The Death of third-party cookies

Written by Benjamin Holmes

In the months before the dramatic lockdowns and global economic collapse caused by Covid-19, one of the biggest issues facing the digital marketing industry was the announcement that by the end of 2021, Google Chrome would be phasing out third-party cookies.  Whilst Apple and Firefox have already done this for their respective browsers, the announcement that Chrome will soon follow will have a much greater impact due to it being by far the most used internet browser. In late 2019 it was reported that Chrome accounts for more than 56% of the web browser market!

Last week, I attended an online discussion presented by Pimento, an agency network that we’re proud members of. The discussion was with Mark Howe, who is currently the EMEA Managing Director of Agencies at Google, and one of the main talking points was the end of third-party cookies.

To understand why this is so important, it is crucial to understand what an internet ‘cookie’ even is, and what it is used for.

What is a “cookie”?

To retrace the history of the internet cookie we must go back to a much more technologically naïve time of 1994. The term ‘magic cookies’ already existed in computer programming which was described as a token or short packet of data passed between communicating programs. So basically, when a piece of data is transferred from one program to another there would be a receipt left of the data processed.

Louis J. Montulli was a computer programmer who was known for creating one of the first internet browsers, Lynx, which is the oldest web browser still currently maintained. Montulli had originally created the ‘magic cookie’ and decided to implement a similar concept when building an early form of an e-commerce store. The first web cookie simply provided a solution to the problem of creating a virtual shopping cart for a customer. Two years later, in 1996, the notion of cookies was brought into the public domain through an article published by the Financial Times. Even then, this led to questions about the potential privacy issues surrounding the use of cookies.

What are third-party cookies?

Now that we know a little more about these cutely names data packets, it is important to understand the difference between first-party cookies and third-party cookies. First party cookies come directly from the site you are visiting as a user and the data they might collect depends on what the website itself does. An example is; if you had previously set up an account with a website and then went back to that website, your username is already stored on that website. On the other hand, a third-party cookie could be linked to something like an on-screen, pop-up advert that is from a separate organisation to the website you found it. Here lies the real issue; as just by clicking on something as minor as an annoying pop-up, extremely personal data can be processed to places you have no interest for it to go, and has the potential to be used maliciously. Mark Howe amusingly described this as like having “a pair of slippers following you across the internet for the next five years.” So why has the internet been able to work this way for so long if there were objections to third-party cookies as early as 1996?

The issues with third-party cookies

From the home computer I sit at now, able to achieve virtually all web development related tasks against a backdrop of the pandemic, it does seem insane to think that the people creating the internet 25 years ago were unaware to imagine the huge impact their creation would have. I believe that many of them knew it would change certain things and provide a great deal of opportunity, but I do not think they could have fully processed how much the internet and data would affect our daily lives.

In my opinion, this is a huge factor in why third-party cookies have been able to exist for as long as they have. Mark Howe explains that “cookies were invented over 20 years ago and were then a plug to fill a hole.” By the year 2000, and with the introduction of technology like broadband, it is obvious that the internet was going to quickly change everything. One of the best and easiest ways for businesses to market their products and receive more page hits was through capitalising on third-party cookies. As a result, much of the digital marketing world as we know it has been built upon this technology. This is the exact reason there is a crisis for so many businesses that have relied on this technology.

How has GDPR affected privacy

The landmark legislation that set the ball rolling for ending third-party cookies is the EU’s General Data Protection Regulation (aka GDPR). This was a blanket legislation that was created ultimately to protect the data of internet users, and to give the user authority over who has access to their data. It was after the implementation in 2018 that as an internet user you would have noticed the opt-in or opt-out policies on websites regarding cookies. Without going into the fine print of what is complex legislation, it meant that companies not abiding by these principles could find themselves heavily prosecuted. The EU’s GDPR became the basis for other nations’ legislation too, and now with the United Kingdom officially having left the EU there is a revised version of it that implements many of the same principles. Mark Howe explains that “to comply with the future of privacy across Europe and the world, cookies will no longer be allowed. They won’t be valuable”.

What happens if third party cookies are scrapped?

So, if this ‘plug to fill a hole’ goes away, then how will business be able to maintain their income if they have relied heavily on third-party data? What alternatives can an industry-leading company like Google offer? Howe expresses a “need for a privacy first alternative. And we need to work together as an industry. (…) We need to be future-proofing and need to do this by experimenting and learning.”

Howe goes on to talk about Google’s own ‘Privacy sandbox’, where Google can work with other companies of all sizes in an open-sourced manner, and together they can build these tools that will enable a smooth transition an internet free from third-party cookies.

Howe then went on to speak about Google’s own tools that many people use every day. Google Trends and Analytics for example both are fantastic ways to understand your customers’ interactions with your website, and how you can improve upon them. Howe believes that “crowdsourced information by using AI and aggregate data can as nearer damn job as cookies do.”

Whilst these tools are fantastic and certainly a much better alternative to third-party cookies, it struck me as being problematic as well. Google is and always has been completely about data, and since its inception it has been assembling the whole world’s data. Companies that rely on the data they previously got through their own cookies will need to get it through a data-rich company like Google. This notion was backed up in the discussion set up by Ad Age called ‘The Future of Digital Marketing in a Cookie-less world’. The vice president for Ad Data at Verizon Media, Varun Bhagwan says

“cookies loss is going to be a net negative for the industry. But for us as Verizon Media we expect to be stronger as opposed to the independent ad-tech providers. We have our publisher data that is super tightly integrated without ad-tech platform and we all operate (..) with the same first party cookie. And that allows us to preserve all our audience targeting capabilities at scale across the ecosystem.”

Verizon Media is a giant communications corporation that nowadays owns the likes of Yahoo. Therefore, similarly to Google, they have collected huge amounts of internet data over the past few decades and absolutely have the infrastructure to plan and build their long-term business plans without the use of third-party cookies.

Whilst I believe third-party cookies should have been phased out a while ago, I think it is hard to not see how the big-tech companies will use it to further bolster their control and share of the internet market. The fact that GDPR took as long as it did to come into place displays the huge lack of understanding of how the internet and the companies with the biggest stake in it work. It reminds me of how, in 2018, Mark Zuckerberg was asked in the Senate “How do you sustain a business model in which users don’t pay for your service?”, to which he replied: “Senator, we run ads”.

During the 14 years before Zuckerberg’s appearance in the Senate, Facebook had become so influential it had shaped results of political elections, so I think this senator’s ignorance is emblematic of a wider issue. How can governments govern something they do not understand, especially when the big-tech companies know that this is to their advantage? In fact, it brings into question: “who really governs the internet?” I think it becomes clear that it is the big-tech companies governing themselves, and they are mostly interested in their own growth and share of the market. They are not especially interested in making sure an issue like identity privacy is paramount to their service, until an external force tells them to do so. Within the last five years, it has been established that data is more valuable than oil, and as the big-tech companies continue to buy out businesses, their hold on data becomes stronger than ever. As much as I do not lament the death of third-party cookies, I do lament big-tech opportunism in continuing to build the industry and narrative around them, without taking responsibility for the failures their fingerprints are all over.