Editor’s note: This blog post was originally published in September 2021, with permission from the Association of National Advertisers. It is repurposed with permission.
– part One –
Five-part series overview
In a time of constant change in digital advertising, one constant question remains on advertisers’ minds: What do we do after the 3rd party cookies are gone? The digital marketing platform is built on the ability to track and target consumers as they browse through websites, apps, and online platforms. This is facilitated by third-party cookies – small digital files that websites download to a user’s device to help identify the user as they interact with a website and across the Internet. In a couple of years, the third-party cookie will likely be out of date, and with it, the third-party consumer behavior-based digital advertising model that relies on it.
Due to the confluence of new data privacy laws and advertising technology standards, a cookie, specifically a third-party cookie, is set to be phased out by the end of 2023. The questions advertisers are rightly asking themselves now are: What will replace a cookie? Third party cookie cookie, and how should they best position themselves for brand marketing in the world of third party cookies? The good news is that alternative data solutions are already being developed, and a picture of what the digital advertising landscape might look like after a “cookie” is beginning to emerge.
This five-part series below begins with a brief overview of cookies before we get into the third-party cookie in particular, including its many use cases and their role in the current digital advertising ecosystem. Part Two examines the many foreign and US privacy laws and regulations that govern – and to a certain extent – companies’ ability to make use of third-party cookies to collect, track, and share consumers’ personal information for advertising purposes. The third part provides a summary of the significant technical removal of the third-party cookie; Updates to the Google Privacy Sandbox, a protected testing environment used to determine how to operate ad targeting, measurement, and fraud prevention without third-party cookies and Apple’s SKAd network, the company’s alternative for advertisers to assign impressions and clicks to installs on iOS apps launched in connection with the iOS privacy feature 14.5 The new App Tracking Transparency (ATT). Part IV will take an in-depth look at post-cookie trends at an industry level, focusing on the shift toward developing and nurturing first-party consumer data strategies, emerging diverse identifier solutions, and models based on contextual advertising. Finally, Part Five will conclude with key takeaways and best practices that advertisers should consider sooner rather than later to start preparing for the inevitable transition from a framework based on consumer tracking and targeting to what may come next.
What are third-party cookies and why are they important
There are a variety of cookies, and they can be divided and defined on different grounds. But for the purposes of this primer, OneTrust provides a useful breakdown of cookies into three general categories – age, purpose, and domain:
- Omar: As the name suggests, these cookies make use of their time use. Temporary cookies are only active while the browser is open and disappear when the user closes the browser, while persistent cookies remain on the user’s device for a specified period and are used to remember information such as settings, preferences and login information.
- Purpose: There are four basic categories of use case cookies:
- absolutely necessary or essential, which are used to provide the basic functionality on the Website without which the Website will not function as intended.
- Performance or static, which collects information about how users navigate the website, such as pages visited and clicks. Think of analytics cookies, which are usually aggregated and do not identify individuals.
- Functional or Preference, which allows websites to track and “remember” a user’s past preferences and choices on the website to provide a more personalized experience, for example, username and password or login, region and language.
- Targeting or tracking, which are used to manage performance, serve ads, and create user profiles.
- Domain: First-party cookies vs. Third-party cookies, i.e. the entity that stores the cookie on the device:
- First party cookies are set by the web server for the visited page and share the same domain.
- Third-party cookies are set by a domain other than the website being visited.
First-party cookies allow websites that collect analytics data, among other things, to provide a deeper understanding of user habits while also helping to provide a better user experience. These cookies cannot be used to track user activity anywhere except for the original website that set the cookie. On the other hand, third-party cookies are used by social media platforms, advertisers and ad technology companies to track users’ online behavior and deliver personalized or targeted advertisements. Types of third-party cookies include advertising, tracking and targeting cookies, which are specifically designed to create user profiles for website visitors. Tracking cookies collect data ranging from geographical location to browsing history and purchase trends and can track a user across multiple websites or platforms.
Third-party cookies have been a mainstay of digital marketing for over 20 years, and over time, advertisers have developed a variety of ways to take advantage of them in advertising campaigns. It is important to summarize these use cases to understand the functionality that brands may lose when they can no longer rely on third-party cookies to operate their online advertising strategies. For example, it is a third party cookie – after being assigned to a user’s browser – that enables a number of key automated advertising tools, such as the use of software and algorithms to automate the buying/selling of ads and the real-time bidding feed. Cases of use of third-party cookies for digital advertising can be categorized into the following groups:
- Identification: This is one of the most common uses of third-party cookies. Adtech platforms such as supply-side and demand-side platforms use third-party cookies to identify users across the web. The cookies are then used for behavioral targeting and retargeting once the ad technology platform is able to identify users, and serve them personalized ads based on their behavior and interests.
- Frequency limitation: This practice helps determine if the user the company is trying to reach has seen a certain ad a certain number of times so that it can determine the number of times the user has seen the same ad.
- Measurement and referral performance: Third-party cookies can also help measure campaign performance and referral operation, allowing advertisers to understand what action is responsible for the conversion and which ads were clicked, viewed, and led to a purchase.
- Audience Activation: This use case enables advertisers to use data management platforms (DMPs) to take advantage of cookie synchronization (see below), to create and target audiences across different websites.
- Cookie synchronization (also known as matching cookie): This use case lies in many of the use cases mentioned above, for example, audience activation, and basically means matching cookies created by different players in the advertising ecosystem Numeric, such as DSPs, SSPs, and DMPs, in a single cookie identifier to theoretically identify the same user (“theoretically” because synchronizing cookies and tables has its limitations and is far from an exact match).
Many of these use cases are part of most digital advertising campaigns today. This is probably why the end of third-party cookies, and what to do after they’re gone, has become such a big deal for digital advertising. Brands may still be able to run a combination of targeting, measurement, and referral without third-party cookies, particularly with some potential solutions that we’ll discuss in detail later in this series, but the main difference will be one broad. Simply put, advertisers may not achieve the same scope in terms of ad targeting and measuring their performance across different websites without third party cookies, and this potential fact should inform each brand’s post-cookie strategy.
Stay tuned for our next post, in which we will discuss privacy laws and regulations, such as the GDPR and Consumer Privacy Protection Act (CCPA), that govern and limit the ability of companies to collect, track, and share consumers’ personal information for advertising purposes. These laws are not only related to how companies should run their digital advertising campaigns now, but are ultimately part of the driving force pushing the industry away from the third-party cookie-centric model.