What Google’s third-party cookie U-turn means for marketers

What are third-party cookies?

A cookie is a small amount of data that is stored in a user's web browser. It can track if a user has visited a website before, login information or other user behavior attributes. Cookies can also improve user experience and collect a limited amount of customer data.

For web browsers, there are two foundational types of cookies: a first-party cookie and a third-party cookie.

A first-party cookie is set and accessed by the same website the user is visiting. It is also sometimes referred to as a SameSite cookie. First-party cookies help with personalization for the specific site a user is visiting.

A third-party cookie is set and accessed by a different entity than the local domain or website the user is browsing. A third-party cookie can help to track users across multiple sites to better understand user behavior beyond a single site. Marketers and social media platforms often use third-party cookies for advertising purposes.

Google decides not to kill third-party cookies

On July 22, 2024, Google announced it would cancel plans to kill third-party cookies in its browser. The company stated this decision was made after testing and deciding the transition required “significant work by many participants” and would affect all companies involved with online advertising, including publishers.

Instead of removing third-party cookies, Google plans to introduce a new experience in Chrome that allows people to make a choice in their web browsing and adjust options at any time.

While third-party cookies are a good thing for marketers, the same cannot be said for user privacy. Third-party cookies have long been viewed as a tracking mechanism that can potentially violate user privacy. Users may opt out of third-party cookies with Google’s Privacy Sandbox.

While generally safe, third-party cookies could potentially represent a security risk. For example, there could be user risk if the cookie is not properly secured, if data includes personally identifiable information or other forms of personal data, and if the data is shared without authorization.

Major tech companies and browser vendors including Apple, Mozilla and Google have all announced initiatives to phase out support for third-party cookies over time. Apple's Safari and Mozilla's Firefox browsers have already blocked third-party cookies by default. 

Google has said it would end support for cookies for years, but it has changed plans and made delays along the way.

In August 2019, Google announced a plan to block and disable third-party cookies in its Chrome browser. Then in January 2020, Google's Privacy Sandbox project was unveiled. The intent was to bring in a more privacy-sensitive approach than third-party cookies. At that point, Google expected to declare third-party cookies dead by 2022. As it turns out, the 2022 deadline was never met and Google has repeatedly delayed the ultimate demise of third-party cookies.

On June 24, 2021, Google gave third-party cookies an initial stay of execution, delaying the transition to 2023. The delay has since been extended several times.

In January 2024, Google began to phase out some third-party cookies with the introduction of the Tracking Protection feature -- part of the Privacy Sandbox feature in Chrome. The feature was initially rolled out to 1% of Chrome users with the idea that all users would get it by the end of 2024.

In April 2024, Google announced that it delayed plans again and would not be able to complete the process by the end of 2024.

Among discussions with regulators is an ongoing investigation by the European Union into Google's advertising activities. The United Kingdom's Competition and Markets Authority is also investigating Google's Privacy Sandbox plans, including the latest updates announced in July 2024.

Why businesses need to create a new marketing strategy now

With the Privacy Sandbox, Chrome users have a choice to opt out of third-party cookies, so businesses still need to make plans to target customers without cookies.

To comply with privacy laws and regulations -- including General Data Protection Regulation and California Consumer Privacy Act -- website operators have had to identify when third-party cookies are used and ask users to allow them.

The need to allow cookies creates a friction point for some users when they don't allow cookies. Without cookies, marketers may not be able to accurately deliver targeted digital advertising. So, even in the absence of an outright ban on third-party cookies, users need to opt-in to allow them, which not all users will do.

There is also a growing use of ad blockers inside browsers, including Google Chrome. Ad blockers often rely on blocking third-party cookies to be effective.

It's no longer a good strategy for marketers to rely on third-party cookies, as they did during the early days of the internet. It is necessary for marketers to have an alternative online advertising and marketing strategy.

Alternatives to third-party cookies

There are alternatives to third-party cookies that can help with online marketing efforts if users opt out of cookies. One method includes Google’s Privacy Sandbox, which has less personalized APIs than third-party cookies but still lets marketers to target consumers. For example, the API will record user browser activity based on interest but not reveal other information, so if users look at chairs, they may see all forms of furniture or home products on the ad tech platform.

Other alternatives to third-party cookies include the following:

• First-party cookies. While third-party cookies may not be around for long, there is no indication that first-party cookies are going away. With a first-party cookie, the origin site can still collect and understand customer data that it can use to improve user experience. This data collected directly from a company's own sources is known as first-party data.
• Zero-party data. The concept of zero-party data is one where users voluntarily provide information to a site or platform.
• Identification (ID) providers. With ID providers, users opt into a service, giving permission to provide information about themselves to marketers. There are also ongoing efforts to develop email address-based identity associations known as unified identifiers (UID 2.0).
• Authenticated traffic solutions. ATS enables publishers and advertisers to identify users through direct authentication methods -- such as logins -- in a privacy-compliant manner. As third-party cookie tracking declines, ad tech platforms that use alternative user identification methods are becoming increasingly important for marketers.
• Device fingerprinting. This method enables a site operator or marketer to collect information about a user's device or browser. device fingerprinting makes it possible to profile a device and its usage for more targeted marketing.
• Contextual targeting. Also known as contextual marketing, this approach relies on the context of the site the user is visiting. For example, if a user is on a site searching for a keyboard, they will be shown advertisements about keyboards.
• Tracking pixels. Tracking pixels serve as an alternative to third-party cookies by providing a different method for tracking user behavior. Tracking pixels collect data from users when they visit a webpage and then deliver this data directly to a server.

Read more on tips for creating a personalized marketing strategy here.