Table of contents

    Cookies (so-called cookies) have been an integral part of using websites for many years. Many of them simply provide a seamless experience of web functionality, but some cookies, so-called third-party cookies, have begun to raise questions. It has often been used to track users without their knowledge or consent. At the same time, people have become more conscious about their personal information, which has coincided with new regulations in many countries.

    Major Internet players, such as Google and Apple, are forced to abandon third-party cookies, but the deadline is regularly postponed (the latest news is no longer 2024 but 2025). It is uncertain when this will finally happen.

    It is also important to remember that some types of cookies are subject to restrictions, but they will not disappear entirely. A concrete, well-thought-out alternative is lacking.

    There is a lack of concrete, well-thought-out alternatives.

    The abandonment of third-party cookies is a big change for marketers, companies, site owners, and consumers. How can we prepare for it?

    cookies

    Cookies are small pieces of data stored on a user’s device that contain information about the user’s interactions with websites.

    Cookies are used for various purposes, such as:

    • Management of session data on a website or mobile application,
    • Personalization and authentication,
    • Tracking user behaviour for analytics,
    • Multidimensional tracking used in advertising systems,

    Types of cookies and their differences

    There are two main types of cookies: first-party cookies, or first-party cookies, and third-party cookies, or third-party cookies.

    Proprietary cookies

    Proprietary cookies are generated by the website you are currently visiting. This means that they do not communicate with any external entities or addresses. Hence, they tend to be considered safe and in line with consumer expectations.

    First-party cookies are typically used to enhance user interaction with websites. They help maintain sessions and remember login data, preferences, or the contents of a shopping cart. They also enable personalization of content and ads based on browsing history and interests and collect analytics.

    Third-party cookies

    Third-party cookies are created by domains other than the one you are visiting. 

    Third-party cookies access visitors’ browsers through third-party services embedded in your site, such as:

    • a YouTube video,
    • social media plugin,
    • javascript code from ad networks,

    Third-party cookies are used to track users across sites, perform retargeting, and display selected ads to users through advertising platforms based on their browsing history and behaviour.

    These cookies allow brands and providers to collect significant personal information about users, allowing them to create detailed user profiles. It is assumed that third-party cookies do not interfere with the site’s basic functionality, but they may restrict certain features like live chats. Third-party cookies can also be used for phishing attempts.

    Why are third-party cookies withdrawn?

    The cookies themselves are a story that dates back to 1994. Back then, they created a breakthrough, making it possible, for example, to run an online store. However, the technology quickly began to be abused, violating users’ privacy, collecting sensitive information without explicit consent, exploiting the acquired data and trading it.  Due to the widespread use of cookies, data is scattered across different applications, websites and services, making it difficult to control what happens.

    The data is not being used for any purpose.

    Internauts are increasingly sensitive to the unauthorized collection and use of their personal data, viewing it as an invasion of their privacy. According to Datareportal, 32.8% of people regularly use ad blockers to block ads.

    Increasing concerns about third-party cookies have led to new controls. Regulations such as the CCPA, CPRA, and RODO treat cookies containing identifiers as personal data. The new regulations are all about clear consent and the ability to modify and revoke that consent at any time.

    Website publishers must therefore keep in mind the new obligations:

    • Gain the explicit consent of users before generating cookies and collecting or storing data in users’ browsers.
    • Publish full information to end users about the tracking technologies used, stating the providers, purposes and time of data collection.
    • Maintain a record of consents and data releases in the event of an audit or a request for access by the data subject.
    • Allow users to modify or revoke their consent preferences.

    Need to organize your data collection and consent mode?

    We know the topic inside out. Contact us and get your data collection in order!

     

    Compared to other browsers, Chrome is a bit slower to restrict third-party tracking. Third-party cookies are primarily used to serve digital advertising, which is an important part of Google’s business. So it is not in Google’s strategic interest to speed up this change.

    In January 2020. Google announced that it is phasing out support for third-party cookies in the Chrome browser, starting with conversion measurement and personalization tests by the end of 2020.

    The company has announced that it is phasing out support for third-party cookies in the Chrome browser, starting with conversion measurement and personalization tests by the end of 2020.

    In July 2022. Google has announced a two-year delay for third-party cookies until the end of 2024.

    The company has announced a two-year delay for third-party cookies until the end of 2024.

    Testing began in January 2024 with the introduction of a new tracking protection feature. Google reduced third-party cookies, but the change only affected 1% of all users.

    Testing began in January.

    In April 2024, Google announced that it would not complete the phasing out of third-party cookies in the second half of the fourth quarter, as previously expected. The process has now been postponed until 2025.

    What happens next remains to be seen.

    As early as August 2019. Google introduced the Privacy Sandbox – an initiative to develop standards to protect privacy on the Internet.

    However, while other browsers aim to avoid third-party cookies, Google’s alternative is not necessarily focused on privacy. Google wants to retain control of most online advertising and is very interested in maintaining its ad targeting capabilities—for as long as possible, of course.

    What will replace third-party cookies in the Chrome browser?

    Google’s decision to remove support for third-party cookies in the Chrome browser is part of its Privacy Sandbox program, which includes measures to support advertising functions without relying on tracking users across websites.

    The Privacy Sandbox project is an iterative process in which various APIs have been developed and deployed for testing. The process reached a milestone when, in July 2023, the Privacy Sandbox initiative announced the release of six new APIs for the Chrome browser.

    The Privacy Sandbox Project is an iterative process.

    These APIs include:

    • Topics,
    • Protected Audience,
    • Attribution Reporting,
    • Private Aggregation,
    • Shared Storage,
    • Fenced Frames,

    Topics

    Topics allow a browser to infer the selection of certain recognizable interest categories based on browsing history to allow sites to display relevant ads. Unlike cookies, themes will only share users’ general interests, not detailed behaviour across multiple sites.

    The Google Topics API is the second version of the Federated Learning of Cohorts (FLoC) proposal, which was eventually abandoned due to privacy concerns.

    Protected Audience

    Protected Audience allows advertisers to run ad auctions using JavaScript code in the browser. It is used to support remarketing and custom audience lists.

    Attribution reporting

    Attribution reporting allows you to measure conversions from ad clicks and impressions and ads on other platforms without tracking user activity on your sites. 

    Uses two types of reporting:

    Event-level reporting provides detailed conversion data without revealing users’ identities.

    Summary reports – present aggregate data among large groups of users.

    Private Aggregation

    Private aggregation allows you to generate aggregate reports using data from protected recipients and data from different locations

    Shared Storage

    Shared Storage allows sites to store and access indivisible data from different sites. This data is read in a secure environment,

    Fenced Frames

    Fenced frames allow content to be securely embedded on a page. This is an HTML element for embedding content similar to an iframe element.

    Privacy Sandbox a-branch-advertising

    On the one hand, Privacy Sandbox is a surefire alternative to third-party cookies, but it will only work in the Chrome browser. Although Chrome has most of the market share (73%, according to StatCounter), other browsers still account for the rest of the traffic. Chrome is also not representative of traffic from other browsers and devices, on which users may behave differently.

    Identifiers created with Privacy Sandbox are not owned or stored by advertisers, so they cannot be transferred or activated on other systems.

    Withdrawal-of-third-party-cookies-by-other-providers

    Many browser vendors have been enforcing restrictions on user tracking for years.

    Apple

    Apple has implemented Intelligent Tracking Prevention (ITP) in the Safari browser. By default, ITP blocks third-party cookies and restricts first-party cookies.

    Also, Apple has introduced App Tracking Transparency (ATT). This user privacy policy requires all iOS apps to request permission through a pop-up window to access an advertiser’s identifier (IDFA) or device ID and track users across apps and websites.

    Tracking Transparency.

    Firefox

    Firefox offers enhanced tracking protection that allows users to block cookies and memory access by third-party tracking modules. This allows users to decide what level of privacy they want to set in their browsers.

    What does the end of third-party cookies mean?

    Companies using third-party cookies face big challenges because some features will not be available.

    There are at least a few key activities affected by the current transformation, among others:

    • Purchasing third-party recipient databases,
    • Retargeting,
    • Advertising attribution after display,

    Whether-to-focus-on-cookies-first-party?

    If your company already uses its own cookies as a primary source of marketing data, this will have little effect on your operations. These cookies will continue to work and remain an option, providing tangible benefits even in the face of third-party cookie changes. If, on the other hand, you rely primarily on third-party cookies you are in for big changes. The sooner you think about solutions such as Conversion API Meta or enhanced conversions in Google Ads the better.

    Let's talk!

    Tomasz Starzyński
    Tomasz Starzyński

    CEO and managing partner at Up&More. He is responsible for the development of the agency and coordinates the work of the SEM/SEO and paid social departments. He oversees the introduction of new products and advertising tools in the company and the automation of processes.