Reed Smith Client Alerts

Titled ‘A Guide to the Post Third-Party Cookie Era’, the guidance provides readers with a background to the current use of both first and third-party cookies in digital advertising, and why third-party cookies are, apparently, on their way out. The guidance looks into the current state of play when it comes to digital advertising (both online and in-app), what the future looks like, how we arrived here and what organisations can do to shape their own destinies. Significantly, it also explores alternative digital advertising solutions that we can turn to in the (not-so-distant) future when third-party cookies are a thing of the past.

Authors: Tom Gates Elle Todd

Interconnected icons related to internet of things

First party v third party cookies

It is key to note the difference between first and third-party cookies. First-party cookies are stored by the domain that a user visits directly. Third-party cookies are created by domains other than the one a user visits directly, hence the name third-party. They are used for cross-site tracking, retargeting and ad-serving.

First-party cookies are not going anywhere the IAB says. However, the guidance indicates that every stakeholder in digital advertising will now have to think more creatively when it comes to first-party cookies, which have typically been under-utilised compared to their third-party cousins.

Why are the cookies (allegedly) crumbling?

IAB have a few theories as to why third party cookies may be on their way out. The wising up or increasing concern of the consumer may be a key reason they say. In this post-GDPR era of data privacy enlightenment, the average internet user has become more data smart. In particular, users are more aware of where and how their data is being used, and who has access to it. In turn, we have seen industry reactions and developments in increasing privacy and anti-tracking solutions by the major browsers and development of ad blocking technologies (often deployed by way of a browser extension).

The guidance acknowledges the gatekeeping efforts of the main browsers (Chrome, Firefox and Safari). As we’ve reported previously, when the total blocking of third-party cookies by Chrome happens, this will effectively signal the end of third-party cookies overnight. Over 62% of users globally are said to use Chrome as their main browser, so this no overstatement – the third-party cookie has well and truly crumbled (or, it’s about to). We’re told, however, that this is a natural evolution that has been long on the cards.

The guidance also gives a nod to the GDPR’s consent requirements, which, combined with local legislation implementing the ePrivacy Directive, has caused all manner of headaches for in-house legal, tech and compliance teams in ensuring their cookie banners are up to scratch when it comes to non-essential cookies.

As I mentioned, first-party cookies are staying put according to the IAB – so there’s that for some form of stability. It must also be borne in mind that cookies are a web browsing phenomenon. The mobile in-app world is largely untouched by them. Mobile apps tend to use mobile ad identifiers (MAIDs), provided by the device’s operating system, to identify the user. With MAIDs, nothing is stored on the user’s device (however tracking users via mobile apps is of course an entirely separate and complex topic of its own!).