Here we are. After years of teasing, announcing, scheduling, and experimenting, the long-awaited end of third-party cookies is finally upon us. Earlier this year, Google started deprecating third-party cookies in its Chrome browser for 1% of users globally and will gradually work towards a complete phase-out by the end of the year.
Naturally, even though the topic has been discussed for years, it poses many questions: What does it mean for organizations? How can companies maintain their tracking and measurement abilities without cookies? Do we still need CMPs and cookie banners?
This article covers the history behind the deprecation of third-party cookies, key dates and timelines, the impact, alternatives, and how Didomi can help.
July 2024 update: In a press release on the Privacy Sandbox website, Google announced that it will not be deprecating third-party cookies and will introduce a new experience in Chrome. Read the takeaways from our CEO.
The end of third-party cookies: context and timeline
Cookies are small text files containing information used to identify users on a network. Stored on their devices, they assign a unique identifier to each user to help improve and personalize their browsing experience.
They can be used by website providers to provide personalized experiences, manage user sessions by recognizing specific users, track users on shopping sites, or for performance and analytics purposes.
Talks surrounding the end of third-party cookies emerged as early as the early 2010s when both Safari and Firefox announced that they were blocking them. For Google, the subject dates back to 2020, when Chrome released a blog post about the topic and The Privacy Sandbox, Google’s initiative to promote privacy-friendly practices online.
“The privacy sandbox is a suite of proposals to help tackle the problem of pervasive tracking and address the needs of the web and app ecosystem as these changes are rolled out to Chrome and Android”
- Helen Cho, Product Manager, Privacy Sandbox (source: Preparing for the end of third-party cookies by Chrome for Developers on Youtube)
Before looking at the steps Google took in phasing out third-party cookies from Chrome, let’s cover some of the most basic questions surrounding the topic.
What is the difference between a first-party and a third-party cookie?
Cookies can be first-party or third-party, depending on the user’s context and the site they visit at a specific time.
Essentially, first-party cookies are created and stored by the owner of a website the user is on (for analytics or login purposes, for example), while third-party cookies are created and placed by another company other than the owner of the website the user is currently on. Think cross-site tracking, retargeting, and other ad-related purposes (tracking ad performance, collecting insights).
While third-party cookies can cause privacy issues, it’s important to mention that they are also a critical component of the web. Among other things, they allow for services such as embedded maps and chat widgets on retail websites or shared login infrastructure across an organization's brands.
Towards a “cookieless” future?
Now that we’ve established the difference between first-party and third-party cookies, you might realize that the term “cookieless” can be misleading. We agree. While we’ve used it in the past (and will likely use it again), the term should be taken with a grain of salt.
Cookies will not be completely annihilated once Chrome phases out third-party cookies. Websites will still be able to leverage first-party cookies to authentify users and manage their sessions and preferences, and alternatives will emerge. A more accurate term could be "third-party cookieless," but you will agree that it is far less catchy. Just be aware of the nuance.
Why is Chrome deprecating third-party cookies?
The phasing out of third-party cookies in Google Chrome is a natural continuation of a privacy-focused trend that has gained speed over the last ten years.
Following the excesses of the 2000s and the rise of “Big Data” practices, consumers and regulators became increasingly concerned about data privacy violations. This culminated in scandals from Cambridge Analytica to Ashley Madison, the launch of the General Data Protection Regulation (GDPR) in Europe, and, eventually, the current state of data privacy regulations around the globe.
Google is following the path paved by browser rivals Safari and Firefox in the early 2010s by phasing out third-party from Chrome in 2024.
This is part of Google’s efforts to provide a privacy-first approach to its products and services, something that we’ve seen reflected a lot over the past few months as the organization releases an improved consent mode with additional features, establishes new requirements for companies running ads in the European Economic Area and the United Kingdom, and promotes its Privacy Sandbox initiative.
“Third-party cookies have been a fundamental part of the web for nearly three decades. While they can be used to track your website activities, sites have also used them to support a range of online experiences — like helping you log in or showing you relevant ads.”
- Anthony Chavez, VP, Privacy Sandbox at Google (source: The Keyword)
What is the timeline for Chrome cookie deprecation?
Google started deprecating third-party cookies for 1% of Chrome users in January 2024 and had initially announced that they would be phased out for all users in the third quarter of the year.
However, based on historical data and the massive project that the deprecation of third-party cookies has been for Google, we predicted that the timeline would likely change slightly and for the complete phase-out to happen in 2025. This turned out to be true, as Google announced in a press release on the Privacy Sandbox website.
What is the impact of Chrome's third-party cookie deprecation, and what does it mean for you?
Even though Mozilla’s Firefox and Apple’s Safari browsers have long gone through the switch away from third-party cookies, the market share of Chrome makes the announcement of its cookie deprecation that much more impactful and newsworthy for organizations, consumers, and marketers alike.
“2024 is the year organizations must sit down and revisit their strategy.
In the same way that they had to transform for compliance reasons in 2018 with GDPR, organizations must now transform due to external forces in the name of Google and Chrome deprecating third-party cookies. They no longer have a choice in the matter.”
- Romain Gauthier, CEO and co-founder at Didomi (Source: Top data privacy trends for 2024: Insights from the Didomi team)
Marketing professionals will be among the most impacted by this change. Some of the concerns linked to the deprecation of third-party cookies include:
- Challenges in running effective advertising and retargeting campaigns
- Difficulty tracking and measuring digital performance
- Necessity to rely on first-party data and to build comprehensive datasets
- Facing drops in advertising efficiency and, consequently, revenue
- Adapting to new technologies and facing a confusing transition period
While legitimate, these worries highlight the need for organizations to step up to the plate and take the switch as an opportunity to work with reliable partners, prepare in advance, and lead the way toward sustainable data practices without third-party cookies.
“With changes such as the depreciating of 3rd party cookies, google consent mode v2, and various tracking methodologies that are being debated it is going to be a tricky landscape to navigate. Not only is it new but it's also largely unexplored and will prove to be a challenge for most marketing teams trying to respect their users and stay compliant with privacy regulations all while still needing to track and process data to enable them to grow and make educated decisions.”
- Siobhan Solberg, Data Privacy Consultant (Source: Didomi 2024 data privacy expert roundup)
Another concern is what comes next. Indeed and while the end of third-party cookies is often touted as a victory for privacy, divergences and caution are emerging from experts, wary of not replacing a flawed solution with another:
“Enter the humble ‘tracking pixel and tag,’ a seemingly inconspicuous bit of code, poised to become the omnipresent tracker of the post-cookie era, controlled by big tech. Yet, for Australian brands caught in this new data-driven stampede created by cookie deprecation, the question we need to be asking is: are we merely swapping this panopticon of cookies for a privacy and consent quagmire of hidden tags that do more harm, more invisibly, than cookies ever did?
From our deep experience in auditing tags and pixels for privacy compliance purposes, we know for certain that it is looking very likely.”
- Chris Brinkworth, managing partner, Civic Data (source: Media Week)
In light of these concerns and the imperative to prepare a transition away from third-party cookies, let’s take a look at some of the alternatives you can consider.
Alternative to third-party cookies to consider in 2024 and beyond
As we prepare for the phasing out of third-party cookies, many alternative solutions are emerging, such as PETs, data clean rooms, or first-party data.
One common denominator for most of these solutions is that they require consent as a legal basis to be lawfully and adequately leveraged. Don’t give up on your trusted Consent Management Platform (CMP) just yet, as consent increasingly becomes the cornerstone of any digital activity.
"Consent, once the exclusive domain of privacy laws, has now become the linchpin in a broader regulatory context, including consumer protection and competition law. With the DMA and DSA, we're seeing a shift towards greater user empowerment—where consent is integral not only for data privacy but also for transparency in advertising and fair data practices among gatekeepers.
As we embrace this shift, consent is set to play a pivotal role in shaping the future of AI regulation, ensuring users have a decisive voice in this burgeoning field."
- Thomas Adhumeau, Chief Privacy Officer at Didomi (Source: Top data privacy trends for 2024: Insights from the Didomi team)
Let’s take a look at some of the alternatives to third-party cookies that are emerging today.
Contextual advertising
Contextual advertising is the opposite of user-based targeting and consists of displaying ads based on a website's content instead of relying on user data.
While respectful of privacy, it is limited in terms of personalization and experimentation and might feel like a step backward for many modern marketing teams.
Privacy-enhancing technologies (PETs)
Privacy-enhancing technologies (PETs for short) are technologies that emphasize the protection of user data while still allowing for valuable analytics and insights by leveraging methods such as data anonymization, encryption, differential privacy, data aggregation, on-device processing, differential privacy, or data noising.
Initiatives like Google’s Privacy Sandbox use a range of PETs to provide useful functionality for developers while complying with the most stringent privacy regulations and requirements.
Server-side tracking
An alternative to client-side data collection, server-side tracking allows data processing and storage to occur on a server rather than in a user’s browser.
In that way, organizations can benefit from increased levels of security and improved website performance while maintaining data collection and processing activities in a compliant way.
"With the end of third-party cookies scheduled for 2024, our customers must find other solutions to collect clear, relevant data that makes sense for their business.
Organizations need to turn to other solutions, and Didomi can support them, particularly in setting up a server-side implementation and building a strategy linked to first-party data and preferences that can be collected throughout the customer journey in an intelligent way."
- Charlotte Perrin, Director of Customer Success at Didomi (Source: Top data privacy trends for 2024: Insights from the Didomi team)
Data clean rooms
Data clean rooms are emerging as a collaborative solution for organizations to share and analyze data by combining their datasets in a secure, privacy-compliant environment.
"The erosion of consent rates and the disappearance of third-party cookies compel every player in the digital industry to rebuild their data portfolio. These one-to-one or one-to-many data sharing within data clean room environments require absolute control over consent signals, ensured by a governance that is clear, cross-functional, and operational. "
- Frank Ducret, VP Strategy, Product Evangelist & Director of Partnerships at Didomi (Source: Top data privacy trends for 2024: Insights from the Didomi team)
These virtual spaces allow organizations to share their data sets without directly sharing or exposing individual user data, which can be particularly beneficial for advertisers and publishers looking to understand audience overlap and campaign performance while adhering to data privacy regulations.
Unique and cross-site identifiers
New kinds of cross-site identifiers, similar to third-party cookies, are also emerging.
These identifiers rely on user consent and enable tracking across sites based on unique user attributes or aggregated data, providing a way to understand user interactions across different domains without the invasive nature of traditional cookies.
Whether based on signals like IP address or user data, like email addresses, they enable users to be re-identified across different websites and allow for effectively unlimited collection of cross-site data.
First- and zero-party data
It might seem obvious, but the best alternative to third-party cookies might be first- and zero-party data. In other words, data you’ve collected from your customers by asking them.
Not only is this category of data more reliable (after all, it comes straight from the source) but it’s also consented to and allows for ultra-personalized actions as a result. It has been proven that asking users directly for their interests and preferences directly eliminates irrelevant messaging, reduces email unsubscribes, and ensures a more engaged and loyal customer base.
To learn more about preferences, first- and zero-party data, take a look at our personalized customer preference journeys:
{{learn-about-product-analytics-platforms-and-more}}
Your third-party cookies deprecation checklist
End of third-party cookies: How Didomi can help
At Didomi, and while it may sound surprising from one of the leading providers of Consent Management Platform (CMP) solutions, we’ve been preparing for the end of third-party cookies since the company's infancy.
Not only do we believe that the end of third-party cookies in Chrome will lead to renewed use cases and applications of our consent management solutions, but we’re excited to provide our customers with the rest of our Global Privacy UX Solutions offering, which provides the necessary tools and services for organizations to face the challenges ahead, as expressed by our co-founder and Chief Revenue Officer, Raphaël Boukris:
"2024 will be a pivotal year for digital and legal departments. With the recent adoption of TCF V2.2, DMA, Google Consent Mode V2, and the effective disappearance of third-party cookies in Chrome, the stakes have never been higher for any company that conducts a significant portion of its business on its websites and applications.
We are witnessing a growing demand for unified, cross-device consent linked to a persistent identifier used by our clients. Companies, especially those with strong brands, will capitalize on the collection and proper distribution of their first-party data to have a very rich view of all consents and preferences for all their users.
The challenges will, therefore, be numerous for organizations that will need reliable partners like Didomi by their side."
- Raphaël Boukris, Chief Revenue Officer and co-founder at Didomi (Source: Top data privacy trends for 2024: Insights from the Didomi team)
Whether we’re talking about third-party cookies or what comes next, we believe that organizations that can implement comprehensive, transparent Privacy UX will emerge as leaders in a privacy-first world.
We are optimistic about what 2024 (and beyond) has in store for Didomi and the data privacy industry and are confident in our ability to help our customers, partners, and collaborators adjust to the post-third-party cookies era.
To discuss your challenges and how we can help, book a call with one of our experts:
{{talk-to-an-expert}}
Frequently Asked Questions (FAQ)
Without cookies, do I still need a CMP?
Yes. While third-party cookies are scheduled to be phased out of Google Chrome in 2024, there will still be a use case for cookies online, including first-party cookies.
Additionally, Consent Management Platforms (CMP) like Didomi’s include features that are essential in navigating a world without third-party cookies, such as cross-device.
What are the alternatives to third-party cookies?
Alternatives to third-party cookies include Privacy-Enhancing Technologies (PETs), data clean rooms, server-side tracking, unique and cross-site identifiers, and leveraging first-party data.
Most of these alternatives focus on user privacy and consent, offering new digital tracking and advertising methods while complying with privacy regulations.
Why is Chrome deprecating third-party cookies?
Google's decision to phase out third-party cookies in Chrome is part of a broader, privacy-focused trend in response to growing concerns about data privacy violations. It follows initiatives by browsers like Safari and Firefox and is in line with rising regulatory pressures and consumer demand for greater privacy protection.
This move reflects a shift towards more privacy-conscious web browsing.
What is the Privacy sandbox?
The Privacy Sandbox is a Google initiative that aims to create technologies that protect people's privacy online and give companies and developers tools to build thriving digital businesses. Learn more on the Privacy Sandbox website.
How can organizations prepare for the end of third-party cookies?
Organizations should start by auditing their current use of third-party cookies and exploring alternative solutions such as contextual advertising, PETs, and server-side tracking.
Adapting your consent management practices, focusing on collecting first-party data, and working with reliable partners will also be essential in the transition away from reliance on third-party cookies.