Do not adjust your set—this is not a rerun! Although we explored the demise of third-party cookies in last October’s inaugural episode of Inside the Funnel, a lot has changed since then. In short, the cookie-less future has come into sharper focus after Google confirmed that it will not replace third-party cookies with a direct equivalent (cue confused marketers asking themselves: “How are we going to do all the things we do?!”).
Rather than be swept along with the resulting low-key panic attack, we spent hundreds of hours down deep rabbit holes—researching, interpreting, reading tea leaves—to master the most pressing topic in digital and reveal exactly how advertisers can prepare to thrive in a privacy-first world.
Google really did surprise everyone
Conjecture will only get you so far, but we were more or less on the money in late 2020: the future of digital advertising will further establish first-party data as the gold standard. The only part we didn’t anticipate was that one-on-one targeting would disappear completely from third-party contexts.
Unlike your typical algorithm updates and ranking factor changes, the end of one-on-one third-party tracking is hugely significant. While technologists are excited to be at the dawn of a new era, marketing professionals—especially those accountable for digital media performance—must adopt not only a new way of doing but a new way of thinking.
But there is a silver lining for worried marketers: in the last few hours, Google revealed that it would delay phasing out third-party cookies until mid-2023 to give web publishers more time to prepare.
How did this all come about?
The Facebook/Cambridge Analytica scandal may not have surprised those in the know, but your typical internet user suddenly understood how much data these platforms had on them (and how easily this data could pass from domain to domain). At the same time, legislative wheels were already turning to bring GDPR, CCPA, and other privacy-focused laws into existence. Yet it was a tech giant that truly led the charge.
In the first move of its kind, Apple introduced Intelligent Tracking Prevention (ITP) to Safari in 2017 to limit cross-device tracking and give users more control over their data. Firefox, Brave, and Edge browsers followed suit shortly thereafter, but the big browser on the block—Chrome, with 70% market share—held out until the recent announcement that it too would phase out third-party cookies.
What can marketers continue to do?
Individual third-party tracking is going away forever. No longer will users be targeted by ads on one domain after browsing for products or services on another. That level of specificity will soon be consigned to the history books (along with remarketing’s generally impressive ROAS), but many executives seem to be unfazed: an estimated 76% of marketing decision-makers do NOT think their revenue will be impacted by the loss of third-party cookies.
Of course, there will be some continuity. After third-party cookies are fully deprecated, advertisers will still be able to use “walled gardens” in the same way. So, for example, your audience targeting will continue to function as normal across the Google ecosystem (Gmail, Google search, YouTube, and any other Google-owned property where users are persistently signed in). In contrast, the Google Display Network (GDN), which incorporates other domains, will see its functionality shrink after the third-party handshake disappears
The same applies to ads in Facebook and Instagram—two Facebook-owned properties that are considered first-party in and of themselves, but will no longer be able to use third-party data from other sources to target ads to users.
Life after third-party cookies
Google’s “Privacy Sandbox” has quickly become the centre of this particular universe. Google-branded but connected to the open-source Chromium project, the Privacy Sandbox is essentially a series of API proposals to satisfy various use cases without individual tracking (or, in Dan’s words, “privacy-preserving approaches to real-world problems”).
This vibrant community reminds us that marketing/remarketing is just one of many digital disciplines that will be transformed by the death of third-party cookies. For instance, the selection and delivery of relevant ads is one thing, but cookies are also crucial to the measurement of performance, especially for upper-funnel and multi-touch attribution.
At the same time, third-party cookies are also key to combating spam, fraud, and denial of service. Ever had to click a captcha box or pick out photos as a security measure? Such mechanisms currently rely on cookies, and the jury is out on a suitable replacement.
Wait… What the FLoC?!
As we explain in the latest episode of The Essential, it appears that Google’s FLoC (Federated Learning of Cohorts) will become the de facto successor to third-party cookies. In essence, FLoC will do all the third-party things, but none of that data will ever the browser. Instead, users will be assigned to larger “cohorts” of people based on their common browsing behaviors, but nobody will be individually identifiable.
For all the “dense mathematical literature” laid out in the FLoC white paper, we’ve got a pretty good handle on FLoC. It’s this:
FLoC is simply a mechanism to give everybody a number and THAT’S IT.
Let’s take cohort number 29056 as an example. Advertisers will never know which individuals are part of cohort 29056, but they can be confident that the group is made up of statistically similar people (who are, say, interested in buying a mattress). People will move in and out of cohorts regularly, but will only ever be part of one at a time. Crucially, no other data ever leaves the user’s device—only the cohort number for whoever wants to see it.
If and when FLoC becomes ubiquitous, it’ll be refined to more accurately represent audiences. It will also offer significant benefits for users and advertisers alike. All advertisers will instantly see when your browser leaves a particular cohort, so you won’t be targeted with mattress ads after you’ve bought a mattress. Third-party cookies simply don’t offer that kind of cohesion.
The Three-Step Cookie Doomsday Preparedness Plan
Okay, “Doomsday” might be a bit of a misnomer since we’ve always encouraged advertisers to do these things, but “Preparedness” is right on the money. It’s thought that the mechanism(s) that succeed third-party cookies will be 50-95% as effective as today’s tactics. That’s a giant spectrum, potentially accounting for seven-figure swings of outcome depending on budgets and performance—and preparation will be the difference between thriving and floundering.
Undertake a readiness assessment 📊
The readiness assessment is based on three vectors: your reliance on third-party data, the quality of your CRM data, and your tech stack’s ability to accommodate first-party signals. This evaluation of your third-party vulnerabilities and first-party signalling should result in a plan to mitigate weaknesses and capitalize on strengths.
Put the plan into action 💪
Step two is easier said than done; it may take considerable technical expertise (and a generous timeline) to complete all the wiring and do all the heavy lifting. If you execute your plan long before the official deadline, the opportunities you unlock will be that much greater.
Get into a FLoC state of mind 🧠
Now is the time to familiarize yourself with existing FLoC-like targeting mechanisms, such as in-market audiences. Supercharge your CRO to encourage new visitors to authenticate and become first-party. To get them there in the first place, engage different media sources—higher up the funnel than normal—and measure it all effectively by adding new visitor or authentication rate to your slate of KPIs. Such metrics are not money in the bank, but will pay dividends when everyone goes wild in the imminent land-grab for first-party data.
Want to hear it directly from the source? Grab yourself a coffee, get comfortable, and dive back into our industry’s most consequential topic. We’ll get you on the right path!