You have likely heard about Google’s announcement at the May I/O conference about impending changes to the Chrome internet browser aimed at blocking and clearing third-party cookies, preventing “digital fingerprinting,” and providing more transparency into what websites track about users. Google Chrome commands an overwhelming proportion of internet browser usage, so this news is significant. Similar settings are in the works for Firefox, Internet Explorer and Microsoft’s new Edge browser. Companies in the adtech, martech and publishing space are already hard at work evaluating what it all means for their platforms and advertising strategies and tactics.
What makes this latest development so significant is how Google is approaching the problem. Right now, first- and third-party cookies are basically indistinguishable to a web browser. But Google will soon force developers to use an attribute in the page code called “SameSite” with cookies to determine if they can be used only on that website (first-party) or also used by other sites (third-party). Instead of merely putting new protections in the hands of consumers, publishers must declare utility for their cookies in the code itself.
Cookies are small files with bits of information a website stores on your machine about your browsing history. Almost every website you visit serves cookies. In fact, the internet wouldn’t work very well without them. Therefore, Google isn’t blocking all cookies outright. It can’t. But Chrome can make it easier to categorize which cookies are for on-site, brand purposes and which are being used to track behavior across the web.
For example, when you log into a site, say Amazon.com, cookies hold information about the session to keep you logged in. These are “first-party” cookies because the site you’re visiting is serving them to you directly. In the recent regulatory climate of GDPR and CCPA, you have probably seen a prompt on web pages you visit telling you that they serve a cookie or cookies to your browser and asking you to agree to their terms and conditions.
As you visit those pages in the future, the website will check your cookies to see if you are someone it recognizes. Once you log into Amazon, if you choose to “remain logged in,” the site checks your browser every time you return to look for a cookie indicating your preferences. But even if you don’t log in, Amazon uses that cookie to display content it deems relevant to you based on your past purchases and what others who buy similar things as you have bought .
Meanwhile, third-party cookies are derived from your behavior on the web and used to show you ads or change a website experience based on information associated with these third-party cookies. These values are not set directly by the domain of the website. Amazon again illustrates a good example. It uses bits of code on their partners’ websites to read users’ cookies while browsing and set cookies based on what they browse and what they do.
Third-party data is used to find users who qualify for targeted audiences wherever they are online. Your favorite news brand, let’s say USA Today, might use that audience segment, which is a list of cookies associated to devices with the same traits, to sell advertising in a run of network placement to users who browse USA Today and qualify for that audience. Or a hotel brand marketing its properties at locales near cruise ship destinations would use that to target ads via a DSP to users with those qualifying cookies saved on their machine.
Google Chrome will have a mechanism in its web browser to block third-party cookies on a user’s machine and make it easier to clear them. But Google has not yet elaborated on the nature of these setting changes within its browser. When Apple released its intelligent tracking prevention (ITP) settings in Safari late last year, those changes were default.
All third-party cookies are blocked in Safari without the end user having to do anything. Is that what Google will do, too? Unlikely. And we don’t know what the user experience for these settings will be either. Will they be buried in a menu or prominently displayed in the browser navigation? But we do know that Google is making brands use the “SameSite” attribute so Chrome can differentiate between first- and third-party cookies.
In light of this announcement, some have declared the “death of the cookie,” the end of data management platforms (DMPs), and seismic changes in the digital ecosystem as we know it. Seismic changes are certainly underway in the marketing industry. But then again, there is always disruption in this space.
However, cookies are far from dead. First-party cookies are alive and well – and necessary. And as a result, DMPs are hardly dead. DMPs unify data in the anonymous digital space across channels and offline and online. It’s certainly true that overlaying owned first-party data with third-party data has traditionally been a DMP use case, but market impacts to the use and efficacy of third-party data hardly kills DMPs. In fact, ingesting, organizing, and making good use of a brand’s first-party data is more important than ever. A DMP is but one tool to help do that.
The marketing and ad tech ecosystem is rife with platforms and tools that depend on cookies. On first-party cookies. Web analytics platforms, CDPs, ESPs, attribution, pixels, and more leverage first-party data for operation, experience, or to enrich datasets. Much of Google’s technology does, too.
The chief takeaway from this development is something Acxiom has known for decades: the data brands own — which includes their CRM, purchase records, loyalty records, and more — is an asset. And if, indeed, third-party data will be largely blocked or cleared from users’ machines, then developing a comprehensive data strategy for leveraging those assets becomes more critical than ever.
Indeed, preparing for Google Chrome’s coming changes will demand thoughtful strategy about which tools and platforms power brands’ web properties, how to configure and integrate them, and how to accomplish rich customer experiences with compliant, ethically sourced data.
But the sky is not falling. Google lives beneath it, too.