Third-Party Cookies - No More

Subscribe to our monthly newsletter to get the latest updates in your inbox

Google Chrome announced on January 14, 2020, that they are going to completely phase out third-party cookies within two years. This announcement was seen as a surprise by some, but for many of us, it was viewed as inevitable. 

Increasing Speed of Changes

Starting with ITP 1.0 in 2017, where Apple started cracking down on cookies being used in a third-party context, we have seen significant changes. These were brought on by both technology changes and legislation that are reshaping not only our marketing tools and their underlying data, but our entire marketing ecosystem and industry.

Here are some of my highlights to show the speed at which this is happening:

  • 2017 
    • Safari ITP 1.0 
  • 2018
    • GDPR 
    • Safari ITP 2.0
    • DoubleClick User IDs redacted for European Economic Area
  • 2019
    • CCPA
    • Safari ITP 2.3
    • Chrome announces required SameSite updates
  • 2020
    • Q1 - Third-party cookie deprecation announcement
    • Q1 - Safari Technology Preview 99 blocks all third-party cookies
    • Q1 - Chrome SameSite updates take effect
    • Q3 - DoubleClick User IDs fully redacted

What This Means for Digital Marketing and Advertising

Simply put, third-party cookies are dead as of January 2022. With Chrome having the largest market share by far, any platform (not just marketing and advertising) that was using third-party cookies will have to be updated. Third-party cookies are not only fundamental to programmatic media, but also to solutions like single sign-on and cross-domain shopping carts.

The SameSite updates Chrome is releasing in February 2020 have already caused lots of confusion and produced complicated support pages from companies you probably had no idea were using third-party cookies. Take a look at the documentation from Microsoft Office, Shopify and Salesforce that illustrate these cookies are used for a variety of applications. In short, third-party cookies have been used by developers for a diverse set of applications, and all of your developers and vendors should be aware of the release and be making similar updates to these above examples if needed. They should also be prepared to make more updates because the cookieless world is in sight.

One aspect of a cookieless world that many may overlook is that it doesn’t just mean third-party cookies. First-party cookies have already started to experience disruption, starting with Safari ITP updates. As an example, the 2-year expiration is now 7-days and, even in some situations, 24 hours. 

Simo Ahava has started an amazing Cookie Status resource where you can see the differences and changes happening not just with cookies, but with storage and tracking across browsers. An immediate takeaway from looking at Simo’s comparison is that every browser has different ideas, restrictions and methods in place around user privacy. This reveals what the future might look like: each browser could, very well, have a different approach. We can already see this with Chrome’s privacy sandbox, which has very different ideas than Safari/Webkit’s privacy preserving ad attribution. These are both ideas being presented for collaboration and discussion, and it remains unclear what will end up being utilized, released and embraced in the future. Simply put, no one knows for sure what exactly will be in place in the next two years.

What You Can Do Now

While all of us wait to see what new changes are coming and how our platforms evolve with them, there are valuable actions that you can — and should — start with if you have not already. Here are four recommendations:

  1. Take Ownership and Responsibility of Your Data
  2. Ask Your Developers and Vendors about SameSite and Later Third-Party Cookies
  3. Get Comfortable with Privacy Sandboxes like Ads Data Hub
  4. Invest in First-Party Data

Taking ownership and responsibility for your data is critical. Take a look at the recent example from Grindr and OkCupid where GDPR complaints have been filed because of how sensitive users’ information was shared. Do you have a documented list of what data is being collected about your users and how that data is shared internally and externally? If not, start there.

SameSite is going live in February 2020 and it is very certain that a variety of things are going to break — like single sign-on, advertising integrations and more — because companies and their developers did not prepare properly. Ensure your developers and vendors are aware of the update and have checked that you’re not going to experience issues. Longer-term, you will need to ask these same questions, but with the focus on what breaks with no third-party cookies at all.

Ads Data Hub is one of our favorite new tools. It has been built for the changing landscape we are in now, where user IDs aren’t available in the same way as before, and is built around protecting user privacy. What is interesting is that some of Chrome's privacy sandbox proposals shared earlier align closely with how Ads Data Hub works. Most experts are seeing these types of solutions as integral parts of our marketing platforms moving forward.

The last recommendation is the most obvious. In the absence of third-party data that will dry up or get harder to obtain, first-party data only becomes more valuable. Make sure you follow these strategies and have solid data in a place where you have the accuracy, security and a scalable approach to make use of it.