Filter By

Show All

Connect to


Customer Data Council: The End of Third-Party Cookies


This article is written by the Thought Leadership and Best Practice hub of the Customer Data Council.

3rd party cookies have been pivotal to the industry. They have enabled targeting and technology to go hand in hand - making the process of reaching the right customers at scale a much simpler process.

You will have noticed over recent months that Google’s decision to phase out 3rd party cookies has been well documented. With some browsers already blocking these types of cookies and the whole industry set for change in 2022, now is the right time to be focussing on what’s next.

3rd party cookies: are created by domains that are not the website (or domain) that you are visiting. These are usually used for online advertising purposes and placed on a website through a script or tag.

In this article we help CMOs and content marketers answer some important questions, rebuke some myths, and understand the regulatory impact these changes may have.

  • How will my brand be affected?
  • What changes do I need to consider?
  • Will I lose analytics?
  • What about ‘consent’?
  1. How will this affect my brand’s digital advertising strategy and plans?

For Programmatic Advertising there will probably be further changes moving forward, especially around the legislative frameworks and the ecosystem that supports this.

Recent scrutiny by the ICO has highlighted the need for transparency around the use of customer data and further directives are likely. This will then reduce the ability for brands to accurately target users beyond their owned properties and at scale.

However, not all aspects of digital advertising are dependent upon 3rd party cookies. For example:

  • They do not exist on connected TV or mobile apps so these won’t be affected.
  • 1st party cookies (cookies on your owned properties - web, social channels, email) and 2nd party cookies (cookies your brand has permissioned to share with individual “trusted partners” or affiliate brands) will not be affected by this change.
  • Further developments are also taking place with respect to decentralised technology. This enables the first party's data to remain within a business’s control inside their own standalone cloud instance. This anonymised form of data (some refer to as “federated first-party data”) can then be used without ever moving, sharing, or exposing the personal data and is gaining momentum amongst larger publishers and media owners.
  1. What will the impact be on publisher activity?
  • Publishers’ first party data is likely to grow in value and accessibility. Where publishers utilise their own 1st party cookies, or alternative identifiers (e.g. email addresses from logins), it will continue to be possible for your brand to purchase inventory based on publishers’ audiences. Publishers with logins that span multiple devices will hold a particular advantage, as they present one of the rare options to carry out people-based targeting cross-device.
  • As ever, your brand or agency is responsible for ensuring you have done your due diligence and are satisfied with the risk standard of the privacy and data management processes of the publishers you work with. We can expect to see a rise in technology enablers that link CRM with Media, and publishers together with alliances, driven by the sustained consumer expectation for their user journey to be seamless.
  • We can also expect to see a rise in contextual based targeting through publisher activity, so prepare by building up an understanding of the content your audience reads, as well as the sites
  1. Will I have to stop my retargeting activity?

Retargeting? Yes. Kind of. Unless you want to rely on Microsoft Edge. Advertising online? No. But there are opportunities within this.

  • First thing to do? Look at your existing attribution performance and understand exactly where the value was being driven using 3rd party cookies vs other elements of the marketing mix. You can retain that knowledge, even if you no longer have the data.

  • Next, make sure your 1st party cookies are appropriately opted in and tagged across your site. Study the customer journey to make sure when customers get to your site they have the best experience possible to keep them coming back, iron out niggles, nudge them to their destination. It’s expected that very few people will block 1st party cookies as they’re necessary in order for you to be recognised as an individual, so these are your strongest asset.

  • Then analyse that data explicitly for advertising learnings.
    • Can you see customer intent from multi-channel engagement?
    • Can you infer from their site interaction what mission they are on?
    • Might that give you clues to advertise contextually?
    • Use econometric modelling to help link it to other disconnected sources to see if there are any other clues you can garner.

  1. What will the effect be on my web analytics?

Web analytics will see a decrease in accuracy, but not to the same extent as inventory-buying advertising, such as programmatic advertising. Web analytics is already limited by GDPR-led guides that cookies cannot be dropped until a user actively consents to having their data collected (see Q2). This in itself means that site metrics, such as bounce rate, reduce in volume. So there needs to be a focus on understanding how to leverage your existing web analytics data to get the most insights. Some great opportunities are building up an appreciation of data modelling and machine learning.

As 3rd party cookies deteriorate, the scale of data collected through web analytics is likely to decrease, but the insights may stay more stable. Google have released a new version of Google Analytics, GA4, that moves away from relying on cookie data, so consider building up an understanding of how your current web analytics tool utilises cookie data to assess site events, and whether your brand needs to explore web analytics tools that use new data models.

  1. Do I need to review my cookie permissions and consent?

The demise of 3rd party cookies is no reason for not paying attention to your 1st party cookie notices. You should continually review your cookie permissions and the way that you are collecting user consent for two key reasons:

  1. To ensure that you are complying and continue to comply with the relevant regulation (specifically the GDPR and PECR) when you are setting cookies. To satisfy transparency requirements and to ensure that users are happy to provide their permission, you need to ensure that you are clearly explaining what the cookies do and the context in which they are used, alerting the user if your website shares data with third parties.
    You must also ensure that you are getting the user’s consent to set cookies to ensure that you have a lawful basis under the GDPR to process the cookies. This consent must be collected in line with the GDPR requirements for valid consent – that users have provided their freely given, informed, explicit and unambiguous consent to which cookies on your website they will allow to be activated and collect their personal data.

2. To ensure that you are continually testing and optimising the way you present the information about the cookies that you collect to ensure the highest consent rates for the setting of 1st party cookies, whilst at all times remaining transparent to the user.
Think particularly about your cookie banner design and how you make it interesting – and informative – for your users so that they read it and understand what they are consenting to. A well explained cookie notice which tells users clearly and simply how you will use the cookies generates user trust. You should also consider where you place the cookie banner on your site, experimenting with different placements and measuring opt in rates under various test to identify optimal site performance.

  1. Do I need to stop connecting my own channels together?
  • Short answer – no!
  • Long answer – your connection of channels is done via your own 1st party cookies, data that falls outside of this change in cookie fortune. As long as your existing 1st party cookies policies are appropriately written there’s no reason to change them for this purpose. But maybe use this as a prompt to have another look to make sure they are.

Final note to end on: here are a list of things to watch out for that we can expect to hear/see change in 2021

  • ePrivacy changes to PECR.
  • The ICO's Direct Marketing Code of Practice.
  • And finally, embrace the return of contextual targeting – learn as much as you can from site interaction in order to give you enough clues about your customers & prospects to know where else they might be, and go back to good old search and manual targeting. Google are introducing FloCs, the privacy legality of which still remains in question, but as contextual targeting goes, it’s a start point.

Further Reading

A guide to Cookies and Compliance – examples of best practice, more detail on how cookies are used and alternative solutions to cookies.

The Seven Step Ad Tech Guide – more detail on cookies and programmatic advertising.

Guidance on Auditing Third-Party Cookies - steps to take to understand what cookies you currently use.

Webinar: The End of Third-Party Cookies - What's Next? - A webinar reviewing the timeline for third-party cookies, the current privacy landscape and the ecosystem that is driving the changes.

Glossary of Terms for Cookies and Adtech.

Hear more from the DMA