Cookie Monsters: The Death of Third-Party Cookies (And What It Means For Publishers)

January 2024

A lot happened in 2020 — like, a lot a lot. And one of the most-important things that has happened to online marketing in decades happened in 2020 as well: Google announced the end to third-party cookies, due to mounting concerns about privacy around the Web and around the world. More-importantly still, they announced they "wouldn't be working on "alternate identifiers to track individuals as they browse across the web, nor will we use them in our products."

So not only are third-party cookies going away, but there’s no simple 1:1 replacement in the offing.

This has been the case for a long time, made longer by Google repeatedly opting to kick the can. At the time of the original announcement, third-party cookies were to be deprecated sometime within the subsequent two years. In 2022, however, Google moved that deadline to 2023, and in 2023 they moved it to 2024, ceding to requests for "more time" to prepare for the looming cookie apocalypse.

This won’t continue forever, though, and the sooner publishers prepare to operate without cookies, the better-positioned they’ll be to stake out their territory on this evolved landscape. It’s better to do that work now, while third-party cookies are still in place as a safety net, than to try and figure it out on the fly once they’re truly gone.

So, let’s break it down:

Cookies 101

Cookies are, as you are almost certainly aware, a small data packet stored by a website on a user’s computer. Originally invented for Netscape Navigator in 1992, cookies allowed browsers to track users and customize their browsing experience - if you’ve ever hopped onto a store’s website after a long absence only to discover that there are three items in the shopping cart from your last visit, a cookie held onto that for you.

But rather than personalization or authentication cookies, when we talk about the “death of third-party cookies,” what we’re actually referring to is a specific form of cookie called a tracking cookie, specifically the third-party variety.

First-party cookies are used internally by websites to keep track of your visits and activity, shopping carts, closest store location, etc. These are a useful feature and aren’t going away.

Third-party cookies are also tracking your browsing behavior, but they stick with you after you depart the original site, building a profile of you as a consumer. Even without identifying information, these cookies have long been seen as an invasion of privacy.

The only reason third-party tracking cookies have been allowed to persist for as long as they have is, well, they’re very useful, particularly for online businesses. Over time, these cookies allow you to build sophisticated user profiles, drawing connections between different data points about habits, location, demographics, and more.

For years, privacy advocates have been pushing for companies to collect less data about consumers, and some countries have begun imposing legal sanctions to that effect. If you’ve been wondering, for example, why so many websites have a pop-up asking for permission to allow cookies, it’s because the European Union passed a law to that effect. The European General Data Protection Regulation (GDPR) - which became enforceable in May 2018 - requires all multinational companies to provide an opt-in to give users more control over their data.

Beyond that, though, cookies are becoming demonstrably less-useful over time. Cookies only work on the device where they were downloaded — meaning that rather than a unified profile, a user’s cellphone, laptop, desktop, iPad, and work computer will all collect data separately. So if a user, say, spends all day researching a product on their cellphone but then buys it on their laptop, your conversion isn’t attributable to the correct place, and you might not allocate your ad dollars effectively as a result. Plus, each device reads as a separate person, which means duplicate users will each be counted as unique site visitors.

All of this amounts to the same thing: we need alternatives to third-party cookies, and the sooner you get this squared away, the better. And we know that’s a daunting task: according to a survey, 41% of marketers believe the loss of these cookies will be their biggest challenge in the coming years.

Alternatives To Third-Party Cookies

In real life, there may come a time (and often that time is January 1st) when you look in a mirror and decide you’ve had altogether too many cookies. You’re in luck: supermarket shelves are full of healthier alternatives.

This is similarly true of third-party cookies in cyberspace: when the time comes to abandon cookies, there are several alternatives available. Just like their healthy real-world counterparts, however, these cookie alternatives are often a little less sweet and a little bit tougher to swallow. But, if you choose the options that work for you, you can find yourself in better shape than when you started.

Device Fingerprinting

We’re only bringing this one up so that we can explain why this isn’t the alternative for you. Device fingerprinting is a way to follow customers around the internet by sort of triangulating a bunch of other bits of information together, like location data, operating systems, time zones, and more. This allows marketers to create a portrait of you as an individual browser, and it functions a lot like third-party cookies.

So much so, in fact, that Google intends for this functionality to be phased out as part of their Privacy Sandbox initiative just like third-party cookies are. Whether the other tech giants follow suit is basically moot, as Google is large enough by itself that without their support, Device Fingerprinting is definitely not the future of marketing.

Universal IDs

While it may seem daunting now, Google’s delay in phasing out third-party cookies has left plenty of time for alternatives to be concocted, tested, and implemented — so if you start working now, your business will thrive with or without cookies.

There are a few different types of universal IDs, as it’s something people are still trying to get right, but a universal ID is a single identifier assigned to each user that’s then passed on to other approved partners within the system. Universal IDs were introduced as an alternative to third-party cookies, which lacked standardization.

This results in better user data and higher ad prices but keeps the user data anonymized to the broader internet. A few of these Universal ID systems do still rely on third-party data, however, so they’ll need to undergo some pretty broad changes when the time comes, or they’ll have to phase out. There are, however, some UID systems that rely entirely on first-party data collection.

Enhanced Conversions for Web

Depending on your website, you may find yourself with opportunities to collect first-party data at the moment a customer converts: things like e-mail addresses, names, phone numbers, and locations. With Enhanced Conversions for Web, you can then send that information to Google in a one-way hashed form, which is then matched to Google accounts, which were signed in at the time. This will help increase the accuracy and value of your conversion data.

Seller-Defined Audiences

File this under “one to watch:” Seller-defined audiences allow publishers to create and sell targetable audiences, but keep the identifiable user data to themselves without sharing that outside. Basically, once you’ve gathered enough data on your own audience through the use of first-party cookies, you can package that audience by demographics or other categories and sell access to that audience as a commodity. Since the data is only collected through first-party means, and the identifier data isn’t passed along, it’s entirely safe under current regulations. It’s not a replacement for third-party cookies, but it’s a potentially-good option that can put publishers in the driver’s seat.

Collecting First-Party Data

As you may have noticed, most of the above examples rely pretty heavily on a publisher’s ability to collect first-party data from their user base. One of the changes we’ll see in coming years is sites arranging themselves to more fully take advantage of first-party data collection (hopefully as unobtrusively as possible).

As you may have noticed, most of the above examples rely pretty heavily on a publisher’s ability to collect first-party data from their user base. One of the changes we’ll see in coming years is sites arranging themselves to more fully take advantage of first-party data collection (hopefully as unobtrusively as possible).

Types of first party data include:

The more third-party cookies fall to the wayside, however, the more valuable first-party data will be, and the more of it you’ll want to get.

first-party data infographic

Insticator has developed several tools that help gather additional first-party data from your users. One good method is giving users the ability to comment beneath your posts or articles. Posting requires a user profile, which means login data, location, personal preferences and behavioral data. Our Content Engagement Units help create additional user behaviors to track, circulate additional content for them to interact with, and generally boost your site’s metrics. The longer a user stays on your site, after all, the more data there is for you to gather.

Final Thoughts

While it may seem daunting now, Google’s delay in phasing out third-party cookies has left plenty of time for alternatives to be concocted, tested, and implemented — so if you start working now, your business will thrive with or without cookies.

If you’d like to learn more about how to gather valuable first-party user data for your publishing operations, contact us today.

Sean Kelly

Written by

Sean Kelly, Senior Content Writer