How to Prepare for a
Cookieless World
Contents
Introduction
A review of the current landscape and impact of a cookieless world
What is a cookie?
An overview of the history of cookies and the types currently used
How did we get here?
An overview of the privacy legislation and technological updates leading to this point
What is the impact on digital marketing?
A breakdown of key areas affected by third-party cookie deprecation
8 steps to thrive in a cookieless world
Practical tips for marketers and companies to prepare for the future
Conclusion
Summary of findings and outlook for the future
Introduction
When Google Chrome join Safari and Firefox in blocking third-party cookies in 2023, it will mark the crescendo of a consumer dynamic that has been in play for over a decade. Consumers are more concerned than ever about the capture of their personal data – and more aware than ever of its value – and these concerns and expectations have been reflected in evolving privacy legislation and technological updates that place current marketing methods under threat.
According to an Epsilon study 80% of advertisers rely on third-party cookies, but crucially only 46% felt “very prepared for the change.” Marketers will face a period of unprecedented uncertainty, and to deliver targeted, relevant, and measurable campaigns – and the personalized experiences
By 2023, Chrome, Safari, and Firefox will no longer support third-party cookies
How to Prepare for a Cookieless World | 3
customers now expect – they will need to reevaluate their entire marketing infrastructure
In the short term, the disruption will indeed be profound, as existing ways of identifying and targeting prospects will no longer be possible for many. Nor will the measurement and attribution of campaigns. Legal compliance processes, ways of working, platform use and entire marketing strategies are under threat.
In the short term, the disruption will indeed be profound, as existing ways of identifying and targeting prospects will no longer be possible for many. Nor will the measurement and attribution of campaigns. Legal compliance processes, ways of working, platform use and entire marketing strategies are under threat.
In this whitepaper we’ll review the privacy landscape and how we got to this point, discuss the impact of existing and imminent changes on digital marketing, and look in detail at how digital marketers can thrive in a cookieless world. Before we do that, though, we’ll review the technology at the center of the latest changes – the cookie.
How to Prepare for a Cookieless World| 4
What is a cookie?
Cookies are small text files stored on your browser or device when you visit a website or app, and they are used in many ways to track, customize, and personalize online experiences. A cookie can, for example, remember when you set your location on a weather website, store your login details so you
don’t have to submit information again, or remember what items you left in your shopping cart. There are many different types of cookies, and classification is often difficult as some don’t fit neatly into a category or indeed qualify for multiple.
We’ll break down the most commonly used categories below after a brief look at the history of cookies.
The history of cookies
The term “cookie” was coined by Netscape engineer Lou Montulli in 1994, and was derived from “magic cookie” – a packet of data passed between communicating programs. It’s often said that “magic cookie” itself was derived from the term
fortune cookie, which is a cookie with an embedded
message. They were originally invented to provide
memory for some of the basic online experiences
we take for granted today, such as shopping carts,
personalized content, and the retention of login
credentials.
Montulli himself described the interaction of cookies with embedded references to other websites – i.e. third-party cookies – as an “unforeseen problem” that he missed during his design phase. When advertising companies started using the technology to track user activity across multiple websites to serve ads, the initial use was to ensure consumers didn’t see the same ads multiple times and to track overall impressions. This quickly evolved into the personalized ads based on browsing activity that we are familiar with today, and by 1996 it was already problematic.
Writing in his own blog Montulli reflects that whilst “tracking across websites was certainly not what cookies were designed to do,” and that in fact they were “designed with the opposite intention,” he was unable to reach the decision to disable third-party
How to Prepare for a Cookieless World | 5
cookies entirely “since advertising was paying for most of the web and disabling third-party cookies would also disable many legitimate uses for cookies on embedded resources.” As of 2013 he still believed it was the right decision, citing presciently that “governments have an ability to regulate the collection of data by large visible companies” and that the public has a responsibility to pressure legislators and the companies that track user behavior to enact privacy legislation and evolve technology respectively. In the 9 years since, both of these dynamics have played out – something we’ll cover in more detail later.
First-party cookies
First-party cookies are set by the domain you are visiting and are used to improve your experience on that website. They can remember preferences and enable personalization to match them. First-party cookies – like first-party data itself – are safe from impending changes and generally viewed as necessary and useful to improve user experience. When you return to a site like Amazon and are still logged in with your shopping cart up-to-date, this is due to first-party cookies saving your previous behavior to your browser under the amazon.com domain.
Third-party cookies
Third-party cookies have long been under scrutiny due to a lack of transparency around data capture and use, and many see them as an infringement of user privacy. The European Union (EU) passed a law in 2011 that required users to be informed of the cookies present on a website, which explains the banners that are now commonplace when you first visit a website.
Session cookies
Session cookies store information only as long as you interact with a website or app and expire when you leave a website or close a browser. They are
How to Prepare for a Cookieless World | 6
Functionality cookies
Functionality cookies can be first or third-party, session or persistent. They allow websites to recall preferences and behavior including usernames, language, and text size to improve the user experience and are used for web services and the ability for users to comment on video or blog posts. These cookies are anonymous and don’t store personally identifiable information (PII), and they can be used with implied consent providing a website informs users what action constitutes that consent. When you visit a website and select a regional or language-specific version, the reason you see that same version upon your next visit is due to a functionality cookie.
Performance cookies
Performance cookies are typically first-party session or persistent cookies, but third-party performance cookies can be placed on devices to gather analytics on advert placement. Performance cookies collect information about how visitors use a website, which pages they viewed, and if they get error messages whilst browsing. They don’t collect PII and are most commonly used to improve website experience and track the effectiveness of advertising.
Tracking cookies
Tracking cookies also collect user data such as website browsing activity, location, and purchase information. They are shared by more than one website or service and are typically used for marketing and advertising. Given they contain user activity, behavior, and actions across multiple sites, they are often seen as a means to exploit user behavior and infringe on privacy rights. Tracking cookies are subject to a variety of regional regulations: under the General Data Protection Regulation (GDPR) users must give consent before they are applied, and the California Consumer Privacy Act (CCPA) mandates that users must be transparently informed of what data is collected and how it is processed.
How to Prepare for a Cookieless World | 7
How did we get here?
Consumer demand for privacy is nothing new, though users are now more aware than ever of the value of their personal data and the technologies in place to capture it. 91% of respondents to an iProspect survey of more than 25,000 consumers in 16 countries were concerned about the amount of data companies can collect about them, and 72% of those with concerns have stopped using a
product or service because of those concerns. This reflects a landscape in which consumer pressure has forced the hand of legislators and technology companies to keep pace, and we’ll take a look at how this has evolved below.
Legislation
Whilst almost all will be familiar with GDPR and CCPA, privacy legislation existed before these landmark regulations and continues to evolve at pace. According to the United Nations Conference on Trade and Development (UNCTAD), 71% of countries worldwide now have data protection and
91% of consumers are
concerned about the
the amount of data
companies companies
can collect about them
How to Prepare for a Cookieless World | 9
Eprivacy Directive
The Eprivacy Directive was originally adopted in 2002 to safeguard the privacy of electronic communications in the EU. In 2009 it was amended – an amendment often referred to as the EU Cookie Directive – to reinforce protection for users online with a focus on the use on cookies. It stated that the
storage of user information is “only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information” about how data will be stored and processed. This meant that beyond the strictly necessary cookies described earlier, cookies could no longer be deployed without user consent.
General Data Protection Regulation (GDPR)
In 2018 the EU went a step further, implementing legislation that increased regulation over how companies could store and use personal information. GDPR covers far more than cookies and is viewed as the strictest data protection legislation in the world, covering key principles including data minimization, storage limitation,
purpose limitation, and accountability. Cookies are only referenced a single time in the legislation, in Recital 30 where they are called out as a way of “natural persons” being associated “with online identifiers provided by their devices” to
“create profiles of the natural persons and identify them.” It’s a crucial reference, though, as it qualifies cookies as a means of identifying users that makes them subject to GDPR rules and regulations.
California Consumer Privacy Act (CCPA)
Implemented in 2020, the CCPA legislation introduced many regulations regarding the processing of personal data associated to individuals. This granted California residents the
right to know more about the personal information a business collects, how it is used and shared, as well as the right to opt-out and request the deletion of their data.
Whilst the CCPA does not currently require businesses collect specific consent regarding use of cookies, there are implications for how their use may infringe on the rights listed above. Crucially, as with GDPR, data collected by cookies does count as personal information. Companies therefore must disclose what information is being captured by cookies, and how it is being processed and used.
How to Prepare for a Cookieless World | 10
Countries with privacy legislation
Source: UNCTAD
How to Prepare for a Cookieless World | 10
Technology
Technology has evolved at a faster pace than legislation to keep up with consumer demand, with companies like Apple using it as a key marketing strategy to differentiate from competitors. Whether a cynical ploy to generate business or a
genuine attempt to safeguard the privacy of their users, the market leaders of browsers and devices have been releasing new features for more than a decade. The pace and evolution of these features has accelerated since 2017, and we’ll review the key developments below.
Apple’s Intelligent Tracking Prevention (ITP)
In 2017, Apple released their privacy feature ITP to limit the tracking of third-party cookies to 30 days in their Safari browser. Ever since subsequent releases have clamped down further on cookie usage: ITP 2.1 limited the lifespan of certain firstparty cookies to 7 days, ITP 2.2 reduced this further to a single day and ITP 2.3 targeted the inevitable workaround from companies who used link decoration – the practice of adding identifiers to a URL for tracking purposes across domains.
Source: Apple Safari Privacy Overview
How to Prepare for a Cookieless World | 11
Mozilla’s Enhanced Tracking Prevention (ETP)
Whilst Mozilla have implemented many privacy features that predate ETP, the release of ETP in 2018 was the most comprehensive. Released to, in their own words, tackle the “negative effects of unchecked tracking” such as “eerily-specific targeted advertising,” “loss of performance” and “deceptive practices that invisibly collect identifiable user information,” ETP removed crosssite tracking by blocking third-party cookies and storage access from third-party tracking content. By 2019 ETP was a default for new users and Mozilla has continued to add new features since.
Apple’s AppTracking Transparency (ATT)
In 2020 Apple announced the ATT framework that mandated an app must ask permission if it “collects data about end users and shares it with other companies for purposes of tracking across apps and web sites.” With the release of iOS 14.5 in 2021, it was rolled out and users started to see the now familiar pop-up giving them the chance to decline tracking. If a user selects “Ask App not to Track,” the app is unable to use Apple’s Identifier for Advertisers (IDFA) to target and measure
How to Prepare for a Cookieless World | 11
advertising on a user level, or share data about user activity with data brokers or third parties. The response was emphatic – a survey by Flurry Analytics suggested that 96% of users in the first month rejected tracking.
How to Prepare for a Cookieless World | 14
Apple’s Mail Privacy Protection (MPP)
In 2021 Apple took tracking restrictions to email with MPP, a measure that “hides your IP address, so senders can’t link it to your other online activity or determine your location” and “prevents senders from seeing if and when you’ve opened their email.” Ultimately, this meant that the tracking pixels commonly used to determine email opens was rendered ineffective as content was privately loaded in a remote location, giving an inaccurate and inflated reflection of those who chose to open emails in their inbox. This had, and continues to have, huge implications for marketers who use
opens to trigger automated nurtures, reengagement campaigns, send-time optimization and A/B testing.
Google’s Privacy Sandbox Topics API
Google’s commitment to blocking third-party cookies has fallen behind their competitors, but they have committed to phasing out support by the end of 2023. The Federate Learning of Cohorts (FLoC) was their original proposal to allow advertisers to show targeted ads without tracking individuals, and instead place them in groups (or cohorts) of people with similar behavior and website activity. The proposal was met with almost
How to Prepare for a Cookieless World | 15
As a result, Google abandoned FLoC and recently announced a new Topics API proposal, which they describe as an “initiative to improve web privacy for users, while also giving publishers, creators and other developers the tools they need to build thriving businesses, ensuring a safe and healthy web for all.” The concept is similar, as Chrome determines which topics you are interested in based on your browsing behavior within the last week, but this time does not place you into a cohort. The Topics API will share 3 topics of interest with participating sites and advertisers, whereas FLoC would have shared a cohort ID more open to manipulation. Google has not committed to a rollout date for the Topics API, but with the removal of third-party cookies from Chrome inevitable and imminent, whatever solution is implemented in their
place will have a huge impact on marketers.
The above represents an overview of measures taken by the market leaders with regards to privacy, but by no means provides an exhaustive list – Microsoft have introduced their own measure in their Edge browser, for example. The landscape continues to change underneath the feet of digital
marketers, who must start to prepare now for the impact. In the next section we’ll review exactly what will be impacted in digital marketing by the changes already in place and those that lie ahead.
How to Prepare for a Cookieless World | 16
What is the impact on digital marketing?
As we have already established, third-party cookies have historically been the lynchpin of digital marketing, powering behavioral advertising, frequency capping, measurement, and attribution for decades. As recently as 2020 IAB reported a $12.3B spend on third-party audience data, reflecting a marketing dependence on third-party solutions that remain today. As a result, there can be no doubt that the death of third-party cookies will lead to a monumental shift in the way marketers execute campaigns. But according to an
Econsultancy survey only 36% of marketers stated they had a good understanding of the impact of third-party cookie deprecation. Below we’ll look at some of the key areas impacted by the change.
Reach
The first impact is the most obvious. Without the ability to tap into third-party audiences the reach of digital marketing campaigns will be greatly reduced. Marketers must embrace quality over quantity and focus on capturing meaningful first party data, and explore second-party partnerships with trustworthy providers to fill the gaps and expand their reach.
36% of marketers have a good understanding of the impact of third-party cookie deprecation
How to Prepare for a Cookieless World | 17
Segmentation
Behavioral data captured by third-party cookies and used to target audiences will no longer be available, and marketers will need to look to firstparty data for the data points they require to create relevant and personalized ads. With various
browsers purging cookies after a set period of time, marketers will also have less complete and less accurate data to work with when segmenting audiences. A returning user who revisits a website page they are particularly interested in after a cookie expiration, for example, will be counted as a new user. This will create duplicates and eradicates the insight a marketer may have gleaned from the repeat visits as an indicator of interest.
Customer journey mapping
For similar reasons to segmentation, customer journey mapping will become difficult if conducted in a similar manner to before the deprecation of third-party cookies and the time periods set on first-party cookies. An example here would be to look at the behavior of a particular user mapped to a typical buying journey. The same user may, for example, visit a blog or interact with social content to indicate they are in the awareness phase. As they advance down the funnel, they may start to interact with product, benefit, and feature pages as part of
consideration and then pricing or case study pages as they reach a decision phase. If the cookies used to track this behavior expire after a certain period of time, marketers will no longer be able to tie this information together to create a holistic picture of their prospect and target them with relevant
content.
Attribution
Many attribution models will be significantly impacted if not invalidated by the death of thirdparty cookies. It will become impossible to identify, target and measure users in the same way without the consistent IDs provided by third-party cookies
across websites. Most display and programmatic conversion data will no longer be available, and marketers will need to spend time evaluating the longevity of their current key performance indicators (KPIs) – replacing them where necessary and experimenting with benchmarks. Marketers will also need to shift to a zero and first-party strategy
to ensure that they can accurately communicate with customers and measure the success of their campaigns.
How to Prepare for a Cookieless World | 18
Frequency capping
With the demise of third-party cookies crossplatform frequency capping will no longer be possible in the same way, leading to less visibility into impressions and the overserving of adverts for marketers who leverage multiple platforms in
advertising. This will also lead to wasted ad spend and increase the likelihood of prospects being disengaged by the bombardment of repeat adverts. Marketers must carefully consider whether to continue using multiple platforms and investigate other frequency measurement solutions
Personalization
The demise of third-party cookies will drastically reduce the opportunity for marketers to personalize advertisements. Any data point captured by thirdparty cookies to power personalization or dynamic content will no longer be available. Marketers will need to respond by prioritizing first-party data,
leveraging contextual advertising and experimenting with artificial intelligence (AI)-based technologies to continue offering personalized experiences.
Remarketing
An analysis conducted by iProspect outlined the impact of third-party cookie deprecation on remarketing across multiple channels and predicted a considerable impact on paid search, display and programmatic, and social media. They found:
It’s clear that impact will be widespread and
considerable, but marketers can prepare now to
mitigate the impact. In the next section we’ll offer 8
practical suggestions to start.
How to Prepare for a Cookieless World | 19
8 steps to thrive in a cookieless world
1
Understand the impact
First and foremost, companies must understand the impact outlined above on their marketing technology, data, and campaigns. Conducting a complete audit of your reliance on third-party cookies is paramount, as well as identifying which of the systems and platforms within your stack
generate or use a particular type of data.
2
Seek transparent and upfront consent
According to a Deloitte survey, 80% of consumers are more likely to purchase from companies they believe protect their personal information. In addition, 79% of these buyers would be willing to share their data if brands made the benefits clear. By explaining exactly why they have asked for data, and how they plan to use it, brands can foster a relationship with consumers that increases the likelihood of engagement. IKEA’s Data Promise is a great example of this. They map the benefits to their customers of providing each piece of first-party data. This should continue after you have acquired the data, for example with emails containing “you received this email because you signed up for our newsletter” or a line explaining that “these products appear here because you marked them as favorites.” Transparency earns trust, and trust increases the likelihood of further engagement.
How to Prepare for a Cookieless World | 20
3
Leverage zero and first-party data
Acquiring zero and first-party data will be the foundation upon which successful digital marketing is conducted in the future. Rather than covertly capturing or inferring consumer information and preferences, companies will need to ask for them by presenting a mutually beneficial value exchange. If the value is sufficient and the request is transparent, customers will provide valuable insight. This goes beyond a resource for an email address – an eCommerce website can, for example, ask visitors which types of products they are interested in with the explicit intention of
making sure they see more of these products on the homepage next time they visit. This is a mutually beneficial exchange of information. Companies learn what products to present, and visitors save time navigating around the website to find them.
First-party data is also more accurate and reliable, as it has been sourced directly from a customer. As a result, any targeting, measurement, and attribution will be more reliable than a third-party alternative. Companies that leverage first-party data effectively will be the most likely to flourish in a cookieless world.
How to Prepare for a Cookieless World | 21
4
Centralize your data
With evolving privacy legislation and an ever-increasing number of digital touch points, it is becoming gradually more difficult to manage preferences and create a single view of your customers, even if you exclusively collect and use first-party data. Using a customer data platform
(CDP) to collect, unify and activate your data can be a powerful tool in your technology stack, as the comprehensive customer profiles they create facilitate opportunities for hyper-targeted messaging and real-time personalization.
5
Focus on creating engaging experiences
Intrinsically linked to the collection of first-party data is an increased emphasis on the experiences that make it possible. Marketers providing interactive and free experiences such as quizzes, interactive infographics, calculators, and tools are more likely to receive powerful insights. These pieces of content not only incentivize the exchange of demographic data but also provide valuable insight into preferences and interests that can power targeted, relevant, and personalized communications.
How to Prepare for a Cookieless World | 22
6
Use contextual targeting
Contextual targeting will likely experience a resurgence with the deprecation of third-party cookies used for behavioral targeting. Contextual advertising works by matching the content of a website page with the content of an advertisement, and crucially does this without using any data related to a user. The technology behind this matching has evolved significantly, from basic matching based on keywords and metadata to AI, machine learning (ML) and natural language processing (NLP) algorithms which can filter out competitors, target specific locations and dynamically adapt for formats. Marketers who aren’t already using contextual advertising should start testing now to get ahead in a world where behavioral targeting based on third-party cookie behavior becomes extinct.
7
Consider cookieless channels
Email marketing has long been written off as a modern digital marketing channel, but it continues to provide amongst the highest return on investment (ROI). According to Litmus it drives an ROI of $36 for every dollar spent, a figure higher than any other channel. Whilst privacy measures like Apple’s MPP might cause issues with certain metrics, providing marketers acquire transparent consent email marketing can still be a powerful driver of revenue. Investing time now to build lists of subscribed users and personalizing the content based on their interests is a viable strategy to yield
significant results.
Equally, organic traffic, search engine optimization (SEO) and social media are owned channels that don’t rely entirely on third-party cookies. Investing heavily in these to generate compelling content that drives engagement will be crucial for marketers moving forward.
How to Prepare for a Cookieless World | 23
8
Explore second-party data partnerships
Conclusion
The death of third-party cookies was inevitable. As the inventor of cookies himself pointed out, they were never intended to be used to covertly track and target consumers. They served a purpose for marketers and fueled a multi-billion-dollar online advertising industry for decades, but consumer demand for privacy and legislation was always likely to catch up with them. In many ways it is a surprise it has taken this long, given concerns over their use
date back to 1996. Whilst their deprecation will indeed cause the “profound and abrupt shift” that constitutes a “reckoning for the advertising industry,” marketers can embrace the change and thrive in a cookieless world by embracing first-party data and creating meaningful experiences for their customers.
How to Prepare for a Cookieless World | 24
A full-funnel marketing solution
powered by trusted first-party data
Qualifi’s data activation platform is powered by industry-specific and privacy-compliant first-party data collected from real people at the world’s leading events. We provide access to uniquely qualified audiences safe from impending third-party cookie changes, and work with our customers to discover, reach, and engage the most valuable buyers in their industry wherever they are online. Get in touch today for a customized demo where we’ll showcase the value of our unique data, technology, and expertise.
qualifi@informa.com
Sources
1.Mckinsey, ‘The demise of third-party cookies and identifiers’ – link
2.Epsilon, ‘What a world without third-party cookies means for digital advertising’ – link
3.Lou Montulli, ‘Why blocking 3rd party cookies could be a bad thing’ – link
4.Lou Montulli, ‘Why blocking 3rd party cookies could be a bad thing’ – link
5.Lou Montulli, ‘Why blocking 3rd party cookies could be a bad thing’ – link
6.iProspect, ‘In Brands We Trust’ – link
7.UNCTAD, ‘Data Protection and Privacy Legislation Worldwide’ – link
8.Directive 2002/58/EC of the European Parliament – link
9.Regulation of the European Parliament – link
10.Mozilla, ‘Changing Our Approach to Anti-tracking’ – link
11.Apple, ‘AppTracking Transparency’ – link
12.Flurry Analytics, ‘iOS 14.5 Opt-in Rate – Daily Updates Since Launch’ – link
13.Apple, ‘iPhone User Guide’ – link
14.EFF, ‘Google’s FLoC Is a Terrible Idea’ – link
15.DuckDuckGo, ‘Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome’ – link
16.Google, ‘The path forward with the Privacy Sandbox’ – link
17.IAB, ‘IAB Issues Industry-Wide Wake-Up Call’ – link
18.Econsultancy, ‘How well-prepared are marketers for the impact of the third-party cookie crackdown’ – link
19.iProspect, ‘Happy 25th Birthday, Cookies’ – link
20.iProspect, ‘Happy 25th Birthday, Cookies’ – link
21.iProspect, ‘Happy 25th Birthday, Cookies’ – link
22.Deloitte, ‘Building consumer trust’ – link
23.IKEA, ‘The new IKEA Data Promise gives privacy and transparency to customers’ – link
24.Litmus, ‘The ROI of Email Marketing’ – link
25.Deloitte, ‘How the cookie crumbled: Marketing in a cookie-less world’ – link
26.EY, ‘How marketers can be ready for a cookie-less world’ – link
www.qualifi.com
Copyright © 2023 Ekalavyahansaj.
