whitepaper:
Digital Advertising in a Cookieless Future

The availability of third-party cookies has been declining for over a decade. 

The first phase started when ad blockers (browser plugins) were introduced in the mid-2000s. More recently, the decline of third-party cookies has been accelerated by privacy laws like GDPR and privacy settings in web browsers — Safari and Firefox block third-party cookies by default. And now, Google is getting into the cookieless conversation with its announcement that it will phase out cookies.

While the cookie has been on the decline, in the short-term there will be minimal impact on digital marketing. Long term, there is now a need for the entire digital community at all levels to find solutions that allow the same (or similar) levels of personalization and targeting that third-party cookies have been providing, while also addressing concerns and the new mandatory practices around privacy, transparency and data ethics.

Most existing solutions aren't as accurate as of the cookie and, while existing and proposed solutions may be viable replacements to third-party cookies, they should be viewed as short-term solutions. The one exception to the existing solutions are the companies with vast amounts of 1st party login level data such as Google, Facebook and Amazon.

FIRST-PARTY COOKIE VS THIRD-PARTY COOKIES 

The idea of a cookieless future excludes the first-party cookie. First-party cookies will continue to be supported in the future because of their crucial role in website functionality. For example, e-commerce sites would not be able to function without the first-party cookie because they store information about users as they shop and add items to their cart. More on this later, but they gather valuable information that can help advertisers in a cookieless world.

UNITED STATES BROWSER MARKET SHARE

WEB BROWSER AND COOKIE CHANGES 

Google Chrome

Google stated in January 2020 that it’s planning to end support for third-party tracking cookies in its popular Chrome browser “within two years.” The majority of internet users (63%) access the internet with Google Chrome.

The alternative to third-party cookies that Chrome is proposing is called Privacy Sandbox. Although details have not completely been worked out, Chrome’s Privacy Sandbox will execute advertising processes in a restricted environment as first announced on August 22, 2019

Google’s goal is to provide an environment for advertising that doesn’t rely on 1:1 identification.

“As that functionality becomes available we will place more and more restrictions on the use of third-party cookies, which are the most common mechanism for cross-site tracking today and eventually deprecate them entirely. In parallel to that we will aggressively combat the current techniques for non-cookie based cross-site tracking, such as fingerprinting, cache inspection, link decoration, network tracking and Personally Identifying Information (PII) joins.” ~ Google Announcement

Currently, none of the proposed Privacy Sandbox APIs are currently open for marketers and third-party tech vendors to test, and their release schedule has not been announced by Google.

Apple Safari/Mozilla Firefox

Apple Safari and Mozilla Firefox already scrapped 3rd party cookies by introducing ITP2.2 and ETP respectively. This represents about 21% of the browser share market.

ITP and ETP Tracking 

In the interests of privacy, the Apple Safari and Mozilla Firefox web browsers are able to block third-party cookies by preventing them from being stored in the browser, and, to close the use of cookies by advertisers. Apple’s ITP2 in Safari takes it a step further by cutting the first-party cookie lifespan from seven days to one day. These blockers are active by default in both Safari and Firefox.

POTENTIAL IMPACT ON ADVERTISING 

Core capabilities of advertising that would be impacted by the removal of third-party cookies:

  • Behavioral Targeting: Behavioral data segments are predominantly cookie-based, as are DMPs and many ad servers’ conversion tracking. Advertisers will need to shift to utilizing more first-party data from large publishers.
  • Reach and Frequency Tracking/Management: Reach will be over-stated and frequency understated.
  • Conversion Tracking and Attribution: Conversion tracking shifts from view-through conversions (users who saw the ad but didn’t click) and multi-touch attribution to only giving last-touch credit based on click-through.
  • Site Retargeting: Site retargeting is dependent on third-party cookie data to identify the correct anonymized users to target.
  • CRM Targeting and Segmentation
  • Combatting Fraud

Note: These are potential impacts based on their reliance on third-party cookies. Proposals for future pathways have been laid out but still unvalidated. Many are both likely to survive in some form.

POSSIBLE SOLUTIONS

When third-party cookies stop working, most AdTech companies will turn to other identifiers to identify users, but these solutions may be much more limited than third-party cookies.

Currently, ‘Walled Gardens’ like Google and Facebook have the advantage of using deterministic data, e.g. login data tied to people-based IDs. There are a handful of ID solutions that use probabilistic data and compete with the ‘Walled Gardens.'

Google’s Ad Tech Stack (DV360, Campaign Manager, AdWords, etc.)

Google’s ad revenue is partially dependent on third-party cookies, but it also collects a lot of first-party data on internet users through its many services, such as Gmail, Maps, YouTube, Android, Google Home, and even its search bar, they suddenly become the only option for many advertisers. Eliminating third-party cookies increases Facebook’s and Google’s ability to track consumers and gather enormous amounts of data about consumers while also preventing many of their competitors from doing the same. 

While Google’s stated goal is to make the web more private and secure for users this move also strengthens their ‘Walled Garden.’

The Trade Desk’s Unified ID

The Trade Desk's Unified ID is a standardized identifier for locating someone visiting a webpage that links to an encrypted email address collected by publishers. The open-source technology is designed to enable publishers to correlate user data with Web pages and other content while retaining user privacy, and is the second iteration of Trade Desk’s Unified ID.

One main strength of TTD’s Unified ID and the Advertising ID Consortium is that they have a number of large AdTech players as members, meaning better compatibility and match rates between platforms.

Digital (or device) fingerprinting

Fingerprinting is a methodology for probabilistically identifying a user without cookies by combining a series of signals that, when combined, are likely to identify a unique user and assign that user a hashed user ID. These non-cookie signals are things like device, operating system, browser, IP address, time zone, and language settings

Because this tracking isn’t cookie-based, many ad tech companies went all-in on fingerprinting as a solution to cookie death. It’s easy to find ad tech providers that will allow you to target with fingerprinting, and with generally good results compared to cookie-based targeting.

However, given the larger trends in privacy, such as GDPR and CCPA, it’s probable that fingerprinting will go the way of the cookie. And probably sooner, rather than later: trends indicate that the number of new companies coming out with these types of targeting models are on the decline. As noted above, Google has already stated that they “will aggressively combat the current techniques for non-cookie based cross-site tracking, such as fingerprinting” etc.

Publisher clean rooms

These are places where the giants like Amazon, Facebook, and Google share aggregated customer data with advertisers (usually via neutral third parties), allowing them to blend their first-party data with the aggregated customer data for a rich view of their ad targeting—which in turn allows them to see where users may be getting over or underserved, and to take those insights back for future planning.

Though advertisers can access the data, that data can never leave the room. So, though the insights are there to be had, an advertiser can never make use of any actual data for future advertising campaigns outside of the ‘Walled Garden’. That fact, combined with the significant cost, is likely why adoption has been low and is primarily being leveraged by large advertisers such as Proctor & Gamble.

CHANNEL SPECIFIC IMPLICATIONS AND SOLUTIONS: PROGRAMMATIC MEDIA 

While cookie deprecation is on its way, there are still many ways to efficiently reach users while many of the above solutions are more thoroughly developed.

  • Event Retargeting: Through certain user “events”, like a video completion, users can be reached without relying on cookies – this is already being done through targeting users who have viewed and completed CTV ads.
  • Contextual Targeting: Targeting users by site, keyword, or category based on relevance to their interests (auto, finance, health & beauty, etc.).
  • 1st and 2nd Party Data: A client’s own first-party data will become even more valuable, as will first-party subscriber and non-subscriber data from Publishers (2nd Party).
  • Social Listening: Tracking client based keywords, conversations and content across social media platform to identify user intent and build targetable audiences. (Facebook, Youtube, Twitter, Etc.)
  • Private Marketplaces (PMPs): Premium inventory on sites that align with user interests.
  • Geo-Targeting: Targeting a defined area – including a user’s current location.
  • Interest Groups: Cohort audiences where data is stored in the browser and clustered with similar users.
  • Mobile, CTV, & Audio: These are all cookieless environments and should see minimal impact.
  • Trade Desk Unified ID: As discussed above TTD’s open-sourced cookieless solution – relies on encrypted email addresses collected from publishers.

CHANNEL SPECIFIC IMPLICATIONS AND SOLUTIONS: FACEBOOK AND INSTAGRAM

  • Native third-party targeting was removed years ago so first-party data is the only native targeting available.
  • Advertisers can still access third party targeting for a fee by partnering with other data partners like Visa, Acxiom, etc.
  • Third-party data is usually less efficient. Audience size may be larger than some interest groups, but often results in higher costs.
  • The removal of support for third-party cookies means their retargeting/remarketing systems based on sites you’ve visited will no longer work.

CHANNEL SPECIFIC IMPLICATIONS AND SOLUTIONS: PAID SEARCH

Google AdWords currently has no public POV on future tracking changes. The Google AdWords cookie is used to track conversions from ads in the Google search and on the Google Display Network, as well as retargeting.

Retargeting and conversion tracking could be impacted in a cookieless world. More likely than not Google will have solutions before they move to cookie-deletion as there is too much ad revenue on the line to not make changes.

HOW USIM IS HELPING COMPANIES PREPARE

  • Closely monitoring developments with Google’s Privacy Sandbox. The details and timing are still very opaque but more details are expected end of 2020.
  • Reviewing and testing cookieless ad tech solutions e.g. universal IDs, device IDs, probabilistic and deterministic data.
  • Exploring second-party data from publishers. The dismantling of third-party data across the web leaves publishers as one of the only sources of privacy-compliant data-rich, first-party data provided by users.
  • Evaluating capabilities and developments of the ‘Walled Gardens’ Google, Facebook, Amazon, etc. In addition, USIM currently utilizes these companies’ ad tech stack.
  • Short term we have made agency and campaign-specific adjustments such as accounting for GDPR, CCPA, Apple Safari/Mozilla Fireworks cookie deletion and Facebook's removal of third party behavioral data.
  • Playing all angles. Attempting to pick the best solution this early in the process would be an unsafe bet. We’re working with everybody to determine the best partners. Plus, given the sophistication of the ecosystem, more than one solution will be needed to solve for a world without cookies.

HOW COMPANIES CAN PREPARE

  • Improve first-party data collection. First-party acquired customer data is the truest form of information about a customer because they provided it in confidence and in exchange for a promise of value, in anticipation of information, personalized discounts, and more rewarding overall experiences. It’s only via first-party data that brands can confidently link various touchpoints, connect the dots between numerous disparate interactions, events, and instances, and create that luminous “360-degree view” to really understand who customers are.
  • Implement best-in-class cookie consent management solutions, if not already done so, ensure that first-party data is fully compliant with regulations and future-proof. Also, clearly communicate to users how data is processed and protected, to increase trust.
  • Build your own Customer Data Platform (CDP). Beginning with their own data sets, companies can, during the next 12 to 24 months, build and centralize all of the consumer data they have within their organization, including legacy and third-party data, into a single go-to internal repository.