In 2020, Google first announced its intent to phased out support for third-party cookies in the browser.
Update (July 22, 2024): Google has announced plans to rollback the deprecation of third-party cookies in the Chrome browser. In a blog post, Anthony Chavez,
VP of Privacy Sandbox announced the changes: "In light of this, we are proposing an updated approach that elevates user choice. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time. We're discussing this new path with regulators, and will engage with the industry as we roll this out."
Since then, marketing teams of all sizes have been trying to wrap their heads around what the impact of this change will be, how to address it in their marketing programs, and how they can rethink their end-to-end digital programs to better future proof their efforts.
Lucky for you, Google has once again hit pause on their third-party cookie drop date, writing in a statement posted to their website on April 23, 2024:
“We recognize that there are ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers, and will continue to engage closely with the entire ecosystem.”
Instead, the deprecation date has now moved to roughly the “second half of Q4.”
While marketers may be rejoicing at yet another pause, the best teams remain ready for what’s to come in the future. So for those who have been reluctant to prepare for cookie deprecation — or those just looking to make sense of it all — we’re here to help.
Below, read on to better understand the various types of digital cookies, learn more about how Google’s proposed changes will impact marketing and website teams, and explore some best practices for continuing to engage with your customers online in a meaningful way in a post-cookie world.
What are third-party cookies?
First, a quick reminder: a cookie is a little file that a website tells your browser to put on your computer. The info in that file can then be read by websites later on. Two common use cases for cookies are for keeping you logged in to a site and maintaining a shopping cart. (Fun fact: the inventor of the browser cookie was also the first to implement animated GIFs in browsers.)
A third-party cookie is one that comes from a domain different from the one that’s being viewed, such as an ad network. Any page on any site that calls the same cookie can read or modify the data in that cookie. Sometimes, they’re known as tracking cookies.
Third-party cookies have made life easier for marketers. By tapping into existing networks with extensive tracking, you can leverage a lot of data to laser-focus your ads. Once you have them on your site, there’s little effort required to set up retargeting ads, making attribution a breeze because the same cookie can load on the page where an ad is clicked — as well as on your landing page.
Third-party cookies, however, can cause privacy issues
There’s nothing inherently bad about third-party cookies. In fact, beyond ads, they can be convenient for use cases like maintaining a logged-in state across multiple sites. However, they can ingest a ton of users’ online behavioral data, which in return, may expose sensitive or even private details about a person’s identity, interests, and beliefs.
Additionally a lot of users and consumers find the practice of hyper-targeting intrusive. In fact, 58% of consumers recently surveyed state retargeting ads derived from third-party cookie tracking are “creepy.” As a result, consumer sentiment has shifted toward an online experience where companies do not collect so much information about them or anyone else (or at least where they are paid for it since so much of user data has been sold over the years, and people are rarely actually paid for wholesale transactions involving their own data).
What are first-party cookies?
By contrast, first-party cookies are generated by and for a particular website. Within the marketer’s suite, these cookies are typically provided by your analytics, CRM, and other platforms to be served up exclusively on your domain. When you (or your dev team) copies a bit of JavaScript from a platform into a page template, chances are it’s to load a cookie.
Many first-party cookies can accomplish a lot of what used to be done with third-party cookies. For instance, Facebook gives each site its own cookie and aggregates data on the back end so the system still knows to serve you ads for things you’ve recently browsed the internet for. The difference is that Facebook doesn’t allow an individual site to know exactly who you are.*
What about those accept-our-cookies modals?
Until recently, the only way to control which cookies you accepted was to fiddle with your browser settings or install an extension. Most people didn’t bother.
Legislation in the past few years, most notably the EU’s General Data Protection Regulation (GDPR) the California Consumer Privacy Act (CCPA), has led to new rules that require informed consent for cookies beyond what’s “necessary” for running the site. That’s why now, practically every website you visit serves you a popup modal or bottom banner asking for cookie consent.
This consent is required for both first- and third-party cookies. So what’s the problem?
Google decided it’s time to wave goodbye to third-party cookies
In 2020, Google announced that its Chrome browser would no longer have third-party cookies allowed by default. (We won’t get into why, but here are some articles if you’re looking for further reading). Safari and Firefox, among other browsers, had already started restricting them, but with 65% of the global browser market share, when Google sets a policy for the Chrome browser, it essentially forces the whole Internet to comply.
Google’s alternative, Privacy Sandbox, is a program to develop a set of APIs that allow marketers to get relevant and personalized ads in front of the right audiences while shielding users’ identifying information.
There’s a ton more to unpack with Privacy Sandbox, but one part that blows our mind is the obliquely named Protected Audience API, which allows ad auctions to be run within the browser.
However, the plan is still in beta
They said it’d be done in two years. Four years later, it’s been delayed — again.
In January 2024, Chrome finally turned on its anti-third-party cookie feature, Tracking Protection, to 1% of users. But there’s at least one more potential hangup. The UK’s Competition and Markets Authority is concerned that Privacy Sandbox could favor Google’s own ad business, and in February insisted that Google needs to resolve some outstanding issues before it’d be approved to finish the rollout.
Will this be resolved before the second half of the year, when Google has said it will deploy the new policy to everyone? Will other new factors and setbacks emerge? Time will tell.
How marketing and web teams can prepare for third-party cookie deprecation
When a browser blocks third-party cookies, a range of outcomes is possible. Sometimes there are little-to-no consequences. Other times, the user experience is massively impacted. And in many instances, it mucks up the well-oiled machinery of advertising.
Start preparing for cookiepocalpyse
An easy way to test if you’ve amply prepared for third-party cookie deprecation is by following these steps:
- Open up Chrome and follow these instructions to opt in to blocking third-party cookies.
- Browse your site, and see what happens.
- If the end user experience looks different, it’s probably time to get in touch with a dev to identify the offending cookie(s).
If you buy or host online ads, there’s more to do.
Think about the ad networks you participate in
Understand their approach to the third-party cookie phaseout. Just as with other major tech transitions, even if someone else is doing the heavy lifting, it often requires some small but important adjustments on the client’s side. (Remember the Google Analytics crossover?)
Use this as an opportunity to expand your marketing playbook
If you rely heavily on retargeting, channel attribution, or just about anything else that programmatically places your brand across the web, this should especially ring true. Even though Google and others are putting in work to replicate the convenience and power of third-party cookies while preserving privacy, the technology is not yet complete nor fully proven.
A few strategies marketers can explore:
- Collect zero-party and first-party data to directly own vital information about your site visitors and audience.
- Diversify the marketing channels you activate on, such as leaning into driving organic traffic through SEO or publishing relevant content through different stages of the conversion funnel to help attract the right audience.
- Personalize email campaigns for existing customers based on what first-party data you do know about them.
- Include UTM parameters in marketing campaigns to better identify the source of user sessions.
We know change isn’t always fun, but as marketers, staying ahead of the curve and future proofing your digital strategy is an investment in your overall business health. By getting started today and taking time to audit your web strategy, you’re taking an important step in protecting and enabling a better end-user experience — and you’ll be thankful when the day new policies and guidelines do go into effect.
*Note: Webflow does not place any cookies—third-party or otherwise—on sites hosted on our platform. Our customers add them on their own.
Discover key challenges today's marketing teams are facing, as well as opportunities for businesses in 2024.