What You Need to Know About Google’s Third-Party Cookie Phase Out
Google has announced that it will start disabling third-party cookies for 1% of Chrome users in Q1 2024, as part of its Privacy Sandbox initiative. This is a major change for the online advertising industry, as third-party cookies are widely used for cross-site tracking, targeting, and measurement. In this blog post, we will explain what third-party cookies are, why Google is phasing them out, and what alternatives are available for advertisers and publishers.
What are third-party cookies and how do they work?
Cookies are small pieces of data that websites store on your browser when you visit them. They can be used for various purposes, such as remembering your preferences, logging you in, or showing you relevant content. Cookies can be either first-party or third-party, depending on who sets them and who can access them.
First-party cookies are set by the website that you are visiting and can only be accessed by that website. For example, if you visit amazon.com and add some items to your cart, Amazon will set a first-party cookie to remember your choices.
Third-party cookies are set by a different website than the one you are visiting and can be accessed by multiple websites. For example, if you visit nytimes.com and see an ad from Google, Google will set a third-party cookie to track your behaviour across different websites that show Google ads. This way, Google can show you more relevant ads based on your interests and activities.
Third-party cookies are the main mechanism for cross-site tracking, which enables advertisers and publishers to collect data about users’ online behaviour, preferences, and demographics. This data can be used to create user profiles, segment audiences, and deliver personalized ads and content. Third-party cookies also enable measurement and attribution, which allow advertisers and publishers to evaluate the performance and effectiveness of their campaigns and content.
Why is Google phasing out third-party cookies?
Google’s decision to phase out third-party cookies is driven by two main factors: privacy and regulation.
Privacy: Google claims that its Privacy Sandbox initiative aims to create a more privacy-friendly web, where users have more control over their data and how it is used. Google argues that third-party cookies are an outdated and intrusive technology that violates users’ privacy and consent. Google also acknowledges that users are increasingly blocking or deleting third-party cookies, which reduces their reliability and accuracy.
Regulation: Google’s move is also influenced by the growing regulatory pressure and scrutiny on data protection and privacy around the world. Laws such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the US require companies to obtain users’ consent before collecting and processing their personal data. These laws also give users the right to access, delete, or opt out of their data. Google faces the risk of fines and lawsuits if it fails to comply with these regulations.
What alternatives are available for advertisers and publishers?
Google’s plan to phase out third-party cookies is not the end of online advertising, but rather a shift to a new paradigm. Google has proposed a range of web APIs that aim to provide a privacy-conscious alternative to third-party cookies, while still enabling the functionality that supports online advertising and content. These APIs are part of the Privacy Sandbox project, which is still under development and testing. Some of the key APIs include:
- FLoC (Federated Learning of Cohorts): This API groups users into cohorts based on their browsing history, without revealing their individual identities or activities. Advertisers can target ads to these cohorts, rather than to individual users, to preserve privacy and relevance.
- FLEDGE (First Locally-Executed Decision over Groups Experiment): This API allows advertisers to run auctions and serve ads on the browser, rather than on a third-party server, to reduce data leakage and latency. Advertisers can use FLoC cohorts or other signals to bid on ad slots, and publishers can use their own ad servers to manage inventory and revenue.
- TURTLEDOVE (Two Uncorrelated Requests, Then Locally-Executed Decision On Victory Experiment): This API is similar to FLEDGE, but it also enables retargeting, which is the practice of showing ads to users who have previously visited a website or expressed interest in a product or service. TURTLEDOVE allows advertisers to store information about users’ interests on the browser, and use it to bid on ad slots, without revealing it to anyone else.
- Attribution Reporting: This API allows advertisers and publishers to measure the effectiveness of their campaigns and content, without relying on third-party cookies. Attribution Reporting uses event-level data, such as impressions, clicks, and conversions, to calculate metrics such as return on ad spend (ROAS) and cost per action (CPA). Attribution Reporting also uses aggregation, anonymization, and noise to protect users’ privacy and prevent fraud.
These are just some of the web APIs that Google has proposed as part of the Privacy Sandbox project. There are also other APIs that address use cases such as identity, fraud detection, and content optimization. Google is working with the web community, including other browsers, standards bodies, advertisers, publishers, and privacy advocates, to develop and test these APIs, and to address any technical, legal, or ethical challenges.
What do you need to do to prepare for the third-party cookie phase out?
If you are an advertiser or a publisher who relies on third-party cookies for your online advertising and content, you need to take action to prepare for the third-party cookie phase out. Here are some steps that you can take:
- Audit your third-party cookie usage: You need to identify and document all the third-party cookies that you use or rely on, and how they affect your business objectives and user experience. You can use tools such as Chrome DevTools, Lighthouse, or Cookiebot to scan your website and detect third-party cookies.
- Test for breakage: You need to test how your website and ads perform without third-party cookies and identify any issues or gaps that may arise. You can use Chrome’s testing modes, such as the –test-third-party-cookie-phaseout flag or the chrome://flags/#test-third-party-cookie-phaseout option, to simulate the state after the phase out. You can also use Chrome’s Privacy Sandbox trials to test the new web APIs with live traffic.
- Use partitioned cookies with CHIPS: If you use third-party cookies that store data on a per-site basis, such as an embed or a widget, you can consider using partitioned cookies with CHIPS (Cookies Having Independent Partitioned State). Partitioned cookies allow third-party cookies to function within a specific website but prevent them from being accessed by other websites. CHIPS is a proposal that aims to make partitioned cookies more secure and consistent across browsers.
- Use related website sets: If you use third-party cookies across a small group of meaningfully linked sites, such as a family of domains or a single sign-on provider, you can consider using related website sets. Related website sets allow third-party cookies to function within a predefined set of sites but prevent them from being accessed by other sites. Related website sets require the consent of all the sites involved, and the approval of the browser.
- Migrate to the relevant web APIs: For other third-party cookie use cases, such as cross-site tracking, targeting, and measurement, you need to migrate to the relevant web APIs that Google has proposed as part of the Privacy Sandbox project. You need to familiarize yourself with these APIs, understand how they work and how they differ from third-party cookies, and implement them on your website and ads. You also need to monitor the development and testing of these APIs and provide feedback and suggestions to Google and the web community.
Conclusion
Google’s plan to phase out third-party cookies is a significant change for the online advertising industry, and it will have implications for advertisers, publishers, and users. Google’s goal is to create a more privacy-friendly web, where users have more control over their data and how it is used, and where advertisers and publishers can still deliver relevant and effective ads and content. Google has proposed a range of web APIs that aim to provide a privacy-conscious alternative to third-party cookies, while still enabling the functionality that supports online advertising and content. These APIs are part of the Privacy Sandbox project, which is still under development and testing. Advertisers and publishers need to take action to prepare for the third-party cookie phase out, by auditing their third-party cookie usage, testing for breakage, using partitioned cookies or related website sets, and migrating to the relevant web APIs.
Like, Comment or WordPress Reblog the post and Subscribe to IT Service Guru for future blog posts.
[…] This exploit not only underscores the sophistication of modern cyber threats but also exposes the vulnerabilities present within even the most robust security systems. The utilization of third-party cookies, which are often utilized innocuously for enhanced browsing experiences, has now been weaponized by malicious actors to compromise user accounts. Google is currently cracking down on third-party cookies on Chrome in a bid to move away from the pr… […]
A must-read for anyone interested in this topic!