PART I – Losing the third-party cookie and what that means
On the 25th of May, 2018 a law came into effect that would very quickly put the spotlight on people’s privacy and data online. The General Data Protection Regulation (GDPR), while not being a new concept or even directly affecting people outside of the European Economic Area (EEA), consolidated previous legislation and added present-day understanding to address personal data ownership, processing and transfer rights. Since the enforcement of this regulation a number of other laws have been reformed or developed and implemented around the world, including the California Consumer Privacy Protection Act (CCPA) (California, United States) and the Act on the Protection of Personal Information (APPI) (Japan).
Since the release of these laws both companies and individuals have been in a state of adjustment. Companies, in this context divided into two not mutually-exclusive groups: Data Collector and Data Processor, needed to adopt new technologies such as Consent Management Platforms (CMP) and ensure full compliance to the laws. Individuals needed to bear with the change and endure the new experience online.
Concurrently, a different entity in the online world was also preparing for a major change… Web Browsers. Independent of the above mentioned laws but with data protection in mind, the Mozilla Corporation announced in September 2019 that the Firefox browser would start blocking all third-party cookies by default. Not long after, in March 2020, Apple Inc made the same decision with Safari. Google followed suit, announcing a commitment for Chrome by 2022. These changes have sparked a wider conversation of the privacy risks imposed by third-party cookies and have since spearheaded privacy innovation in the tech world.
Below you will find a high-level breakdown of the effects of losing third-party cookies.
To identify the effects of losing third-party cookies, it is important to first understand a cookies’ current role and added-value to you as a business. Cookies are nothing more than files stored on a web browser (e.g. triggered by a user opening a website). Those files may include some pieces of information like site preferences, but most importantly an identifier (not necessarily personal data). If that cookie is created by the site’s owner or publisher, it is classified as a first-party cookie and its data collection as “within the first-party context.” If that cookie is created by any other entity it is deemed as a third-party cookie. Most, if not all websites use a combination of the two for an incremental effect.
First-party cookies allow the owner of the site to “connect the dots” within their own, limited but valuable, ecosystem. This enables the domains owner to provide better accessibility and usability within the website experience itself. This includes remembering the users preferences and some simple forms of website personalization. With time first-party cookies will play a much larger role in the data world.
Third-party cookies take that same framework and scale it out to that specific third-party network and its use case. If it is an adserver, then that use case is delivering the right ads. If it is a Customer Experience Platform, then that use case is delivering personalized messages. The major difference being the data that these entities have and are able to connect to. It enables cross-site tracking, conversion attribution, behavioral analysis and much more at a very large scale and the only element at this time facilitating the connections are the third-party cookies.
Hypothetically speaking, if all third-party cookies were to disappear overnight, all of the above mentioned service providers would essentially lose their ability to identify the user and end up treating most, if not all, as “new” (i.e. a blank profile). At that moment the companies have to rely on other “sensors” to provide their services. Their range of service levels shrinks as the spectrum of identities limits itself to “new” and whatever profile they can scrape up. Their ability to communicate/sync with other third-party networks also becomes void and with it the scalability and incrementality.
All that being said, this is fortunately not how it is going down and there is quite some time still for you and your partners to prepare.
In part 2 of the ‘Data Privacy: Everything you Need to Know’ blog series, we’ll cover how to prepare for these effects of third party cookies deprecation and how to solve for specific lost functionalities. Watch this space for more on data privacy from ADARA.
Senior Product Manager