Beyond third-party cookies, the issue of (anonymous) digital identity

After years of discussions, Google seems resigned to eliminate third-party cookies from Chrome (scheduled for October 2024). As the last of the major browsers to reject third-party cookies, Chrome is also the most popular with a 60% market share. This means there will be a before and after; at Commanders Act, we estimate that after 2024, less than 5% of third-party cookies will remain accepted overall.

And while this disappearance will impact – to varying degrees depending on the circumstances – advertising platforms in their ability to build audiences or track sales, it is not the only factor slowing advertisers down in collecting and unifying digital identities.

This movement is indeed part of the underlying trend of protecting digital privacy, which has been shaping marketers’ lives for several years.

Third-party cookies 

The Third-Party Cookie issue is not new, and advertising channels have had time to anticipate countermeasures. In reverse order of foreseeable impact:

Social networks (Meta, TikTok, etc.) will be the least affected because, being logged-in environments, they do not track users much (if at all) via third-party cookies.

Google also fares well, relying less on audience building for its advertising cash cow (search).

The most affected channels are display (programmatic or not), affiliate marketing, native ads, retargeting… what is now referred to as the Open Web.

Each advertiser’s marketing mix is different, but we can estimate that a maximum of 20% of media spending will be heavily affected (audiences + attribution), 50% affected only for audiences, and 30% minimally affected. The impact is real but will likely be limited.

However, for some ad tech companies, this will probably mark the end of operations as they will be deprived of their ability to target users effectively and to bill their clients in performance-based models (since they will lack data on post-impression sales, for instance).

More worrying, first-party cookies

At this stage, first-party cookies are not rejected by browsers; however, they are far from being able to identify users securely.

Various privacy regulations, particularly regarding consent, allow internet users to accept cookies. Refusal rates average around 25% with significant disparities.

The remaining 75% pass under the scrutiny of browsers which, if not refusing them, will limit their lifespan. Particularly, Safari, Apple’s browser, via its Intelligent Tracking Prevention (ITP4) technology, will limit the lifespan of first-party cookies to 7 days.

Thus, after 10 days, an average European web advertiser can only identify (anonymously, let’s recall) half of the users who visited their site.

This is deeply affecting the existing technological ecosystem on websites:

• Analytics
• A/B testing
• Personalization
• Advertising platforms as well, with some of them having migrated to a first-party tracking, as mentioned earlier.

How to fight against these consequences?

 Third-party cookies

On the front of third-party cookies, there’s not much to do in reality. The alternatives attempted by the market are too proprietary to replace the universal identifier that the third-party cookie was:

• Systems for sharing identifiers between sites within the same network: Shared advertising IDs (such as ID5, Criteo ID, or Shared ID) or Data Clean Rooms are appealing ideas but their ‘Reach’ is far too limited.
• The famous Privacy Sandbox pushed by Google for years, targeting cohorts rather than individual users, is more frightening than attractive.
• Contextual targeting resembles traditional marketing too much to appeal to marketers who are very keen on innovation.

Nevertheless, these are alternatives that here and there will help limit the loss of profiling information (audiences).

First-party cookies

The strongest alternative lies in collecting ‘first-party’ data, i.e., on the advertiser’s site. As mentioned, many AdTech companies, starting with Meta and Google, have developed first-party versions of their trackers that retain the ability to link conversions to advertising requests.

For advertisers, this notably requires the use of next-generation data collection tools (with first-party and server-side being the main components) which will allow:

• to stabilize data quality in the long term for the part of users who have consented (the aforementioned 75%), especially when equipped with technologies for resurrecting lost cookies 😇
• to enrich it again via other sources (cross-device, CRM…) to gradually regain lost identities

This will come at the cost of adopting new tools and some adaptation work on websites, but the stakes are high because it is about retaining the ability to collect data to measure the effectiveness of their sites and advertising strategies.

A little tip, Commanders Act’s Cookieless Marketing Data Platform precisely ticks the boxes mentioned: Privacy-respecting data collection, server-side, and first-party. With technologies for retrieving lost cookies and enriching consumer data.

What else?