As a marketer you may have used them to your advantage. As a citizen of the web you’ve probably been infuriated by them. Third-party cookies, a useful yet invasive and arguably abused feature of the web is now travelling on a one-way-ticket to obscurity.
At the time of writing, the internet browser spoils are shared predominantly by three big players; Google, Safari and Firefox – together they account for 87% of all web sessions worldwide.
Two of the big three have already deployed their arsenal on third-party cookies. Both Firefox and Safari have pledged a commitment to privacy and actively block cookies that track users across the web.
Third-party cookies, however, remain very much at large. Whilst close to 90% of web browser sessions happen on one of three browsers, there is one browser that rules the roost; Google’s Chrome.
Accounting for almost two-thirds (64% to be precise) of the market, Chrome continues to allow the use of third-party cookies, for now.
So, what will be the eventual fate of third-party cookies, when will they meet their demise and what will take their place?
What is a third-party cookie?
There are two types of ‘cookie’; first-party and third-party. Cookies themselves are small files that are placed on your device when you visit a website that wants to ‘set’ (ie. give you) a cookie.
First-party cookies are files set by the website you are visiting itself. These are commonly used for two purposes. The first is to maintain a session, for example, to allow you to add a product to your basket and move around the website without losing the products you’ve already selected. The second reason is to monitor traffic on the website using analytics software. Both of these reasons are relatively harmless (depending on your point of view) and generally (again, depending on your point of view) improve the web browsing experience for all. In short, first-party cookies don’t tend to cause too-much controversy because they don’t account for the most ‘creepy’ aspects of the web.
Third-party cookies are cookies that are set onto your device by a service other than that of the website you are currently visiting. Third-party cookies work in a similar way to first-party cookies, however they are commonly used to track web sessions across multiple websites.
Third-party cookies power much of the digital advertising you see online. For example, when you browse a certain product on one online shop, third-party cookies can be used to ‘follow you’ around the web to show you advertisements related to the product you looked at.
Why are third-party cookies bad?
Advertisers would probably argue they’re not. Some web users would also probably (if pushed) admit that sometimes, the advertisements shown as a result of third-party cookies have been useful.
Despite that, many now agree that much of what makes the internet a negative and invasive experience is the use of third-party cookies.
Third-party cookies, many argue, are an invasion of your privacy. Because of the way they can ‘follow you’ around the internet, ‘see’ what you look at and ‘respond’ by showing you creepily accurate advertisements, many feel unhappy about the whole process.
At a more concerning level, it is, in theory, possible to target individual people with the use of third-party cookies.
In Europe, GDPR (General Data Protection Regulation) has gone some way to taking control of data privacy, but with some websites requiring visitors to accept cookies in order to browse, the problem is far from solved.
Google and third-party cookies
The hard truth is this; the life or death of third-party cookies is in the hands of one organisation: Google. Google’s web browser, Chrome is the most widely used browser on the market. Coupled with this is the fact that no other company (besides Facebook) rivals Google’s advertising business.
A huge proportion of advertisements you see online (on websites, not just Google Search) are served by Google’s advertising products.
Right now, Google relies heavily on third-party cookies in order to let its customers (myself and many of our readers included) to serve ads.
Without third-party cookies, it isn’t currently possible to ‘retarget’ (or ‘remarket’ to) your target audience based on what they’ve already looked at on your website.
When will Google stop supporting third-party cookies?
By 2022, is what the organisation has said.
This puts Google firmly behind its rivals, Firefox and Safari, who have both already implemented privacy initiatives and reduced or removed third-party cookies altogether.
Google, unlike Firefox and Apple (the firm behind Safari) relies on third-party cookies to make a large proportion of the firm’s income, via advertising products.
So, Google will stop supporting third-party cookies when, and only when, it has an alternative means of continuing to run its online advertising business that doesn’t rely on the controversial cookies.
It’s worth taking a quick detour at this point.
So, in answer to the commonly asked question: does Google Analytics use third-party cookies? The answer is ‘no‘ – it uses first-party cookies.
What will happen when Google removes support for third-party cookies?
Google has two groups of people it needs to serve: web users and advertisers. Removing support for third-party cookies would suit web users just fine, but it would put a spanner in the works for advertisers.
On a more self-serving level, it’s highly unlikely that Google would be willing to forgo a large chunk of its revenue even in the name of protecting web users’ privacy.
This leads us to Google’s only option; to create an alternative means of serving ads without relying on third-party cookies.
We now have a name for Google’s alternative: Federated Learning of Cohorts (or, FLoC for short).
What is Google FLoC (Federated Learning of Cohorts)?
FLoC is essentially a new way to target groups of web users with advertisements. Instead of relying on personally identifiable information (such as with third-party cookies), FLoC places web users into groups, called ‘cohorts’ that advertisers can then use to target advertisements to.
Speaking via a press release, Google said that FLoC started “with the idea that groups of people with common interests could replace individual identifiers.”
The search and advertising giant is at pains to impress both of its target customer groups, advertisers and web users. On the advertising side of things, data released by Google in January claims to show that “FLoC can provide an effective replacement signal for third-party cookies…[realising] 95% of the conversions per dollar spent when compared to cookie-based advertising.”
Will remarketing/retargeting still be possible without third-party cookies?
Yes, in all likelihood, retargeting of advertisements will still be possible in a post-third-party-cookie world.
Quite how is yet to be fully determined, however as part of its efforts to solve the privacy/advertising conundrum, alongside FLoC, Google is also working on something called the Turtledove API.
How will the Turtledove API work? At a basic level, Turtledove will use information stored on a web user’s browser to show where an interest in an advertiser has been shown. Combining this with information on the current web page a user is visiting, the API sends requests for ads.
According to Search Engine Land, a search marketing news website, the Turtledove API “sends two requests for ads: one to retrieve an ad based on an advertiser-defined interest, and another to retrieve an ad based on contextual data. These requests are independent so ad networks can’t link them together to learn that the requests are from the same browser.”
What happens next?
The industry waits.
Privacy demands will continue to grow as consumers get more clued up about how to protect themselves online and Google will proceed with caution as it attempts to calm its web users whilst wooing its advertisers.
For those of us responsible for marketing, it’ll pay to monitor what Google does as it moves ever closer to its self-imposed 2022 deadline.
Third-party cookies will only be gone when Google decides to kill them.