Website cookies serve a necessary function on the modern internet, but they remain largely misunderstood and have gained a bad reputation.
Websites can put small packets of data, called cookies, on a user's computer. These packets store information from a user's session on a given website so the website and its owners can retrieve that data later. This information can help companies and their advertising partners offer personalized user experiences. In addition to sites and site owners, third parties can access certain data for uses like targeted advertising.
What are cookies?
Cookies primarily help websites track users' visits and activity, so users likely experience them in practice every day. For example, if a user visits a website to check the weather by ZIP code, that site can populate the ZIP code automatically when the user visits next. Or if someone shops online and browses for certain items, they may receive targeted ads for that product or related products as they visit other websites on the same browser.
While cookies have several subsets, they essentially roll into two main categories: first party and third party. Both types contain the same information and perform the same function: tracking data. From a technical standpoint, they have no real difference. However, the ways that domains create and use each type differ.
What are first-party cookies?
What are third-party cookies?
As the name suggests, third-party cookies come from servers or domains different from the one a user is visiting. Third parties place them -- most commonly for advertising purposes -- onto the user's device through websites with scripts or tags that load the third party's code.
Also known as persistent cookies, these data packets remain on a website until an administrator takes them down, although users can disable cookie tracking on browsers they use. In addition to advertising, third parties use this data for services such as live chat, pop-ups from a different domain or buttons from social media platforms.
Do second-party cookies exist?
Data from first and third parties is more prevalent than second-party data, which tends to fall under the radar.
Second-party cookies include first-party data that one company creates and transfers to another as part of a data-sharing partnership, typically for advertising. For example, an airline can share first-party user data, such as name, email and site activity, with a car rental partner so the rental company can advertise its offerings to airline customers for the destination they searched.
However, many experts debate the validity of second-party cookies as they share first-party data.
Differences between first-party and third-party cookies
While first-party and third-party cookies are the same file type, marketers should know how they differ.
Creation and use. First-party cookies originate on the site a user visits to track engagement, like visits, clicks, pages viewed, personal data voluntarily submitted in site forms or items in a shopping cart. A domain or company separate from the domain the user is visiting generates third-party cookies. Marketing teams use this data for advertising or enabling certain third-party vendors' services.
While cookies won't necessarily infect a computer with malware, users should know which type a website uses. Most websites have a banner or some form of pop-up to notify users of their use of this data and the company's policies. Users can review those policies, control tracking on websites they visit and manage cookies stored on browsers.
Good vs. bad. Third-party cookies get a particularly bad rap, as marketers mainly use them for advertising. As a result, many organizations have turned or plan to turn away from this data.
The future of first-party and third-party cookies
Regulators and consumers have applied pressure to protect online privacy, and many employees within large tech organizations have blocked third-party cookies on their websites. Apple's Safari and Mozilla's Firefox browsers already block them by default, and in June 2021, Google announced its plans to phase out third-party cookies on Chrome. Unfortunately, those plans have faced several delays, and the current projected target date is sometime in 2024.
If they haven’t already, advertisers and publishers need to explore alternative marketing strategies as the end of third-party cookies is fast approaching.