What's happening with cookies?

After returning from a summer sabbatical, one of the topics I wanted to learn more about is the depreciation of third party cookies by Chrome, a.k.a. the "cookiepocalypse". It took me way longer than I thought to wrap my head around it, because it is a bunch of interconnected technical topics and the articles online seem to copy each other with only basic info. Also even after working with attribution models and tracking for years, I realized there were things I didn't quite understand correctly.

In order to help myself digest it better and get some feedback and discussion on the topic, I'm sharing what I learned in a series of Q&A. Happy to hear any thoughts, corrections, contributions, or questions.

The topic

Google Chrome browser is going to block third party cookies as a default setting starting in 2024. Main reason: privacy concerns. Initially the change was planned to happen in 2022, but it was pushed back several times, due to the delay in testing alternative solutions.

First and third party cookies

Assuming we all know what cookies generally are, 1st party cookies are the ones used/owned by the website that sets those cookies, for example to provide certain functionality on the website, or track website performance. For example, cookies set by your developers, Google Analytics, Hubspot and similar.

3rd party cookies are ones that track people across different websites, usually used for advertising and conversion tracking purposes. Examples: cookies used by Doubleclick, advertising platforms like Criteo, AdRoll etc.

Here's a nice resource from Google listing all the cookies Google services use in their different tools, with the domains and cookie types.

What about Facebook and Linkedin cookies?

Those platforms introduced various settings for their tracking codes: you can use Meta Pixel with both 1st and 3rd party cookies, and Linkedin enhanced conversion tracking allows you to enable 1st party cookies with the same LinkedIn Insight Tag. The difference is you use data from your own domain (1st party cookies) or cross-site (the usual 3rd party cookies).

How about the other browsers?

According to Statista, Chrome's market share is around 63%, followed by Safari (21%), and others. Safari is already blocking 3rd party cookies by default since 2020 with its ITP feature (Intelligent Tracking Prevention). The latest version is ITP 2.3, which restricts some 1st party cookies too, in order to reduce workarounds built for 3rd party cookie blocking, such as the so called link decoration.

Should we all assume we know exactly what cookies are?

Not really. Yes, cookies are small pieces of code that are sent by the website you visit to the browser. But cookies are not the only element in processes like tracking website performance by Google Analytics, or serving an ad. It's a bit more complicated than that.

What is the impact of blocking 3rd party cookies on marketing?

What's hit the hardest is programmatic advertising, including various media platforms, and also Google Display Ads that also rely on 3rd party cookies for now. This applies to processes like audience targeting, frequency capping, and conversion tracking and attribution.

While not everyone buys programmatic ads from media platforms, something that's more problematic is that this also concerns display ads (GDN) and remarketing campaigns, which use 3rd party cookies no matter which platform you use.

Lastly but arguably most importantly, conversion attribution and analytics will be impacted. Some think that the impact might actually be positive, as 3rd party data is not most reliable anyway.

What alternatives to 3rd party cookies is Google working on?

Google is leading an initiative to develop a set of tools collectively called the Privacy Sandbox, with the aim of creating new standards for advertising and tracking that don't compromise user privacy. The main idea is to advertise to groups of people using cohorts, instead of tracking individuals (based on the idea of k-anonymity). The main things that are jeopardizing privacy and aimed to be replaced are 3rd party cookies/cross-site tracking and device fingerprinting.

The contributors to this initiative are ad technology companies, such as Criteo, Adjust, Outbrain, NextRoll, RTB House and others. In case of successful results, the tools developed in the framework of the Privacy Sandbox could become industry-wide and be implemented by other browsers.

Here are the names of some of the proposed solutions:

• For behavioral targeting: FLoC API, followed by a newer version called Topics API
• For retargeting: Turtledove, followed by Fledge API and renamed to Protected Audience API
• For measurement and reporting: Attribution Reporting API

How is the industry responding to that?

So far the industry response to those solutions has been more on the negative side, for two reasons: they don't help with privacy as expected and they give Google even more control over advertising in Chrome. Apple and Mozilla refused to implement Topic API in Safari and Firefox, while Microsoft with Edge browser are on the fence. Moreover, there's antitrust concerns voiced by some legislators.

What advice is given to marketers?

The most obvious things are collecting and using 1st party data wisely, trying out more contextual targeting, and waiting to see what the Privacy Sandbox comes up with.

How is this all related to client- vs server-side tracking?

This is a whole new topic I'm about to research and write about next.