The end of the cookie era – coming soon?

In order to obtain the consent necessary for marketing purposes, different variants of cookie banners are in circulation in practice. These ask for the user's consent sometimes more, sometimes less implicitly. Increasingly, companies rely on Consent Management Platforms (CMPs), which facilitate the complex integration and control of different marketing tools. These technical solutions cannot help but notice that, in our experience, around 20 to 30 percent of website visitors do not give their consent to the setting of additional cookies. This depends on the industry, user structure and the structure of the cookie banner. Consequently, no more data can be collected from these users. At this point it should be mentioned that the GDPR also provides for an explicit consent for alternative variants of individual identification of users which - like so-called fingerprinting - do not require cookies. For marketers, this results in a variety of challenges.

That is the reason why the comparison of KPIs and key figures in analytics solutions such as Google Analytics or Adobe Analytics is only possible to a very limited extent before and after the implementation of a GDPR-compliant cookie banner. Some metrics such as the popular 'bounce rate' or 'time spent on page' are also becoming less important - anyone who enters a website and uses it without accepting cookies or leaves it again immediately cannot be captured by the analytics tool. Similarly, campaign tracking becomes less accurate if campaign parameters cannot be recorded on the website. This makes it difficult for marketers to evaluate the performance of individual campaigns and channels. The successful handling of other third-party tools, such as A/B testing, personalization or retargeting, also becomes more difficult, as their range is significantly reduced by the obligation to consents.

A development that has been driven by browser providers for some time now also has an equally large influence on the future of digital marketing in general and cookies in particular: The increasing blocking of third-party cookies by the browser without the user even noticing this process.

These third party cookies have been criticised by data protectionists for some time, as they identify the user across different websites. While first party cookies are set by the website operator itself, third party cookies come from other companies, such as Google or Facebook. This enables these providers to create user profiles and display personalised advertising. Third party cookies enable Facebook or Google to "know" which websites a user has visited, provided that the website operator has integrated the corresponding solution of the provider on his website. This is often done in order to enable the website operator to place advertising on third-party websites by means of retargeting.

Apple already blocked third party cookies in 2017 with its "Intelligent Tracking Prevention" (ITP) . The feature has been expanded several times since then and consistently blocks all third party cookies, as they are usually set via Facebook or Google Ads pixels. First party cookies can still be used. However, if they are set using JavaScript and not server-side, as is common with most marketing tools, they expire after seven days. In certain cases, such as when the user comes to the page by clicking on a Facebook ad, all non-server-side cookies even expire after 24 hours. Microsoft with Edge and Firefox have now followed suit in blocking third party cookies, but have not yet implemented any restrictions for first party cookies. Google has also announced that it wants to eliminate third party cookies from Chrome by 2022.

For the search engine giant, this change is a difficult balancing act: With its "ads" ecosystem, the company is one of the biggest beneficiaries of data collected using third party cookies. At the same time, it can no longer escape the growing call for more data protection and privacy on the Web. Therefore Google is currently developing an alternative to third party cookies, the so-called "Privacy Sandbox". This is basically a collection of application programming interfaces (APIs). The idea: user data is stored transparently at browser level. Website operators are given a certain "privacy budget", with which they can obtain anonymous data on a user's target group affiliation, for example, without the user being personally identified. This would give users more control and transparency with regard to their data, while at the same time strengthening the Tech Group's market leadership in the advertising business. However, the "Privacy Sandbox" is currently still in the conception phase. The fact that Google first wants to establish such an alternative to third party cookies also explains the long period of time that has been set until the final blocking in the in-house chrome browser.

The placement of ads via retargeting on third-party websites and social media portals such as Facebook or LinkedIn will change significantly, as these are based on user IDs and behavior. The linking of data from various third-party sources, for example by means of a Data Management Platform (DMP), and the creation and activation of relevant user segments based on this data will no longer be possible in the future as is currently the case.

These modifications will change digital marketing far-reaching and will announce the end of the cookie era. Companies should see this as an opportunity and react to the changing circumstances in good time to make themselves fit for the future. 

How to optimally adapt your data and marketing strategies and which methods and tools will become more relevant can be found in part 1 and part 2 of the blog series published by my colleague Marco Hassler.