Mar 19, 2021

Preparing for the Cookie-Free Future

Update 24 June 2021: Google has announced it is pushing its timeframe for phasing out cookies to 2023.  

In 2020 Google announced it will join Apple and Mozilla in phasing out third-party cookies in its web browser by 2022. Between them all, Google Chrome (64%), Apple Safari (19%), and Mozilla Firefox (4%) take up 87% of the global browser market.

This means that third-party cookies – which have driven the online advertising economy for the past two decades – will soon be consigned to internet history. Although it is still unclear what will follow in their tracks, we can be sure that the world’s biggest tech companies will invest heavily to secure a reliable alternative.

As of mid-March, Apple and Mozilla have already implemented their cookie clampdown, but Google has given itself until 2022 to make the gradual transition. Without doubt, this will lead to a radical overhaul of the online economy that will impact all marketers.

To discern just how seismic this shift will be, and what it will leave in its aftermath, let us analyze:

  • What are cookies anyway?
  • What exactly is going to change?
  • When will the updates take place?
  • What happens next?
  • How should marketers prepare?

What are Cookies Anyway?

Cookies help businesses perform a wide variety of handy functions online. These small packets of data were first used in the 1990s as a way for sites to ‘remember’ which items a user had added to their shopping cart. Soon, their use expanded to include authentication of login status, tracking users across different websites, and storing a user’s browsing history.

In short, cookies are a reliable means of passing on information about the online behaviors of individuals. And somewhere along the way, the balance has tipped away from their reliability and towards the invasion of privacy that cookies can enable.

There are many distinct types of cookie. The two most important types are first-party and third-party cookies.

  • First-party cookies are stored by websites. They enable these websites to remember a user’s settings and they can significantly improve the user experience. These cookies are not targeted by the recent and upcoming changes.
  • Third-party cookies are created and stored by external sites, and not by the site the user is visiting. They can track the user as they move across domains and retarget them with personalized messaging.

Facebook estimates that personalization creates 50% of its advertising revenues, and the social network is clear in its belief that the upcoming changes will limit its ability to personalize ads effectively. For all their privacy limitations, third-party cookies do deliver results.

What is Changing - and Why?

Lawmakers in the European Union and the United States have third-party tracking cookies firmly in their sights. This needs to be placed in its wider context, however. Online privacy is a political issue and newer regulations such as the EU GDPR have a much wider scope than just cookie-based tracking.

Cookies are a symptom, not the disease itself. And while Facebook may tout the success of its personalized ads as proof that consumers want this kind of advertising, there is evidence to the contrary too. eMarketer estimates that in 2021, 27% of internet users have an ad blocker enabled on at least one device. These ad blockers prevent a piece of JavaScript code running on the page, so cookies cannot be created.

There is a broader shift towards greater transparency online today and third-party cookies often operate in a shadow economy. The trouble with such an economy is that its participants are rarely aware of its inner workings. For example, many of us are tracked online without giving permission for adtech companies to gather and trade our data. We can go further still: many brands do not know how their adtech suppliers capture and process customer data.

Regulations such as the EU GDPR have created more awareness of these challenges, with businesses now required to keep transparent data records. The EU GDPR is just the beginning, however, and regulators worldwide are much more attentive on user privacy today. Third-party cookies are an easy target for regulators that do not have a stake in their continued use.

Against this backdrop, web browsers like Mozilla Firefox and Apple Safari have seized the initiative before they are forced to restrict invasive tracking.

But why would Google, in announcing it will phase out third-party cookies by 2022, pursue such a self-defeating venture? After all, Google makes the lion’s share of its gargantuan advertising revenues from tools that use cookie-based tracking. Why is it not taking the same stance as Facebook, which is resisting Apple’s iOS 14 update on the grounds that it will restrict access to data from the Facebook pixel?

In short, Google is embracing an inevitable change, all the better to shape what comes next. There is little point in resisting the shift away from third-party cookies, especially when they have so much to lose if a rival creates the new standard by which all other platforms must operate.

What Comes Next?

Apple’s CEO Tim Cook struck an optimistic tone at a 2019 conference: “Technology does not need vast troves of personal data stitched together across dozens of websites and apps to succeed. Advertising existed and thrived for decades without it.”

Apple, of course, does not rely on advertising revenues - and one can sense that they are enjoying their new role as privacy protectors.

Advertisers now know that personal data fuels highly effective marketing campaigns. They are unlikely to go back to the old methods if they have a choice in the matter.

Google’s loose cut-off date for third-party cookies in Chrome (“by 2022”) provides scope for experimentation. They will not remove this form of tracking altogether until it can be replaced. The big question for Google, along with other adtech companies like Criteo, is: can they provide cookie-like tracking capabilities, while preserving the privacy of individual users?

This seems like an insoluble paradox. Especially since any short-term workarounds that do not preserve privacy will eventually be shut down by regulators. Google is working on this assumption and has made clear that its updates are about privacy, not just cookie-based tracking.

As a result, Google is taking a zero-tolerance approach to unethical techniques that would circumvent its new rules. From 2022, all “user-level IDs” will be restricted within Google Chrome. This includes the practice of “fingerprinting”, which uses a machine’s configuration to identify individual users.

Google’s major announcement was a ‘Privacy Sandbox’, which will use federated learning to aggregate and anonymize data from individual devices. The confidential data will remain on the device, but the algorithm will still be able to learn from patterns across different cohorts.

Google is working on this assumption. Regulators have already said that they are monitoring other practices that may take the place of 3rd-party cookies. But I shall clarify here.

Preparing for the Cookie-Free Future

Under this proposal, advertisers would not be able to target individual users, as they can today through remarketing. Instead, they would target groups that exhibit behaviors that imply an interest in their product or service.

In early tests, Google reports that advertisers could expect to see “at least 95% of the conversion per dollar spent when compared to cookie-based advertising”. We should note that Google tested this method against cookies only in relation to in-market and affinity audiences in this experiment. But as an initial step, this should be encouraging for advertisers.

Facebook, which retains an enviable trove of first-party user data, is also testing new ways to replace its retargeting methodology. The early front-runner is built on “aggregated event measurement”, a similar principle to Google’s cohort-based federated learning. We should also expect to see retailers like Amazon and Walmart make gains, as they can build advertising products within their ‘walled gardens’ of first-party data. Significantly, this first-party data reveals what people buy, as well as what they search for.

It is uncertain how exactly these proposals will play out in the finer detail, but the trend is clear. The major platforms and adtech companies are all working to provide cookie-style performance without cookie-style tracking.

This could allow advertisers to find similar performance levels – if they are willing to adapt to the new reality. Nonetheless, advertisers cannot expect the same level of transparency in their reporting, even if the bottom-line performance looks similar. This has concerning implications for brands that already fear they are ceding too much control to the platform giants. Both Google and Facebook are working on proposals that will inevitably require brands to trust the veracity of their data, without seeing the granular detail.

That will have a knock-on effect for digital marketing strategy and measurement.

How can Marketers Prepare?

The most obvious strategic shift is a move away from individual user tracking and towards more contextual advertising. This means getting close to the patterns of the customer journey, rather than following each customer’s journey.

For example, in the automotive sector brands would target the behaviors that customers exhibit on their path to purchase and create sequential content to match that journey. That could mean placing ads alongside articles that review certain models of car, or YouTube videos of a latest TV ad campaign.

Advertisers will need to layer greater understanding of their customers on top of this approach. This can come in the form of first-party data, which companies can gather by getting closer to their customers. It is essential to demonstrate that data will be handled responsibly, but also that customers can expect a better service in return for sharing their sensitive information. To help with this, marketers should aim for ‘data privacy by design’ on their websites and apps as standard.

There is no need for marketers to panic about these ongoing changes. All the above stems from a customer-centric view of how the online world should operate. If marketers keep this in mind and focus on maintaining customer privacy, future regulations will offer little concern. That shift in emphasis will not remove the pressure to deliver results, of course. But as an industry, we all need to move on from an economic model that requires invasive tracking to deliver those results.

With the collective might of Google, Facebook, and a sizeable adtech industry working on new alternatives, there is cause for optimism among marketers that they will continue to achieve results. No matter where their experimental new methods lead, it is abundantly clear that brands will need to think differently about their data to take advantage. That work starts today, by building closer relationships with customers.


Clark Boyd
Clark Boyd

Clark Boyd is a digital strategy consultant, author, and trainer. Over the last 12 years, he has devised and implemented international marketing strategies for brands including American Express, Adidas, and General Motors.

Today, Clark works with business schools at the University of Cambridge, Imperial College London, and Columbia University to design and deliver their executive-education courses on data analytics and digital marketing. 

Clark is a certified Google trainer and runs Google workshops across Europe and the Middle East. This year, he has delivered keynote speeches at leadership events in Latin America, Europe, and the US. You can find him on Twitter, LinkedIn, and Slideshare. He writes regularly on Medium and you can subscribe to his email newsletter, hi,tech.

Upgrade to Power Membership to continue your access to thousands of articles, toolkits, podcasts, lessons and much much more.
Become a Power Member

CPD points available

This content is eligible for CPD points. Please sign in if you wish to track this in your account.