The end of third party cookies – collecting user data in compliance with e-privacy

Data protection vs. personalisation


From the year 2022, after Apple and Mozilla, Google will now also no longer support third-party cookies in its Chrome browser. The use of third-party cookies for marketing is thus passé. But it is exactly those that provide helpful customer information and are often one of the main bases for personalized marketing measures. The latter are necessary to be able to address customers individually and in a targeted manner. At the beginning of 2021, Google also announced that no alternative methods for tracking in Chrome will be developed or used. In general, there will be no more tracking of users in Chrome.

Especially due to the elimination of cookies, 60% of the marketing experts expect that specific target groups will be more difficult to address – in some cases they already are. As a result, almost half of them see a reduction in marketing performance and more difficult framework conditions for customised content.

But at the same time, only three percent of the experts think that companies in their industry are well prepared for the end of the third-party cookie. Many marketers are therefore faced with the question of how to obtain a data basis for their campaigns in the future if user tracking will no longer be possible within this framework and scope.

Many issues are currently colliding here - the need for personalisation and data collection on the one hand meets the General Data Protection Regulation (GDPR) and the topic of e-privacy on the other. Is this balancing act still manageable for marketers?

Of course, there are other ways to get there. But in all measures, the guidelines of the General Data Protection Regulation must be the starting point so that the e-privacy of the individual is preserved. Dealing with this takes a lot of time. In this second issue of our magazine, we have therefore dealt intensively with the topic in order to create a comprehensive overview of the complex subject area.


how third-party cookies work and why they will soon no longer be supported

It is not uncommon that marketers, even though they are already running online campaigns through agencies, still do not fully understand the function of third-party cookies and their impact. However, this understanding is important in order to be able to evaluate the significance of their removal for marketing measures.

Cookies can be found on every website. Often they are accepted by visitors without thinking about what they do. In general, they are a term for data records that are stored in the user's browser when visiting a website. They are placed on a website by advertisers, i.e. third parties, to collect advertising-relevant information about a target group.

If a user visits the page again, the stored data can be analysed by the advertising company. For example, the number of page views, the time spent on the page or the route taken by a user via hyperlinks are tracked. For the embedding of cookies, a code does not necessarily have to be stored. Often, these are embedded ads that are located on the third-party provider's server.

For example, if a user visits a website containing an ad from a third-party provider and then heads to another page containing an ad from the same provider, the latter can trace the user's path.

Cookies threaten digital privacy

By tracking internet users and website visitors, companies have sensitive data at their disposal. For example, they can track the path the user took on the internet until they arrived at the website with the cookies. However, not every user agrees that a company can trace this path.

Digital privacy has therefore become a major issue. Many internet users feel observed or even spied on by cookies. The partly sensitive information collected by companies and stored over long periods of time could theoretically be used for purposes other than personalisation or passed on to other companies.

This is why the EU's e-privacy directive currently also stipulates that users may only be tracked if they have explicitly consented to cookies on their computer.

This is usually done by clicking on "accept" in a pop-up window. But many customers do not even know what this click means for them. This is another reason why third-party cookies will soon no longer be supported by popular browsers.


Interview on the topic of "e-privacy”

While the preservation of e-privacy is becoming a bigger and bigger issue, the demand for personalised marketing measures is also increasing. Many consumers today place a high value on being seen as an individual and being addressed in this way by companies. Because personalised messages deliver a better brand experience and higher conversion rates, they have become an important lever for addressing customers. We spoke with Dr. Martin Braun, Head of Communication & Content Strategy, about the regulation and what the elimination of third-party cookies can mean for companies.

RB: What is the new e-Privacy Regulation (ePOV) about? How does it differ from the data protection regulations already in force?

MB: ePOV is an EU regulation that aims to regulate the processing of user data in electronic communications. Many people wonder why there is suddenly a new regulation for this when the General Data Protection Regulation (GDPR) exists. However, both coexist in parallel. The ePOV is merely a specific addition that brings major changes, especially in dealing with the use of cookies. It should be easier for website visitors to reject cookies and to be able to regulate them themselves via the browser settings. After installing a browser, the default privacy settings should be as strict as possible. Afterwards, the user can weaken them himself, if desired.

RB: But now the browsers of Apple and Mozilla no longer support third-party cookies and Google will soon follow them. Why can't first-party cookies compensate for this?

MB: First-party cookies are limited to the publisher domain and can therefore only be used on the website on which they were created. They are therefore not suitable for cross-platform targeting. The core of user tracking is to be able to identify the path of the individual across different websites and this is not possible with first-party cookies.

RB: What challenges does this pose for marketers now?

MB: Of course, it is becoming a challenge for marketers to find new ways to identify users as potential customers. Especially for personalized marketing, the data that is now still provided by third-party cookies is enormously important. But the elimination of cookies can also be seen as an opportunity for the advertising market. We are now forced to look for new privacy-compliant solutions or to develop them ourselves. Synchronizing user signals will continue to be important in the future. That's why companies need new ID systems that are designed according to data protection regulations and at the same time transparent in the sense of the user - in the best case, across companies for the entire industry.

RB: Do you think there will be an alternative solution that makes targeting as easy as third-party cookies currently are?

MB: I don't think there will be a perfect solution. By the way, cookies are not perfect and infallible either. Since there will probably be more data protection laws and regulations in the future and e-privacy will have to be secured again and again through new technologies, I think the best remedy will be a mixture of several solutions. That way, companies make themselves less vulnerable to change.


No third-party cookies – no personalization?

The end of third-party cookies does not necessarily mean that user behavior can no longer be tracked at all and that all campaigns must be created without knowledge of one's own target group.

Nevertheless, the discontinuation of third-party cookies has an impact on the marketing and advertising industry, because it first of all means fewer opportunities to target groups precisely and ultimately also to personalize advertising.

However, due to the increasing demand for personalized content, the need for user and target group profiles is also growing. Therefore, marketers should already find new ways and channels to assess their target group.

How user data is collected using other methods

One possibility is to switch to people-based targeting, i.e. a customer-centric strategy. This approach is also based on user data, but data that is not collected via cookies. This is made possible by an anonymized, personal identifier.  

Internal company data, for example on previous purchases or email engagement, is analyzed for the individual customer. With the help of a tool or platform, companies can also assign the devices from which a website is visited to specific individuals and use all this information to create user profiles. By collecting these characteristics, it is possible to address individuals in a personalized and relevant way across all touch points.

Collect anonymized data via API

Another alternative to third-party cookies will be standardized tokens that allow internet users to control all information about themselves. Consumers remain anonymous and their privacy is preserved.

Google is taking a similar approach in its Chrome browser with so-called Trust Tokens as part of its open-standard "Privacy Sandbox" programme. The Trust Token API is supposed to enable a distinction between bots and real users without disregarding the privacy of individuals. In addition, trust tokens should also be able to help with the selection of ads and the measurement of these.

In general, the use of so-called website APIs is one way of collecting data. An Indexed Database API, for example, is a programming interface that enables websites to store structured data in the user's browser via JavaScript. Using Web SQL, another Web API database, such data can be stored in databases and queried. Both options are supported by various browsers.

Deliver contextual advertising through fingerprinting

Similarly, many marketers think that login alliances on a single sign-on basis can enable tracking without third-party cookies. The idea behind this is that several companies, through their online association, can maintain the recognizability of customers who already give their consent by logging in. However, this option is more useful in the context of B2C e-commerce and marketing.

So-called "fingerprinting" is another alternative to third-party cookies. To identify individual users, an individual combination of browser version, operating system, color depth, installed plug-ins and fonts is tracked. This method is now largely accurate in recognizing and assigning users.

The user's behavior and preferences can be recorded and, on this basis, clusters can be formed within which context-based advertising can be played. Nevertheless, the identity of the individual is preserved, which is why fingerprinting has a greater chance of withstanding the coming e-privacy guidelines.

Personalize ads through semantic imprinting

Semantic targeting is one such contextual tracking method that can be supplemented by "fingerprinting" and with which personalized ads can be played without the use of personal data. In this process, specific keywords are defined for advertisements. These ads are then placed in a relevant environment. The ads are then played when users are on a page relevant to the keywords.

One advantage of this method is that users have usually already come into contact with the subject area at the moment when these ads are displayed to them. For example, if a user is on a page for cosmetic products, it is more likely that they will be shown ads for creams.

It's the mix that counts

Further possibilities for tracking customer data are under development, which will probably be accelerated by the ban on third-party cookies. As the already existing possibilities show, this does not mean that data collection on the internet will become impossible as a result. Consent will also continue to be necessary on websites.

The fact is, however, that the legal situation and e-privacy regulations will continue to change and marketers should therefore not only rely on one, but on several tracking solutions.

Would you like to have more information about the Bay?

By clicking on “Submit” you agree to the personal by RECORDBAY as described in the Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.