Google announced last year it would end support for third-party cookies in Chrome by early 2022, once it figured out how to address the needs of users, publishers and advertisers and come up with tools to mitigate workarounds.
Google recently delayed the ban and announced that it will now stop the use of third-party cookies in Chrome by the end of 2023. In a blog post Vinay Goel, Director of Privacy Engineering at Chrome said:
“While there’s considerable progress with this initiative, it’s become clear that more time is needed across the ecosystem to get this right.”
But what does the end of third-party cookies really mean? Well, it certainly doesn’t mean the end of tracking altogether – and the need for true end-user consent to process personal data will persist long after third party cookies and the technologies replacing them.
So, let’s take a closer look at “cookies” and what’s this ban really means… there are two types of cookies: first-party and third-party.
First-party cookies are directly stored by the website you’re visiting. These cookies allow website owners to collect analytical data, remember language settings, and perform other useful functions that provide a good user experience. These cookies are usually necessary to the website and how it functions, providing a good user experience.
Third-party cookies are created by domains that are not the website that you are visiting. These are usually used for online-advertising purposes and placed on a website through a script or tag. A third-party cookie is accessible on any website that loads the third-party server’s code.
Now we know the difference between first and third-party cookies, are third-party cookies the only technology use for persistent and pervasive tracking of users across the web?
Well, the short answer is “No”.
Below are a couple of the existing technologies that can track users just like third-party cookies:
- Local Storage
Also known as DOM storage, local storage provides web apps with persistent data storage on the clients’ machine-like persistent cookies. However, the data in local storage is only accessible on the client’s computer meaning there is no information stored in the HTTP request header and it is never sent to the server. This means there is a level of added security and reduces the amount of data transferred when webpages are requested.
Google aren’t leading the movement for banning third-party cookies. In fact, they are behind browsers such as Safari and Firefox who are third-party cookieless as we speak. We’ve also seen already that publishers and advertisers have found different methods and/or new technologies that make it just as easy to track users in the same way.
The ban from Google comes as part of a much larger strategy of creating a privacy sandbox with open standards for tracking users while protecting their privacy but this is facing heavy challenges in the forms of antitrust investigations from the EU Commission and the UK’s Competition and Markets Authority (CMA).
Some of the new standards could very well end up strengthening tracking, since the new technologies such as trust tokens, will ensure an even greater level of certainty around identification of users, and thereby only fix issues in tracking precision and ad fraud by bots – two major headaches for advertisers.
Even though they might replace third-party cookies in Chrome, trust tokens won’t exist in a vacuum. There are other ways a tracker could currently—in theory—determine a user’s identity across websites, which means that unless Chrome and other browsers not only discontinue support of third-party cookies, but also of any other kind of similar tracking techniques, trust tokens will most likely not provide a greater level of privacy protection and in fact only benefit the advertisers.
It is for this reason that user consent will remain the most prevalent way to track users and why it remains the central requirement of the world’s major data protection laws; led by the EU’s General Data Protection Regulation (GDPR) and reflected in emerging laws like Brazil’s LGPD.
The end of third-party cookies doesn’t mean the end of user consent, and your website will still need to ask for and obtain the explicit consent of users before any data is allowed to be stored, on a user’s browser, regardless of what technology is used; be it third-party cookies, Local Storage or trust tokens.
You will still be required to inform your end-users about the technologies being used to collect personal data, including its provider, purpose and duration, to safely document their obtained consents, and to renew them at least annually.
Therefore, user consent is the platform for compliant tracking now and it still will be in the future.
User consent not only remains fundamental to most data privacy laws (GDPR), it is also becoming more and more central to the advertiser’s industry itself – a movement solidified by Google’s launch of the Google Consent Mode in September 2020, a platform that lets websites run all Google-services based on the consent of their end-users – balancing compliance and tracking on the ground of consent.
This is a clear signal of intention from one of the world’s biggest tech companies to move the ad tech industry in the direction of consent, and to balance digital advertisement with data privacy.
So, when third-party cookies in Chrome do finally fade out within the next few years, user consent is poised to take up centre stage even more than it already is.
LAW Creative is one of Europe’s leading integrated marketing agencies. At LAW Creative we specialise in Digital and have a dedicated inhouse team of experts that can advise you on how best to make your website compliant and minimising any tracking. If you would like advice or assistance with your digital project, please contact firstname.lastname@example.org.
LAW Creative part of Selbey Anderson Group of agencies.
Source: Google, Cookiebot,CookiePro, Gov.uk