Trends briefing

Third-party cookies: everything marketers need to know

young man online marketing working on laptop with smartphone in hand

For a long-time marketers have relied on cookies and website tags to detect and track online activity. But as we prepare for a cookieless future, what can we do to prepare and ensure we can continue to measure and optimize our campaign success? 

What are cookies?

In its simplest form, a cookie is a small file that is downloaded onto your computer when you visit a website. They serve a range of purposes, including remembering preferences, recording items added to shopping carts, and counting the number of people visiting your website.  

What types of cookies are there?

There are three types of cookies:  

  1. First-party cookies. First-party cookies are stored by the domain a browser is visiting. They are typically used to identify which pages users visit, remember preferences, and store shopping carts. Nowadays, every website uses first-party cookies.  
  2. Third-party cookies. Third-party cookies are the opposite of first-party in that they are stored under a different domain to the one a user is visiting. They’re mostly used to track user behavior between websites and display relevant ads, but can also be found in a support chat function provided by a third-party service.  
  3. Second-party cookies. You probably haven’t heard about second-party cookies. That’s because a lot of people say they don’t exist. Generally, second-party data is first-party data shared between partners, so second-party cookies are part of the data related to cookies.  

How do third-party cookies work?

Third-party cookies are cookies tracked by websites other than the one a user is currently visiting. The most common third-party entities are advertisers, marketers, and social media platforms.  

Third-party cookies in action 

The best way to explain how cookies work is to see them in action.  

Let’s use travel companies, as I’m sure we’ve all been re-targeted by a travel brand or two. Imagine last week you decided to look into a holiday in Greece. You browsed a couple of websites and checked out flights, hotels, and top attractions but ultimately, to be able to afford that Santorini holiday of your dreams, you’re going to hold off and save up. Next year will be your year.  

A few days go by, you’ve set yourself a savings goal, then you begin to see ads for Santorini villas on many of the websites you visit.  

Coincidence? I think not.  

You’re seeing these ads because your browser stored a third-party cookie and it is being used to send you targeted marketing.  

Why are third-party cookies bad?

The biggest problem with third-party cookies is that most website visitors don’t realize they’re there or doing what they’re doing. After all, how many of the giant cookie popovers explicitly tell you how and where the cookies you’re ‘consenting’ to will be used.  

What’s more, cookie notifications have become such a nuisance to web browsers that people rarely pay attention to them. With the implementation of CCPA, ePR, and GDPR, the privacy rights of web browsers are increasingly protected.  

Users are now entitled to know what information is being collected about them and with whom it’s being shared. At the same, they have the right to opt-out at any time.  

Pressure has steadily built from regulators and consumers demanding the era of third-party cookies end. Apple’s Safari and Mozilla’s Firefox have blocked third-party cookies by default. Google Chrome is the last of the major players to block third-party cookies. With 67% of the market share and 90% of its revenue generated through advertising, it’s easy to understand why Google has been reluctant to follow suit.  

When will third party cookies be phased out?

Google initially announced its third-party phase-out in February 2020 but it was the brand’s March 2021 announcement that sent marketers’ heads spinning.  

“Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.”  

According to Google’s statement, “[it doesn’t] believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long-term investment. Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers.”  

While there has yet to be a specific date set, Google has announced that it will stop using third-party cookies by the end of 2023.  

What does the end of third-party cookies mean?

First things first, the end of third-party cookies is not the end of tracking. Cookies aren’t the only technology marketers have today that can be used for tracking web browsing behavior.  

Just like third-party cookies, these existing technologies track user behavior in the same way:  

  • Local Storage 
  • IndexedDB 
  • Web SQL 

Technologies have already discovered workarounds for users using Safari and Firefox, and they’ll likely find one for Google too. The secret to successful tracking will be compliance.  

What does it mean for marketers?

Tracking technology may be changing, but data protection laws aren’t and they still require end-user consent.  

In some ways, this could end up strengthening tracking. New technologies will ensure a greater level of certainty, fixing issues in tracking precision and ad fraud by bots.  

We’re about to witness is the rise of zero-party data. 

First-party cookies will continue, and thanks to GDPR and emerging laws like CCPA and Brazil’s LGPD, consent will remain as a central requirement. Your website still needs to ask for and obtain explicit consent from users for any data stored, regardless of what technology is being used.  

This means, that as the curtain falls on third-party cookies, marketers will have to work harder to build trust with web browsers to obtain consent. Trust and consent will ensure compliance with the data privacy regulations that have changed the marketing game. In turn, compliance will enable you to innovate how you track and target your customers.  

Luckily, your email marketing, marketing automation, and customer data platforms have been preparing for this for years. Keeping track of consent and managing individual users’ consent via single customer view are just a couple of ways you can rest assured that you’re already more prepared than you thought you were.  

So, as a final note, I think it’s important to change the way we think about the death of third-party cookies. It’s not the end of marketing as we know it. It’s an opportunity to improve and a chance to ensure we – as marketers – are protecting the rights of our customers, whilst providing them with exceptional experiences.  

Stay on top

Get the latest and greatest marketing insight delivered to you weekly

Ecommerce marketing

Scale your ecommerce marketing campaigns with Dotdigital

Marketing automation

Attract, engage, and retain your audiences with Dotdigital