Cookies were invented in the early days of the internet as a means for websites to remember users when they return. In short, a cookie is a text file stored on a machine that tells a website who the user is and any other pertinent information.
This information can be helpful to the website that originally “dropped” the cookie and can contain data on abandoned shopping carts, login information, behavior, and interests related to said website. When a website uses its own cookie for information on its own user, this is called a first-party cookie.
Third-party cookies emerged when organizations like DoubleClick (a company eventually acquired by Google) realized cookie technology could be leveraged beyond the first-party application and used to target interest and behavior-based advertising across the web.
Cookies quickly became the industry standard for tracking user behavior online. Cookie data would then be packaged and sold to advertisers looking to focus spending on targeted audiences displaying specific behavior.
The most direct third-party cookie targeting application is retargeting, which is when a user is shown ads that dynamically feature products or services they had been personally browsing.
Over the past several years there has been growing pressure from consumers and governments to reign in the digital media targeting landscape and data usage has been put under the microscope. Increased scrutiny over how websites and advertisers use third-party cookies has led industry leaders to begin seeking alternative methodologies.
Google announced in 2021 that Chrome, the most widely used web browser globally, would no longer support third-party cookies beginning in 2022. While this date has since been pushed back to 2024, Google still plans to deprecate this form of cookie targeting imminently by blocking the technology in Chrome.
The rollout will be gradual, with Google deactivating third-party cookies for 1% of Chrome users at the beginning of 2024, but the goal is to have the technology completely removed in the second half of the year (Tech Crunch).
While this change is significant, it is important to note that Google has access to its own first-party data. This includes data collected on all Google properties including Gmail, YouTube, and Google search – some of the most populous places on the internet. Google vows to align its ad targeting with leading privacy-centric practices, however, those elements are still a work in progress.
CCPA, CPRA, and other state-specific digital privacy regulations generally focus on protecting users' personal information and ensuring their consent is obtained for data collection and usage. The deprecation of cookies does not change the fundamental principles of these regulations.
Companies are still obligated to inform users about the data they collect, how it is used, and obtain explicit consent where required. Privacy regulations will continue to apply to any data collected, regardless of the method used.
Furthermore, privacy regulations are dynamic and adaptive to technological advancements. As the digital landscape evolves, these regulations are likely to address new tracking techniques and technologies to safeguard users' privacy.
The deprecation of cookies encourages the development of more privacy-centric practices in the digital ecosystem.
What does this mean for digital marketers?
Advertisers who have historically accessed audiences by purchasing third-party datasets reliant on cookie technology will have to adjust their media targeting strategy moving forward. MERGE recommends the strategies below to prepare for the deprecation of third-party cookies:
#1 – Establish a first-party data framework and strategy for your business.
First-party data can and is used to target opted-in users across the web. With a clear and complete privacy policy that communicates how and when first-party data will be used, advertisers are able to message many of their own online users. This data is collected directly from consumer transactions and by placing a pixel on the owned website, mobile app, product, or social channel.
#2 – Look into zero-party data collection to collect volunteer information.
Unlike first-party data, zero-party data is collected during direct digital conversations with a consumer, during which the consumer has expressly volunteered information about themselves via a loyalty program enrollment, quiz, survey, or preference questionnaire.
#3 – Understand Google’s Privacy Sandbox.
Google’s Privacy Sandbox is a collection of upcoming changes to Chrome and Android technology that will shepherd advertisers through the transition away from third-party cookies by providing aggregated but actionable data on user behavior. These integrations will, according to Google, help reach users with targeted messaging based on their behavioral data, while maintaining privacy on a user-level basis.
#4 – Explore the opportunities and limitations of alternative identity solutions.
While Google is certainly the leader in the ad tech space, there are other platforms and solutions at play. Many of these platforms are establishing their own unique user identifiers. For example, The Trade Desk and LiveRamp have come up with a solution with support from other ad tech partners called UID2 (Unified ID 2.0).
UID2 collects users' consent explicitly when the user shares their email address. A unique identifier is created that can be used to target advertising from other participating UID2 partners (publishers, advertisers, and DSPs.) The UID2 solution is based on a clear value exchange and relies on a belief that the user is willing to share their data in exchange for digital content.
Endemic solutions exist that are based on similar token or identifier-centered technologies which support long-term measurement solutions such as prescription lift studies.
#5 – Understand the feasibility and risk tolerance for your specific organization.
While there are ongoing conversations about where pixel-based technology and personalized advertising fit into the healthcare marketing landscape, it is clear that patient privacy must be protected. Organizations must work with their legal advisers to understand what types of data are considered PHI or PII and the level of risk they are exposed to by leveraging certain types of digital tracking and targeting technologies, from both a media and measurement standpoint.
While the deprecation of third-party cookies is a challenge, it does not represent the end of smart, targeted, digital media and measurement. A sophisticated approach to first-party data and a deep understanding of privacy and targeting solutions will make the transition more comfortable and calculated.
Does your digital marketing team need help implementing a first-party data strategy? The marketing experts at MERGE are here to help. Contact us today!