First party v third party cookies
It is key to note the difference between first and third-party cookies. First-party cookies are stored by the domain that a user visits directly. Third-party cookies are created by domains other than the one a user visits directly, hence the name third-party. They are used for cross-site tracking, retargeting and ad-serving.
First-party cookies are not going anywhere the IAB says. However, the guidance indicates that every stakeholder in digital advertising will now have to think more creatively when it comes to first-party cookies, which have typically been under-utilised compared to their third-party cousins.
Why are the cookies (allegedly) crumbling?
IAB have a few theories as to why third party cookies may be on their way out. The wising up or increasing concern of the consumer may be a key reason they say. In this post-GDPR era of data privacy enlightenment, the average internet user has become more data smart. In particular, users are more aware of where and how their data is being used, and who has access to it. In turn, we have seen industry reactions and developments in increasing privacy and anti-tracking solutions by the major browsers and development of ad blocking technologies (often deployed by way of a browser extension).
The guidance acknowledges the gatekeeping efforts of the main browsers (Chrome, Firefox and Safari). As we’ve reported previously, when the total blocking of third-party cookies by Chrome happens, this will effectively signal the end of third-party cookies overnight. Over 62% of users globally are said to use Chrome as their main browser, so this no overstatement – the third-party cookie has well and truly crumbled (or, it’s about to). We’re told, however, that this is a natural evolution that has been long on the cards.
The guidance also gives a nod to the GDPR’s consent requirements, which, combined with local legislation implementing the ePrivacy Directive, has caused all manner of headaches for in-house legal, tech and compliance teams in ensuring their cookie banners are up to scratch when it comes to non-essential cookies.
As I mentioned, first-party cookies are staying put according to the IAB – so there’s that for some form of stability. It must also be borne in mind that cookies are a web browsing phenomenon. The mobile in-app world is largely untouched by them. Mobile apps tend to use mobile ad identifiers (MAIDs), provided by the device’s operating system, to identify the user. With MAIDs, nothing is stored on the user’s device (however tracking users via mobile apps is of course an entirely separate and complex topic of its own!).
Where do we go from here?
This is just the beginning – the IAB says itself that there will of course be a number of post-cookie solutions developed, tried, and tested over the next few years before the third-party cookie becomes defunct. A few possible scenarios and solutions are proposed:
- Paying more attention to UUIDs and MAIDs, given that mobile ad spend in the UK alone now accounts for 80% of all programmatic digital display ad spend.
- So-called ID consortiums, or shared ID solutions, which rely upon first-party cookies and share inventory and audience segments in order to help solve identity challenges.
- An increased re-focus on internal CRM systems, whereby brands can activate campaigns against their own CRM files and mimic the marketing techniques previously exclusive to proprietary platforms.
- Finally – a blast from the past – contextual advertising! It’s a tried and tested approach and can often reach the right consumers at the right time.
Have the IAB missed anything?
One thing the guidance doesn’t touch on, but arguably should, are the potential opportunities presented to us by the forthcoming ePrivacy Regulation. As you may know, we’ve been waiting for this for a while now, and hopefully we’ll see a finalised draft by the end of the year. A potential key change to the current ePrivacy framework (which establishes cookie consent requirements) is the ability to rely upon legal bases other than consent to store cookies on a user’s device, relying upon legitimate interests instead. This could potentially signal the end to cookie banners. That is if the proposed text doesn’t change… watch this space!
I want to help shape the future!
Don’t we all. The best thing for any stakeholder to do is vote with your feet – drive adoption of whatever novel solution works best for you. The wheels are in motion on a number of independent industry solutions at the moment that you can get involved with – the IAB Tech Lab being one of them – where members can participate in the creation and development of new tools.
We shouldn’t forget about browser initiatives such as the Chrome Privacy Sandbox and regulatory schemes like the Information Commissioner’s Office’s Sandbox, which will “help companies and public bodies deliver new products and services of real benefit to the public, with assurance that they have tackled built-in data protection at the outset”.
Conclusion
It’s clear from the guide that there are uncertain times ahead and the advertising industry is going to need to work smarter and harder than before to mitigate the losses suffered when we bid farewell to third-party cookies. The industry must start embracing this change now to ensure readiness and to enable it to continue to function properly. First-party data is going to be key in this new normal, as will identifying opportunities in logged-in environments where users can always be identified. Whether there will be a resurgence of contextual advertising remains to be seen, as many advertisers have long since abandoned this method in favour of more sophisticated approaches. Exploring new revenue streams on cookie-less platforms like apps and tablets will also be crucial.
The message driven home by the guidance is that it’s up to all of us to shape the future of digital advertising. The industry has a unique opportunity to evolve and advance over the next couple of years, and stakeholders should explore how they can get involved with relevant industry groups to contribute to and develop solutions.
Many national IABs have set-up task forces to discuss and feedback on the solutions currently being developed. On a European level, IAB Europe will shortly be launching a new task force which will bring IAB Europe corporate and national IAB members together to review and provide feedback on industry proposals.
Client Alert 2020-403
