third-party cookies

Third-Party Cookies: Then and Now

Trish Manrique Ad Ops

The great cookie countdown: What’s next for advertising without third-party cookies? How publishers are planning for the end of the third-party cookie The third-party browser tracking cookie is dead. What’s next?

These are just a few headlines you may have come across since the slow death of the third-party cookie, which began as early as 2017. It started when Apple announced that its new tool, Intelligent Tracking Prevention (ITP), would identify and block third-party cookies. Mozilla Firefox followed suit by launching Enhanced Tracking Protection (ETP) which is enabled by default and blocks third-party cookies. Both Apple and Mozilla implemented these measures on the basis of protecting users’ privacy.

It therefore, wasn’t much of a surprise when earlier this year Google announced they’re planning to phase out third-party cookies by 2022. With a majority of users on Google Chrome (68.11% on desktop and 61.52% on mobile), Google’s decision to pivot to privacy sent waves of panic across several industries including marketing, advertising, and Ad Tech. Google’s decision is based on users “demanding greater privacy—including transparency, choice, and control over how their data is used.”

What is a third-party cookie?

Third-party cookies are created by domains other than the one the user is visiting. For example, when you visit website.com and browse their pages, website.com creates a first-party cookie. Like most publishers, website.com uses online ads to monetize its content—the third-party advertising provider also creates a cookie (ads.example.net). As these cookies are not created by website.com, but by the advertising provider, they are classified as third-party cookies. 

There are a number of third-party service providers that leave cookies in a user’s browser such as:

Ad retargeting services 

This involves following users (who have previously visited your website) around the web and showing them ads for any products or services they’ve viewed or interacted with previously. 

Social media buttons 

The social media sites that these cookies come from can track the user’s visit to your website and send the user relevant ads when the user goes back to these social media sites.

Live chat pop-ups 

Live-chat services leave a cookie in the user’s browser to streamline the user experience, by identifying the user and upon the user’s return, remember the user and their conversation history.

What are the differences between first-party and third-party cookies?

A first-party cookie is created by the host domain that the user is visiting. This type of cookie enables the browser to remember key pieces of information about a user, like their shopping cart, usernames and passwords, or language preferences. 

Considering the variety of applications cookies have, they don’t just benefit advertisers and marketers. Using cookies has a big impact on user experience by allowing web browsing to become more convenient and personalized, and much more appealing to use. 

Refer to the chart below to clarify the differences between first-party and third-party cookies.

How do SameSite attributes impact third-party cookies?

With the release of Chrome 80 in February 2020, Google began enforcing a new cookie classification system, specifically the SameSite attribute. This attribute tells browsers when and how to fire cookies in first- or third-party situations. The new system treats cookies that have no declared SameSite value as “SameSite=Lax” cookies. ‘Lax’ enables only first-party cookies to be sent and accessed. Only cookies set as “SameSite=None; Secure” are available in third-party contexts, provided they are being accessed from secure connections. ‘None’ signals that the cookie data can be shared with third parties/external sites. 

An example of how this would impact publishers is the loss of revenue from reduced buyer spend. Previously, SameSite attributes defaulted to “SameSite=None” which would be available to third-party sharing. Without implementing these attribute changes, advertisers could lose access to this data that helps their business with retargeting and other initiatives. The lack of ability to conduct retargeting campaigns would cause buyers to reduce ad spend which would result in reduced revenue for publishers.

On April 3, 2020, Google announced a temporary pause on its enforcement of SameSite cookie labelling in Chrome 80. It’s expected to resume this summer. 

History of cookies

How does this impact publishers?

Terminating third-party cookies alters how internet tracking and targeting works. How? Third-party cookies are what allow advertisers to track a user’s interactions with their ads from page to page across the internet. They make it easier for advertisers to serve an ad for the same thing to the same user, multiple times—and stats show that brands with more digital touch points are more likely to be selected by consumers.

Advertisers are already finding it difficult to collect the kind of data that was previously available before the General Data Protection Regulation (GDPR) in 2018 and the California Consumer Privacy Act (CCPA) which comes into effect in July 2020. The disabling of the third-party cookie stands to further weaken advertisers’ ability to target their desired demographics. This means a potential decrease in overall revenue for them. We can expect a trickle-down effect throughout the entire Ad Tech ecosystem—which will include advertisers, Ad Tech vendors (SSPs, DSPs, etc.), and ultimately, publishers. Because if advertisers are making less money from their advertisements due to less specificity to the consumer, then this will make advertisers less apt to spend top dollar for an ad slot.

According to DigiDay and Permutive, publishers stand to lose 52% of their programmatic ad revenue without third-party targeting. So if publishers want to continue seeing the revenue that they’re used to seeing, they’re going to need to find a way to reduce their reliance on third-party cookies. Publishers can maximize the usage of the first-party cookie.

What’s next for publishers?

Today, browsers are already blocking up to 40% of publisher traffic. The Ad Tech industry must build a new and sustainable replacement for third-party cookies. The replacement should combine consumer trust and consumers’ ability to understand and control their data. Some publishers are using first-party cookies combined with fingerprinting and link decoration as an alternative to third-party cookies. These current alternatives seem to only be temporary.

The most viable alternative to third-party cookies may be browser API proposals found in Chrome’s Privacy Sandbox. These proposals are intended to provide alternatives to basic advertising functionality like targeting, frequency capping, conversion tracking, reporting, fraud detection, and so on. Right now, these proposals are just that – suggestions put forward for consideration and discussion. 

What we know is that it’s going to be up to publishers and Ad Tech vendors to provide value and optimal user experience to consumers who are willing to share their data. It’s also important that publishers engage in discussions with their Ad Tech vendors. By doing so, they can share what they see for the future of cookies. Lastly, we must look to Google and other large players. They have key roles in determining where, as an industry, we go from here and how we prepare for what may come. 

––––––––––––––––

Stay tuned! We’ll be continuously updating this blog to keep you up to date. Have questions about what this means for you? Let Sortable help. Reach out to our team at hello@sortable.com