Cookies can be very tasty – especially well-designed marketing cookies that allow e-commerce retailers to gather and use customer data to shape their retail strategies.

Third-party cookies have long been critical tools in the development of successful e-commerce marketing strategies. They’ve been a great source of advertising revenues for many site owners, and the technology driving them is well-tested and well-supported.

Then there’s Google, which has itself taken massive advantage of cookie technology for many years. Apple also has had its own version of cookie tech (the so-called “Identifier for Advertisers”), and has capitalized on it with enormous success. It’s now shifting to App Tracking Transparency in a move that parallels Google’s initiative.

In response to both growing user demand for greater data privacy and actual legislation designed to enforce tougher privacy standards, Google is abandoning third-party cookies in 2022.

It says it’s not going to target individual users in terms of their browsing history and habits by way of third-party cookies.

Result: a period of enforced evolution in market data-gathering and tracking technology that (we hope) will allow websites to gather the data retailers need while respecting consumers’ expanding privacy rights.

Good times…

No More Cookies for You!

A couple of months back, Google let everyone know that it was still planning to stop using third-party cookies in its Chrome browser and advertising networks next year. In fact, the company had stated back in early 2020 that it hoped to make this happen by 2022.

Admittedly, this is a significant change for Google, and it would bring Chrome (and, we presume, other browsers using the Chromium engine) into line with the likes of Safari and Firefox, both of which addressed the issue a year or so ago.

But even with the apparent consumer privacy benefits such a move could provide, Google’s plan doesn’t mean the company has decided it’s getting out of the business of collecting consumer information to refine and target its advertising.

Google will still track mobile device users as usual, and will still the employ first-party cookies it creates and does not share or transfer to anyone else. In other words, its advertising business and revenues will be just fine.

The same may not be true for the rest of the digital advertising industry.

If you’re a site owner, e-commerce retailer or brand, is it time to start getting worked up about this?

Probably – but it depends on your current cookie practices and the extent to which you’re already behaving proactively.

Advertisers and publishers who have been relying on third-party cookies to generate advertising revenues should be thinking about what they can be doing right now to compensate for Google’s changes.

Whatever form those changes take…

Old Recipes and New: A Diet Without Cookies

Perhaps some clarification is in order.

For the record, a cookie is a bit of code or text that some third-party entity (like a brand) places on websites.

A cookie allows the third party to track and gather information to support audience and segment targeting in advertising. It also allows the third party to follow a user’s browsing over the entire web, rather than only on specific websites.

You can see how a site visitor might be concerned about giving a third party that sort of intrusive power, especially as such cookies have traditionally provided the third party with information allowing it to identify individual visitors.

When those third-party cookies actually go dead, we expect to see some panic from just about everyone other than Google itself, save for those players who have been proactive in seeking suitable alternatives.

But if you can’t use third-party cookies, what alternatives are actually available, and how effective will they be?

A good first step would be to do what Google is doing. Concerned brands should prepare to disable any third-party cookies they’ve been using, and should start using first-party cookies and data-gathering much more intensively.

Beyond that, even for proactive brands, it might be necessary to hurry up and wait for some of the new technology alternatives to come online.

We think there will be a period of retrenching, reallocation of budgets, and shoestring attempts by quite a few brands to find cookie alternatives.

Many will find themselves staring directly at potentially disastrous decreases in ad revenues if their cookie replacement strategies don’t work as planned.

About Those Cookie Alternatives…

You’d think it would be a simple matter to replace third-party cookies with something that would respect consumer privacy while providing decent data on which to build advertising.

If we’re to go by the number of potential alternatives out there, you’d be wrong.

In fact, there are a quite a few proposed alternatives, and quite a bit of arguing about what will work, what’s fair, and what respects consumers’ privacy rights. The adtech industry has been scrambling to develop attractive alternatives, some of which don’t involve the identification of specific users at all.

Google and the FLoC

In terms of ID-less solutions, Google attempted to lead the way with what it called FLoC, or “Federated Learning of Cohorts.” FLoC is designed to combine users’ anonymous site visit information in collections or cohorts based on areas of interest. It would then target these areas of interest for advertising.

The FloC approach would protect individual user privacy, avoid the tracking of users across multiple sites, and depend on large quantities of anonymized visit data to create targetable interest groups.

Unfortunately for Google, there’s been growing opposition to FloC from privacy groups and concerned net entities.

The EFF (Electronic Frontier Foundation) is opposed to FloC on the grounds that it may actually weaken user privacy by shifting tracking functions from third-party cookies to browsers themselves, thereby making other browser-based problems worse. It thinks FLoC will exacerbate the worst aspects of behavioral advertising in ways that may end up being discriminatory, among other things.

Privacy-focused search engine DuckDuckGo has already ensured that its browser extension can block FLoC, and there’s some ongoing discussion over at about having Wordpress treat FLoC as a security issue.

It’s worth noting that there are several proposed alternatives to FLoC, with the bird metaphor being very popular.

For example, Microsoft’s PARAKEET (“Private and Anonymized Requests for Ads that Keep Efficacy and Enhance Transparency”) claims to provide effective data and advertising solutions without the apparent evils of FLoC.  It involves the use of proxy servers to shield user data from advertisers.

There are other similar anonymizing solutions, like SWAN (“Secure Web Addressability Network”), Google’s own Turtledove (“Two Unrelated Requests, Then Locally Executed Decision on Victory”), and Criteo’s Sparrow (“Secure Private Advertising Remotely Run on Webserver”).


Enough with the birds already.

It’s also worth noting that as of mid-April 2021, other browsers weren’t too interested in supporting FloC, with clear opposition from Mozilla (the makers of Firefox), Brave, and Vivaldi. Microsoft appears doubtful as well, but that may also have something to do with the fact that PARAKEET is, after all, a Microsoft creation.

One Size Fits All: Universal ID

There are already many available solutions of this type. The idea behind them is what you’d expect: publishers get access to users’ data when the latter consent to that as part of a sign-up they complete for another website.

Universal ID solutions depend on encryption to protect user contact information, with universal IDs working across channels for first-party user data. Some of the available solutions cover publishers based at least in part on nationality, like NetID in Germany.

Among the universal ID solutions currently available, you’ll also find ID5 (now partnered with the Smart adtech platform) and Unified ID 2.0 from “theTradeDesk”.

The latter is working with collaborators to create an open-source  universal ID alternative they believe will offer more transparency and privacy to consumers, and better, safer data gathering and use for advertisers.

However, all is not rosy in the realm of universal ID solutions. Just over a year ago, Nick Halstead suggested in an Infosum post that universal IDs were dangerous and shouldn’t be allowed.

Why not?

His view was straightforward and raised some serious questions for which we’d like to see some serious answers.

He pointed out that with universal IDs, users provide some unique personally identifying data (like phone numbers or email addresses) around which the ID provider builds a unique core identity for each user. The ID provider then assigns a unique ID of some kind for the user.

Halstead’s view was that at least potentially, universal IDs give “…everyone on the planet one unique identifier, and then [enable] one company with the power to hold that central identity graph.” One might argue, given the available alternatives, that more than one company might be involved – but that would strengthen Halstead’s argument, not weaken it.

We’ve seen ample evidence already in 2021 that there’s no such thing as unhackable unique identifiers or other data, especially if the premise is to enable the sharing of consent with third parties based on that single unique identifier and user agreement.

Neither consumers nor regulators should be happy with the potential for abuse, in Halstead’s view.

Is he (still) right? Maybe – but time will tell, as universal ID solutions are already in use…

Other Possibilities

If you’ve already been reading up on this stuff, you’ve probably discovered that contextual advertising or targeting ought to be the best replacement for third-party cookies – at least in the minds of those pushing the idea.

Contextual advertising or targeting isn’t exactly new. It’s based on the idea that site owners may show ads based on the site pages, sections or particular topics users visit, but without attaching user identifiers as part of the process.

The catch is that for it to work as intended, site owners will have to invest in quality site infrastructure that supports it.

It also depends on a return to the clever (and not heavy-handed) use of keywords in advertising targeted to the context and page content users visit. Content relevance has always been a big deal from our perspective, but a return to contextual targeting will make it critical.

That’s because users will be seeing ads based on the content they visit, rather than on an analytics-driven behavioral thumbnail suggesting their preferences.

In fact, given the push for enhanced brand storytelling currently, it should be possible to meld content-driven ads with actual content, thereby minimizing user distraction and generating usable data in ways users find appealing.

Contextual advertising also creates opportunities to use emotion more effectively by ensuring that an ad’s key “push” is consistent with users’ feelings or reactions to the specific context and content.

The really good news is that AI supporting contextual advertising while maintaining user privacy and brand security has come a long way.

Final Thoughts and Changes to Come

Despite the confident talk from many solution providers, and from majors like Google and Microsoft, it’s not yet clear whether e-commerce retailers and brands will have access to a single, truly useful, go-to replacement for third-party cookies when Google finally pulls the plug in 2022.

Apple’s ATT, on the other hand, has been getting positive reviews from privacy groups, civil liberties organizations, and some advertisers, with the notable exception of Facebook. The latter is opposed because ATT could cost Facebook 3% of its revenues, though that fact will likely dismay only Facebook.

We’re all clear about what we want: greater consumer privacy and transparency; reasonable access to useful data for marketing purposes with minimal hassle; and one or more consumer-friendly, legally compliant solutions that can work industry or segment-wide without creating more problems than they solve.

That doesn’t seem like too much to ask in exchange for adopting a permanently cookie-free diet.