Browse Definitions :

Getty Images/iStockphoto

The death of third-party cookies: What marketers need to know

Marketers need to revisit their marketing strategies now before third-party cookies disappear forever. Here's what you need to know.

Cookies have enabled the growth and success of many marketing and sales efforts across the internet.

In the physical world, marketers rarely -- if ever -- knew exactly how many people actually looked at an advertisement. But internet cookies have enabled marketers to identify if a user has previously visited a site, along with other customer data points.

Cookies have also enabled marketers to deliver more targeted and relevant ads to users. Instead of a generic display ad, cookies can enable delivery of ads that are more attractive to specific users.

Advertisers have relied on third-party cookies since the 1990s. But third-party cookies in the marketing landscape may soon come to an end, due to security and privacy concerns.

What are third-party cookies?

A cookie is a small amount of data that is stored in a user's web browser. It can track if a user has visited a website before, login information or other user behavior attributes. Cookies can also improve user experience and collect a limited amount of customer data.

For web browsers, there are two foundational types of cookies: a first-party cookie and a third-party cookie.

A first-party cookie is set and accessed by the same website the user is visiting. It is also sometimes referred to as a SameSite cookie. First-party cookies help with personalization for the specific site a user is visiting.

A third-party cookie is set and accessed by a different entity than the local domain or website the user is browsing. A third-party cookie can help to track users across multiple sites to better understand user behavior beyond a single site. Marketers and social media platforms often use third-party cookies for advertising purposes.

First-party cookie vs. third-party cookie graphic
Here are the differences between first-party cookies and third-party cookies.

Google postpones death of third-party cookies

While third-party cookies are a good thing for marketers, the same cannot be said for user privacy. Third-party cookies have long been viewed as a tracking mechanism that can potentially violate user privacy.

While generally safe, third-party cookies could potentially represent a security risk. For example, there could be user risk if the cookie is not properly secured, if data includes personally identifiable information or if the data is shared without authorization.

In August 2019, Google announced a plan to block and disable third-party cookies in its Chrome browser. Then in January 2020, Google's Privacy Sandbox project was unveiled. The intent was to bring in a more privacy-sensitive approach than third-party cookies. At that point, Google expected to declare third-party cookies dead by 2022.

On June 24, 2021, Google gave third-party cookies a stay of execution. The transition to a different technology wouldn't be complete until at least 2023. The delay was due, in part, to an ongoing investigation by the European Union into Google's advertising activities. The United Kingdom's Competition and Markets Authority is also investigating Google's Privacy Sandbox plans.

Why businesses need to create a new marketing strategy now

To comply with privacy regulations -- including General Data Protection Regulation and California Consumer Privacy Act -- website operators have had to identify when third-party cookies are used and ask users to allow them.

The need to allow cookies creates a friction point for some users when they don't allow cookies. Without cookies, marketers may not be able to accurately deliver targeted digital advertising. So, even in the absence of an outright ban on third-party cookies, users need to opt-in to allow them, which not all users will do.

There is also a growing use of ad blockers inside browsers, including Google Chrome. Ad blockers often rely on blocking third-party cookies to be effective.

It's no longer a good strategy for marketers to rely on third-party cookies, as they did during the early days of the internet. It is necessary for marketers to have an alternative online advertising and marketing strategy.

Alternatives to using third-party cookies graphic
Instead of using third-party cookies, here are some alternatives to help with targeted advertising.

Alternatives to third-party cookies

There are alternatives to third-party cookies that can help with online marketing efforts.

One of the primary hurdles behind the death of third-party cookies is the delay in Google's suggested replacement, known as Federated Learning of Cohorts (FLoC). FLoC's premise is that privacy can be protected by clustering groups of users together by interests. It would hide individual users and enable advertisers to reach an appropriate audience. FLoC is positioned by Google as a potential industry standard.

However, FLoC isn't the only alternative to third-party cookies. Here are some others:

  • First-party cookies. While third-party cookies may not be around for long, there is no indication that first-party cookies are going away. With a first-party cookie, the origin site can still collect and understand customer data that it can use to improve user experience.
  • Zero-party data. The concept of zero-party data is one where users voluntarily provide information to a site or platform.
  • Identification (ID) providers. With ID providers, users opt into a service, giving permission to provide information about themselves to marketers. There are also ongoing efforts to develop email address-based identity associations known as unified identifiers (UID 2.0). This would help users opt into an approach allowing marketers to identify some of their activities.
  • Device fingerprinting. This method enables a site operator or marketer to collect information about a user's device or browser. Device fingerprinting makes it possible to profile a device and its usage for more targeted marketing.
  • Contextual targeting. Also known as contextual marketing, this approach relies on the context of the site the user is visiting. For example, if a user is on a site searching for a keyboard, they will be shown advertisements about keyboards.

Read more on tips for creating a personalized marketing strategy here.

Dig Deeper on Internet technologies

  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

  • browser hijacker (browser hijacking)

    A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user ...

  • Kerberos

    Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the ...

  • promiscuous mode

    In computer networking, promiscuous mode is a mode of operation, as well as a security, monitoring and administration technique.

  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

  • bare-metal restore

    A bare-metal restore (also referred to as bare-metal recovery or bare-metal backup) is a data recovery and restoration process ...

  • mSATA SSD (mSATA solid-state drive)

    An mSATA SSD is a solid-state drive (SSD) that conforms to the mSATA interface specification developed by the Serial ATA (SATA) ...

  • network-attached storage (NAS)

    Network-attached storage (NAS) is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve...