Google Chrome is on the way to third-party cookies removing
In August 2019 Google Chrome announced a phasing out of the third-party cookies support within 2 years. Instead of this, the company declared an initiative called Privacy Sandbox aimed to strengthen users’ privacy while using the browser and make users’ data more secure. In the Chromium blog article, director of Chrome Engineering Justin Schuh encourages advertising companies, publishers and other browsers to solve the challenges collectively. He explains that “users are demanding greater privacy – including transparency, choice, and control over how their data is used – and it’s clear the web ecosystem needs to evolve to meet these increasing demands”. Though information about third-party cookies removal was not unexpected for the industry insiders, the representing key voices on the advertisers and publishers sides were disappointed by the unilateral efforts of the browser.
5 Questions On Third-Party Cookies and Their Forthcoming Demise
What Is The Role Of Third-Party Cookies?
A cookie is a piece of information sent from the web-server to the web browser that saves the user’s data and then sends it back with each request made to the server when the user visits the website. While sending a request, the browser checks if the properties, domain, path, and secure match the website’s data that was requested initially. If the information lines up, the browser sends the relevant cookies together with the request.
The first-party and third-party cookies are both data files that the web browser saves to the user’s computer. First-party cookies store login details, website configuration, and information about added products to the shopping cart. Through third-party cookies, advertising companies and social networks can carry out behavioral targeting, ad tracking, and measurement for deep analytics. The core difference between the first-party and third-party cookies lies in the domain that creates the cookies and saves them primarily. The website that user visits directly creates and stores first-party cookies. Other sites of the publishers’ partners and advertising services set up and gather third-party cookies to use them for remarketing purposes.
Third-party cookies have been the base for programmatic advertising intended for ad serving and cross-site tracking since 1994. Here are the main functions of 3P cookies:
- personalized ad targeting;
- cross-site retargeting;
- social buttons posting;
- third-party services placing (such as chatbot);
- impressions measuring to user actions;
- detailed analysis.
Third-party cookies play an important role in the digital advertising ecosystem. The cookies technology enables publishers and ad buyers to show relevant advertising to specific users and get impressions that have been valuable assets in programmatic. Google Chrome is going to eliminate third-party cookies leaving the whole digital marketing in the dark about future substitution mechanisms. Though the web giant claimed it has some workarounds.
Why Did Google Chrome Decide to Get Rid of Third-Party Cookies?
Transparency and data protection have become acute problem on the web. Google announced an initiative called Privacy Sandbox with a clear intention to strengthen privacy on the web. The aim is to make using the browser more secure for users who in turn demand greater possibilities to control usage of their personal data. Industry observers have also suggested that Google protects its own business as the world’s largest online advertising company, representing 64.1% of the global browser market, according to Statcounter.
Though Google is not the first browser that initiated the anti-tracking approach through cookies blocking. Safari and Firefox have already reduced cross-site tracking by limiting cookies and website data analysis. Apple Safari initiated Intelligent Tracking Prevention (ITP), released in 2017, as a solution to protect user privacy by restricting their data tracking across the web. Mozilla Firefox did the same by launching Enhanced Tracking Protection (ETP).
With Apple’s initiative, the primary challenge has become a short lifetime of cookies that breaches web analytics. Originally user-tracking cookies can last up to 2 years from the date of the first user’s visit. Such a mechanism as ITP is aimed to break user tracking by reducing the lifetime of cookies. Any cookie set by the browser will be deleted after 7 days in ITP 2.1. Cookie set by the browser, if the user came from the cross-domain link, will be deleted after 1 day in ITP 2.2. According to the latest ITP update 2.3, any local storage set when the user comes from a cross-domain link is wiped after 7 days of inactivity. This affects publishers, marketers, and ad tech vendors who rely on third-party cookies to target a niche audience.
Google said they want to institute a mechanism to control who is in charge of an advertisement and who collects the information and for which purposes. Though, in contrast to Mozilla’s Firefox and Apple’s Safari that have already started blocking third-party cookies, Google Chrome will implement it in phases.
What Impact Does Chrome’s Initiative Have On Programmatic Parties?
As a result of Apple’s efforts to improve the Intelligent Tracking Prevention function in Safari by applying anti-tracking updates, ad tech companies have shown decreased prices. Publishers have also reported rapid drops in programmatic ad revenue.
Google itself made research that publishers’ digital ad revenue can be reduced by 52% on impressions without cookies. The Wall Street Journal cited another survey and said: “publishers only get about 4% more revenue for an ad impression that has a cookie enabled than for one that doesn’t”. Another study reveals that third-party data remains a necessity for many marketers. IAB Tech Lab together with Winterberry Group wrote that American companies were ready to spend nearly $19.2 billion on the purchasing of audience data and on solutions to examine this data. In 2019, eMarketer represented statistics of worldwide digital ad spending (graphic is below), and now everything can change.
*Note: Includes advertising that appears on desktop and laptop computers as well as mobile phones, tablets, and other internet-connected devices, and includes all the various formats of advertising on those platforms; excludes SMS, MMS, and P2P messaging-based advertising
The changes will likely have an impact on Google’s business buying ads affecting Google’s partners such as the publishers who use Google Ad Manager. Justin Schuh claimed that blocking third-party cookies by default can have significant implications that Google wants to prevent during the two-year cut-off date.
What Does Google Propose Instead of Third-Party Cookies?
In August the company represented the idea of new standards aimed to enhance users’ data privacy. “We are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete”, mentioned Justin Schuh in the Chromium blog.
Privacy SandBox is an open environment where Google Chrome is supposed to store the user-generated data and let ad tech vendors make an API call to this sandbox to receive personalization and measurement but the information should be without user-level reports. By the end of this year, Google plans to launch a testing version for personalized advertising without third-party cookies. As an option, Google Chrome intends to provide a list of users grouped under certain attributes such as browsing habits to provide generic data.
In May 2019, Google announced the first initiative on its way to ensure privacy across the web. The browser implemented a new secure-by-default model for cookies to make the browser faster and more protected. It’s about SameSite Cookies settings that require website owners to state label the third-party cookies that can be used on other sites. Cookies that do not include the “SameSite=None” and “Secure” labels won’t be available by third parties in Chrome version 80 and beyond. The Secure label means cookies need to be set and read via HTTPS connections. From February, cookies will be “SameSite=Lax” by default which means cookies are only set when the domain in the URL of the browser matches the domain of the cookie. The “SameSite=Strict” designation limits cross-site sharing between various domains that are owned by the same publisher.
Publishers should go to HTTPS secure pages, in case they haven’t done so already, and they can start testing their websites by going to chrome://flags and enabling #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure to check if anything breaks down.
What Does the Advertising Community Say About This Initiative?
The general mood is not so bright. The industry observers express skepticism about Google’s restrictions and unilateral actions. One basic reason is that nobody knows what to expect as an alternative, and any changes in the sophisticated programmatic ecosystem can add a “little” chaos.
The first concern about third-party cookies loss is that the bad actors can apply to a fingerprinting method for tracking. Canvas fingerprinting is the way to receive browser data through the HTML5 canvas element of the website. This technique builds on the canvas API method to generate the canvas pixel data. The rendering will be different depends on the OS, browser, and device of the user that loads the website page. Text-encoded pixel data which serves as the fingerprint help identify the information of the user. This method has its dark side. It can disrupt users’ privacy as the process of tracking is invisible for them and they cannot control it. Google said it will prevent fingerprinting in Chrome by limiting the number of API calls a website can make.
There are also predictions made by the media key voices about growth in the number of more contextual advertising campaigns. This is because they won’t be able to target individual users by using third-party cookies. At this point, publishers will pay more attention to the first-party data and will rely more on a logged-in audience. Contextual advertising is supposed to be more interesting for users. They see the ads that are a 100% match with the theme of the website pages that they are visiting. But would it attract more advertisers and bring more revenue to the publishers? There is a question.