Google recently surprised the ad industry by announcing its intention to rid Chrome, the web’s most popular browser, of all third-party tracking cookies. These cookies power advertising software from analytics to programmatic buying. They’re responsible for hyper-relevant personalization, so why are they phasing them out?
What are tracking cookies?
Cookies are files that store information about a website visitor in the browser they’re using. They’re used to track behavior on websites and deliver relevant advertising. Advertisers can track the websites a user visits, their location, how long they visit a particular website, and much more to create the most personalized ad experience possible.
What is the difference between first, second, and third-party tracking cookies
Tracking on the web isn’t powered by just one generic type of cookie. Most advertisers are familiar with these two kinds:
- First-party cookies refer to information stored by the domain the user is visiting. First-party cookies can include information about the user’s language settings, on-site behavior, shopping preferences, login information, and more. They’re used to provide a good user experience.
- Third-party tracking cookies are similar to first-party cookies, but they’re created by a different domain than the one the user is visiting. They enable user information to be passed between software, as seen in the use of retargeting, for example.
Here’s a helpful chart for differentiating between the two most common types of cookies, first and third-party:
Aside from these two, there is one more type of cookie, but it’s not nearly as common. Second-party cookies are similar to third party cookies, but they’re more regulated in the way they’re collected and shared. To take advantage of these involves contacting the company they’re generated by, and brokering a private arrangement.
Why third-party tracking cookies are being removed from Chrome
Cookies have been a major part of the news for the last few years. The major reason? User privacy. Repeated leaks from major platforms like Facebook, along with questionable data management from the many websites that rely on advertising, have forced regulators to explore methods of protecting user privacy.
The General Data Protection Regulation (GDPR) was the first to define cookies as personal information.
It threatened major fines on companies that did not properly manage the information of web users in the EU. Since then, a few violators have paid the price.
One of those companies, Google, has decided to take regulation of third-party tracking cookies a step further. In August 2019, the company introduced a proposal for its Privacy Sandbox Project: a set of standards which would focus on protecting user privacy while enabling fraud protection, conversion measurement, and ad services. To that end, they’ve committed to ridding Chrome of third-party trackers. Justin Schul says:
After initial dialogue with the web community, we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete. Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.
In the span of two years, Google hopes to completely rid Chrome, the web’s most popular browser with 56% of internet users, of third-party tracking cookies that threaten privacy:
How does banning third-party cookies affect users and advertisers?
For Google, the commitment to ridding Chrome of third-party cookies is new. But, it’s not for other browsers. Safari, which claims 18% of internet users, has already blocked third-party cookies. But, when advertisers started developing ways to circumvent Safari’s blockers, the browser blocked cookies altogether. Google claims this strategy is too extreme:
Users are demanding greater privacy--including transparency, choice, and control over how their data is used--and it’s clear the web ecosystem needs to evolve to meet these increasing demands. Some browsers have reacted to these concerns by blocking third-party cookies, but we believe this has unintended consequences that can negatively impact both users and the web ecosystem. By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control.
Much of the advertising ecosystem still relies on third-party cookies, so much so that they’ve been called “the backbone” of programmatic advertising. Says Stefano Mazzalai, Director of Marketing Operations at Instapage:
This is a problem for tracking and attribution in general, as 3rd party providers will have a hard time tracking web activities and send back that information to the advertising platform. The good news is that there are alternative methods (such as making targeting more contextual for example - there are a few exciting companies in that space right now), as well as cookies that are more compliant (2nd-party cookies, which have a more strict data collection process as it's agreed beforehand between providers). So it will be a matter of finding alternative methods for tracking or just tracking less.
Bigger companies are better equipped to handle the loss of third-party trackers, but smaller startups that rely on PPC will have a harder time adjusting. Immediately ridding the web of all third-party tracking could leave some desperate for a workaround similar to the one advertisers found for Safari. And that could end poorly for users.
Potential alternatives, good and bad
One alternative, known as device fingerprinting, tracks users by certain characteristics of the device they’re using, and how it interacts with sites across the web. But it’s known for being far more invasive. So are DNS records or deep packet inspections, which have been used by internet service providers, like Verizon, initially without letting visitors know or opt-out.
So, instead of all-out blocking third-party cookies, Google claims they’re committed to working toward a solution for advertisers, publishers, and users, too. These solutions are targeting technologies that enable tactics similar to what third-party trackers do.
They won’t be able to target visitors 1:1, but they’ll be able to personalize closely through technology like Google’s federation of learning cohorts (FLoC), which could deliver targeted ads to thousands of people with similar interests. Messages will be personalized enough to be relevant, and advertisers will be able to track conversions, but individual targeting won’t be possible.
The specifics of the plan are still up in the air. But many question whether Google can be trusted to regulate something that’s such a major part of its business. Since most traffic already comes through Chrome, Google has access to a trove of first-party data, and by eliminating third-party cookies, they stand to gain greater control of it.
Already, the Association of National Advertisers and the American Association of Advertising Agencies have released a statement in opposition to Google’s plan:
Google's decision to block third-party cookies in Chrome could have major competitive impacts for digital businesses, consumer services, and technological innovation. It would threaten to substantially disrupt much of the infrastructure of today's Internet without providing any viable alternative, and it may choke off the economic oxygen from advertising that startups and emerging companies need to survive.
We are deeply disappointed that Google would unilaterally declare such a major change without prior careful consultation across the digital and advertising industries. We intend to work with stakeholders and policymakers to ensure that there are practical and competitive alternatives available before Google's planned change fully taking effect. We will also collaborate with Google in this effort, so we can all ensure the digital advertising marketplace continues to be competitive and efficient.
In the interim, we strongly urge Google to publicly and quickly commit to not imposing this moratorium on third party cookies until effective and meaningful alternatives are available.
Start creating personalized experiences
Starting in February 2020, Chrome will start limiting insecure cross-site tracking by treating cookies that don’t specifically label themselves “first-party” as “third-party,” and require they be accessed over HTTPS. They’ll also launch anti-fingerprinting measures and covert tracking workarounds later this year.