Cookie Deprecation: What to Know about the Cookieless Future
While the news cycle keeps changing around cookies, it's never too soon to make a pivot toward contextual advertising in advance of the cookieless future to come. Don't wait for cookie deprecation when you can prepare now!
Why Are Cookies Going Away? (And what does that mean?)
Over the last five years, a lot has happened on the digital advertising data privacy front.
After years of consumers lamenting incessant, irrelevant digital ads—the proverbial shoes they already bought following them around the internet—government finally decided to take a stand in the form of strict data privacy legislation. But before we get into that, let’s briefly cover what led to these ads perpetuating across the internet.
And the answer is third-party cookies.
Cookies debuted in 1994 thanks to a Netscape employee concluding that websites needed a way to collect information about their visitors to monetize them. Website servers began setting first-party cookies. Third-party servers owned by ad tech vendors or publishers themselves set third-party cookies.
While third-party cookies were intended to deliver more targeted advertising to website visitors, what ended up happening is that they became based on often outdated consumer behavior. So, even if a website user bought something, like those shoes, that they browsed six months ago, they might still get ads about them. Before the collective, growing data privacy concerns among consumers came to a head, there was a series of events that put the advertising industry on notice that we’ll refer to collectively as ABC:
- Apple unleashed the first iPhone and, with it, mobile location data. While location services began as a way to keep consumers safe, advertisers began using the information to track users, which creeped out many of them.
- Big data became a buzzword. And while it certainly helps businesses create value, it also creates challenges regarding data privacy. Now, so much data is being produced so rapidly that companies can use identifiable information to profile individuals to analyze, predict, and influence their behavior in a process Deloitte calls “nudging.”
- Cambridge Analytica, a right-wing-backed data firm with ties to Donald Trump, allegedly misused data obtained from Facebook to build voter profiles ahead of the 2016 presidential election, as reported in the New York Times.
Then, in 2018, right after the Cambridge Analytica scandal surfaced, the General Data Protection Regulation (GDPR), a law allowing European Union users to opt-in to collect personal data, came into effect. Its proposal, however, goes back as far as early 2012. It was around this time that the first programmatic demand-side platforms on the market hit their five-year mark and set forth the incredible deluge of third-party-based behavioral targeting tactics that came to dominate the industry.
The GDPR got the ball rolling on other data privacy laws worldwide. In 2018, the California Consumer Privacy Act (CCPA) got passed, detailing new privacy rights for consumers in California. The General Data Protection Law went into effect in August 2020. All 100 countries now have some sort of data privacy or security law.
And now, almost three years later, 35 of the 50 U.S. states have at least considered data privacy regulation. The Virginia Consumer Data Protection Act (VCDPA) was enacted in January of 2023 and protects any information linked or reasonably linkable to an identified or identifiable natural person. Other U.S. privacy laws to come into effect in 2023 include the Colorado Privacy Act (CPA) and the Connecticut Data Privacy Act (CTDPA), both on July 1, and the Utah Consumer Privacy Act (UCPA) on December 31, 2023. The U.S. has also begun considering the American Data Privacy and Protection Act, a national data security and digital privacy framework that would create new rules and regulations for any business that collects consumer data.
Of course, amid these laws getting passed, Google announced its plans for third-party cookie deprecation from its Chrome browser in January 2020. Before then, Mozilla’s Firefox browser had already begun blocking third-party cookies by default, and Apple’s Safari browser followed suit. This meant roughly 40% of US internet traffic came from users who blocked these cookies on their web browsers. In 2021, Apple started including major privacy updates in its iOS 14.5 and 15 updates that allow users to opt out of all app tracking. This move has made it incredibly difficult for marketers, including Facebook’s Meta, to measure the effectiveness of ads.
What are Important Alternatives to Cookies?
The deprecation of third-party cookies means the entire digital marketing ecosystem must find alternative solutions, including advertisers, publishers, and ad tech providers. And these solutions must allow advertisers to manage both cross-site engagement and attribution.
One of these alternative approaches to third-party cookies is leveraging contextual data, which offers perspective, instead of assumed behavior, about an internet user. In this way, contextual data helps advertisers base decisions on the content a user recently consumed instead of past behavior. Contextual data is also more cost-effective to acquire than third-party data and often better-performing: Contextual ad impressions typically cost less than behavioral ad impressions, with eCPM, CPC, and vCPMall cheaper. Contextual advertising can also help deliver a better user experience since the targeting is based on context and recency instead of legacy behavior.
Contextual data mines various sources, like demographics, purchase affinity, and ZIP code, from touchpoints like websites, email, and social media. However, if advertisers can’t access enough contextual data, they have another option: contextual data marketplaces. Contextual data marketplaces collect unique, pre-bid, cookieless contextual data from across websites, apps, and physical locations. These insights can be combined into custom and individual categories for targeted contextual advertising at scale. A contextual data marketplace might include data types such as real-time conditions like weather, emotional context, and demographics.
Peer39 has its own Contextual Data Marketplace (CDM) that offers direct access to unique, cookieless, pre-bid data sources from data partners like Experian, Social Predict, Planalytics, DeepSee, and Factmata. Our CDM enables advertisers to target various audiences based on some of the contextual data sources referenced above, like weather and location. These categories and data sets can be activated in all major DSPs integrated with Peer39.
What are First-Party Data Options?
Preparing for the cookieless future also means advertisers must wean themselves off of third-party data. This necessitates moving to first-party data-based solutions that allow advertisers to harness their owned, opted-in user data for targeting. Advertisers and publishers are testing various first-party data-based solutions as alternatives to cookies.
Hashed emails were one of the first solutions offered by ad tech providers to replace third-party cookies. Hashing converts opted-in emails into encrypted, unique codes for off-platform targeting. Universal IDs, including DSP The Trade Desk's Unified ID, are open-source frameworks built from hashed and encrypted email addresses and translated into permanent user identifiers advertisers can use across the internet.
Then there are the APIs Google is testing. These include the Topics API, which has replaced the original federated learning of cohorts (FLoC) proposal in the Privacy Sandbox, and “first locally executed decisions over groups experiment” (FLEDGE). Topics looks at what content a user has consumed for three weeks in an anonymized way and then generates five “Topics” for each week, one of which will be sent in response to an ad request. The FLEDGE API auctions run directly on Chrome and therefore don’t rely on tracking consumers across websites to retarget ads. Some reports indicate that FLEDGE could provide publishers and advertisers with more transparency into bidding activity and value.
Not to be outdone by a fellow walled garden tech giant, Facebook has also renamed an old tracking mechanism meant to replace browser-side tracking. Conversions API, formerly known as Server-Side Events, relies upon the website's server, not the browser, to track website visits. The server then notes the user's actions and sends the information back to Facebook.
Retail media networks have emerged as another cookieless option. RMNs are advertising platforms provided by retailers that can give advertisers access to first-party data—such as point-of-sale and loyalty data—and allow them to reach more specialized audiences. RMNs help advertisers reach in-market shoppers without using cookies by extending the scale of this first-party data beyond the retailer’s owned-and-operated properties.
Finally, contextual advertising enables brands to serve ads based on a website's content, not on behavioral customer data, using machine learning to predict the right pages to target at the right time. As we mentioned above, contextual advertising benefits over legacy behavioral, third-party cookie-based targeting tactics in that it focuses on recent behavior and context. This means ads are more likely relevant and timely for the consumer receiving them.
Why Did Google Delay Third-Party Cookie Deprecation Again?
In July of last year, Google pushed off third-party cookie deprecation to the second half of 2024, citing that feedback from developers, publishers, marketers, and regulators indicated they needed more time to test Google’s proposed replacement identity solutions. In June 2021, it said cookie deprecation would come in the second half of 2023. In its original January 2020 announcement, the company said the deed would be done by 2022.
After these two Google delays, the company plans to phase out third-party cookies in the second half of 2024. There are rumors, however, that the tech giant might stall further.
Ad tech firm RTB House reported that low publisher adoption and supply-side and ad tech vendor testing of FLEDGE, a key piece of Google’s “Privacy Sandbox,” might spark a third delay. However, Google has maintained that it’s “firmly committed to the timeline” to deprecate cookies by the end of 2024. A recent AdExchanger article highlights how even Google Analytics has not moved to a more GDPR-compliant version 4.
Whatever Google’s plans, all of these privacy changes are a change for advertisers and publishers to optimize their business models and value exchange with consumers. By pursuing solutions, such as contextual advertising, that rely on robust, consented first-party data instead of stale, inaccurate third-party data, both the buy and sell sides can future-proof their strategies for the cookieless future.