SOMO

The End of Third-Party Cookies: Should You Be Concerned?

Tracking has become an increasingly greater challenge for us marketers due to constant changes in platforms and the enforcement of stricter privacy rules. Recently, there has been a lot of talk about the end of cookies, but we’ve noticed that there’s a lot of confusion on the subject, and not all brands understand the impact this will have on their digital marketing strategy. This post attempts to shed some light on the matter. But before that, let’s understand what cookies are and what they’re used for.

What are cookies?

Cookies are small text files stored by the user’s browser when visiting a website.

Cookies can be used for:

  • storing login information;
  • storing preferences like language and font size;
  • keeping track of products added to the cart;
  • identifying users with a unique ID;
  • tracking the pages they visited.

Cookies can be either temporary (expiring after a short period or at the end of the session) or persistent (stored on the device indefinitely, or until the browser data is deleted).

But why are they called cookies?

Cookies emerged in the early days of the internet. The name comes from the term “magic cookies”, used in computing to refer to an exchange of information between two computer programs, like a ticket.

The term “cookie” in the context of the internet was first used by developer Lou Montulli, who worked at Netscape, in the mid-90s.

Just like fortune cookies, which contain a snippet of advice or instruction inside, internet cookies contain important information about the user and their activity on a website. However, they usually don’t have any meaning until they are sent/received and interpreted by another program.

Think of them as a token in a cloakroom: the token has no meaning by itself, but it allows for the correct coat to be exchanged when returned at the cloakroom counter.

Okay, so why all the fuss?

Now that the function of cookies is clear, we need to understand the difference between first-party and third-party cookies.

First-party cookies are created by the website the users are visiting. They can only be accessed by that same website, and they cannot track other sites they visit. These cookies are generally used to improve the user experience. For example: an e-commerce site might use cookies to keep track of the items you add to the cart.

Third-party cookies are created by websites other than the one users are currently visiting. They can track visitors across multiple websites, and they are often used to gather data about users’ browsing habits, preferences, and interests. This is how advertising networks know who to target when displaying ads. For instance, if you’ve been searching for flights, you might start seeing ads for hotels and car rentals in other sites.

While first-party cookies are generally considered benign and less intrusive, third-party cookies raise concerns about privacy and data protection, which is why they are being phased out by web browsers.

So what’s changing, then?

There will be no changes related to the use of first-party cookies. However, third-party cookies are being blocked by most web browsers. Privacy-focused browsers like Firefox, Brave, and Safari have been doing this for years, but only recently has Google announced that Chrome would start to block third-party cookies by default starting in 2024. Since Chrome is the most used browser in the world, with more than 65% of market share, it’s natural that the subject is more prominent in the news now, as the impact will be much greater, marking once and for all the end of third-party cookies.

But this change will not happen overnight. Google began blocking 3rd party cookies by default for just 1% of users on January 4, 2024. Gradually, the percentage will increase until reaching 100% in Q3 2024.

Safari Icon
Safari
Firefox Icon
Firefox
Brave Icon
Brave
Chrome Icon
Chrome
Blocked by default since March 2020 Blocked by default since September 2019 Blocked by default Blocked by default for 1% of users as of Jan 4, 2024, with plans to ramp up to 100% in Q3 2024

How does this affect my business?

Because the third-party cookie was already weakened by other browsers, it has been slowly abandoned in the last few years.

Chrome will continue to track users using other methods, but the information sent to Google or other parties will be anonymised and categorised, rather than specific (read more about the Privacy Sandbox initiative here).

The Meta Pixel already defaults to 1st party cookies, although it still uses 3rd party cookies for tracking users across websites and apps. However, even if Meta is unable to track users across websites, they can still determine users’ interests using the data collected within their own platforms. Also, Meta’s Conversions API (we’ll talk more about this in a moment) helps to fill the gaps when tracking is not possible.

Google Analytics 4 was already built for the “cookieless” world, so it doesn’t rely on 3rd party cookies anymore. It only uses 1st party cookies to store things like user ID, device type, etc. GA4 uses statistical modeling to fill the gaps when tracking is not possible.

All things considered, although the exact impact is a bit uncertain, the biggest impact should be on targeting accuracy, not on attribution. We also believe the impact should be bigger for publishers than for marketers, as most of the advertising networks used to monetise their sites rely on third-party cookies. If you don’t run any programmatic advertising, there’s not much to worry about.

This is a gradual change that has been happening for a few years, and it’s not something that caught people by surprise, so platforms have been adapting in the last few years. More importantly: there’s no reason to panic!


SOMO’S Recommendations

Although there’s no reason to panic, here are two recommendations that will make your site more prepared for the “cookieless” era and improve your tracking in general.

1) Use Meta’s Conversions API

If you haven’t already, now is a good time to implement Meta’s Conversions API (CAPI). The Facebook CAPI is different from the Facebook Pixel.

With the Pixel – a tracking script added to every page of the website – Facebook/Meta collects the data, the data is stored on the user’s browser, and the data is finally sent to Facebook via the Pixel. Meta uses mostly 1st party cookies in the process, but 3rd party cookies are used for tracking user behaviour across multiple websites.

The problem is that some ad blockers can block the Pixel from loading and the communication between your device and Meta’s servers, preventing tracking. With the Conversions API, the data is sent directly from server to server, bypassing any browser restrictions that may block tracking.

In most cases, a developer is not needed to set it up. If you use Shopify and have your ad account linked through the official sales channel, the CAPI is automatically configured. If you use WordPress or WooCommerce, the CAPI can be set up using the official Facebook plugin or another 3rd party plugin that supports integration, such as PixelYourSite. And if your site does not use any of the above platforms, the easiest way to install the CAPI is by using Stape.

Also, make sure that first-party cookies are enabled in the Meta Pixel’s settings. It should be turned on by default, but it doesn’t hurt to check. You find this under the Settings tab of the Events Manager.

Double-check if first-party cookies are enabled in your Meta Pixel settings. You must be an admin in order to change settings.

2) Get ready for Google’s Consent Mode v2

This probably deserves another post, but I’ll try to be brief. Essentially, Google is going to strengthen the enforcement of their user consent policy to comply with the new Digital Markets Act. For this, Google has released Consent Mode v2, which allows the Google tag (used in products like Google Tag Manager, Google Analytics, and Google Ads) to operate in accordance with users’ consent preferences.

Initially, the update will only affect advertisers in the EEA and the UK, but with privacy rules becoming stricter around the world, sooner or later, it’s possible that Google will start to enforce compliance in other countries.

To implement Consent Mode v2, it’s recommended to use a Consent Management Platform (CMP), as manual implementation is a bit complicated. Google has a list of certified CMPs available here. Many of them, like Cookiebot, offer a template for Google Tag Manager or plugins for platforms like WordPress and Shopify, making implementation easier.

If you need help implementing Meta’s Conversions API or Google’s new Consent Mode v2, feel free to get in touch with us! We’ll be happy to help.

Find this article helpful?
Share it with your colleagues!