management platform provider Permutive, explained the key features of the proposed Sandbox:
“The most significant item in the Privacy Sandbox is Google’s proposal to move all user data into the [Chrome] browser where it will be stored and processed,” said Kotecha. “This means that data stays on the user’s device and is privacy compliant. This is now table stakes and the gold standard for privacy.”
Between the Privacy Sandbox and GDPR rulings that impacted data tracking, it's become apparent to marketers that the third-party cookie was at risk of governance or other tech company changeups that could render it obsolete. This was so apparent that advertising software firms and publishers were already contemplating alternative solutions before the official news of Google's cookie phase-out broke.
At this point, data management firms, like Permutive, are looking at creating alternative tools for advertisers that more heavily leverage first-party cookies and lump visitor profiles into more anonymous "segments" similar to what Google's Privacy Sandbox is predicted to do.
3. Marketers aren't just concerned about data.
While the elimination of third-party cookies on Chrome will be inconvenient to some, marketers are also concerned about Google's reasoning behind the phase-out.
Without Chrome-based third-party cookie data, you'll still be able to leverage and target Google Ads, which will be powered by Google Chrome's first-party cookies and the Privacy Sandbox tools. However, some ad software and platforms that require third-party data will take a huge hit without support from Chrome.
"This move, while good for consumer privacy (in theory) is likely going to hurt most of the third-party ad platforms that utilize these cookies to generate revenue," says Matthew Howells-Barby, HubSpot's Director of Acquisition.
"The big question behind all of this for me is what's motivating Google to phase third-party cookies out? Is it to improve privacy for the end-user or is it to gain a further grip on the ad market by forcing the adoption of Chrome's own first-party cookie, which would likely result in many of those dollars being previously spent on third-party platforms to move in Google's bottom line."
Howells-Barby isn't the only marketer to voice these concerns. In fact, in a joint statement, the Association of National Advertising and the American Association of Advertising Agencies called the tech giant out for disrupting healthy competition in the advertising space.
"Google’s decision to block third-party cookies in Chrome could have major competitive impacts for digital businesses, consumer services, and technological innovation," the statement said. "It would threaten to substantially disrupt much of the infrastructure of today’s Internet without providing any viable alternative, and it may choke off the economic oxygen from advertising that startups and emerging companies need to survive."
Later in the statement, the two advertising groups urged Google to push back the third-party cookie "moratorium" until effective and meaningful opportunities were made available to advertisers.
4. Google won't stop tracking people entirely.
While Google will not invest in tech that tracks people at an individual level, it will still be investing in alternatives. Along with Google's Privacy Sandbox development, the company has already seen successful advertising results from FloC, a technology that tracks groups of people rather than individuals.
"Our latest tests of FLoC show one way to effectively take third-party cookies out of the advertising equation and instead hide individuals within large crowds of people with common interests," Google's recent announcement explained.
"Chrome intends to make FLoC-based cohorts available for public testing through origin trials with its next release this month, and we expect to begin testing FLoC-based cohorts with advertisers in Google Ads in Q2. Chrome also will offer the first iteration of new user controls in April and will expand on these controls in future releases, as more proposals reach the origin trial stage, and they receive more feedback from end users and the industry," the post added.
5. This move still opens the door for innovation in advertising
While things look grim for one type of cookie, this might not be a bad thing for skilled and adaptable brands.
Although this move does cause concern, Google and other browsers have still taken a stand for user privacy. As privacy laws continue to arise, this might be a great opportunity to look at other less-vulnerable advertising alternatives just incase another governance renders one of your marketing tactics or processes as obsolete.
Why? As a marketer with an innovative mindset, you should always be asking yourself questions like, "Are we too reliant on this technology?" or "What happens if and when our strategy gets regulated?" Innovative marketers will be able to come up with more clever alternatives and ads that identify with the masses -- aside from just hyper-targeted content or annoying pop-ups.
Another area that could be innovated is the way we leverage and use data. As noted above, data management platforms are now looking to create alternative tools that help advertisers track data in a way that makes the most out of the third-party cookie. While these options might be different from your third-party cookie solutions or require some new strategizing, they would still allow you to target and learn about relevant audiences without getting intrusive.
How to Prepare for Google's Third-Party Phase-Out
Don't panic. At this point, marketers, advertisers, and data engineers alike are actively looking for solutions to determine what will happen next. And, because the third-party cookie was already weakened by Safari and Firefox ad blocking, it likely wasn't the strongest advertising tool anymore anyway.
Right now, the best thing to do as a marketer is to continue to stay up-to-date with news related to third-party cookies and other data privacy moves that could impact your business.
If your advertising strategies rely on third-party data, start considering alternatives now. As you continue to follow the news related to the phase-out, you should also vet any software or solutions that can help you better transition away from this type of cookie.
For example, although marketers are wary of Google's move, the tech giant's Privacy Sandbox and could still serve as valuable alternatives for ad targeting. You could also consider strategies or software that can better help you leverage first-party data.
Additionally, you could also revitalize older strategies, like contextual advertising. While third-party data allowed you to place ads directly in front of people who matched certain user profiles, contextual advertising allows you to circulate PPC ads on websites that rank for similar keywords as your ad. This way, if you're selling sports apparel, your PPC ad could show up on sports-oriented websites.
Lastly, to make your brand as safe as possible from future governance or monopoly-related policies, brainstorm even more basic strategies that you can still use to reach your audiences even without cookies, hyper-targeted ads, or mass amounts of data. This will allow you to be less vulnerable to technology, even when you can benefit from the latest tracking software.
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.
In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.
Editor's Note: This blog post was originally published in February 2020 but was updated to reflect current announcements from Google in September 2021.
Originally published Sep 20, 2021 1:15:00 PM, updated May 27 2022