Google plans to phase out the use of third-party cookies (set by external companies to track user behavior across the web) in the Chrome browser, and other browsers — Firefox, Safari, Opera, and Brave — have already deprecated third-party cookie support. This affects the type and volume of data available for marketers. There are also increasing pressures on digital marketers to meet strict data privacy standards. These pressures now come from influential tech platforms that millions of companies rely on, perhaps even more than from data protection authorities.
The cookieless future doesn’t mean there won’t be any cookies of any kind in use, just that third-party cookies and their sometimes indiscriminate tracking will be phased out. While marketers have long relied on the data third-party cookies collect, this data has often been collected with questionable — if any — consent from the people it’s sourced from. The data itself is also often of lower quality, needing to be aggregated with other data sources to be useful (and profitable).
Given the Chrome browser’s 65 percent majority market share as of mid-2024, however, the final deprecation of third-party cookie use will mark a significant milestone in the evolution of data processing, digital marketing, and privacy online. So “cookieless future” is in many ways appropriate.
We look at what the evolution of cookie use, changes in requirements for use of Google services, demands for data, and evolving privacy laws mean for companies. We also delve into the impacts of massive changes to established ways of doing digital marketing, and the solutions that companies can implement to make the cookieless future much brighter and more privacy-compliant.
What are the biggest challenges of the cookieless future for marketers?
There are increasing limitations on and even elimination of third-party data — which is indirectly derived from customers via various sources using third-party trackers and tools. Combine this change with the move to zero- and first-party data, which is limited to what customers consent to, marketers will see reduced data visibility. This will impact the ability to track and target users online. However, as noted, these other data sources are of higher quality, and less data is needed to gain valuable insights, since it comes directly from customers.
Additionally, there are tools and strategies to optimize data collection in ways that are privacy-compliant, and to use newer technologies to enable modeling to provide the information marketers need to understand audience segments, customer journeys, and more.
Previously it’s not that consumers didn’t care about companies collecting so much of their data without consent, it’s more that there was little they could do about it. However, that is changing, thanks to regulations putting more control over data access into consumers’ hands, and people understanding that their patronage — and data — hold influence. If companies want their data, people want to know what’s in it for them. And if they don’t feel that they can trust companies to respect their privacy and secure their data, they’re increasingly inclined to take their business and data elsewhere, as this PWC survey from 2022 noted.
Shifting strategy from “collect as much data as you can and we’ll figure out what to do with it later” to much more strategic data collection and analysis is not only a legal requirement today, it’s a much smarter strategy. Companies can ask consumers how they want communications, what they want to hear from companies about, and what data they consent to share. Companies demonstrate respect for privacy, better engage customers, and acquire much more accurate data that can inform all parts of marketing operations.
Once companies connect with customers and obtain data, they still need to analyze and measure the performance of their marketing efforts. Obviously, measurement based on old models, like those relying on third-party data, need an overhaul. Fortunately, there are new tools and strategies to help, which we’ll get into. Even when users decline consent, there are ways to obtain anonymized data and to model conversion journeys to know which channels are converting, the ROI of campaigns, and other key insights.
Why do you need to be ready for a Google cookieless future?
Change is coming for digital marketers on a number of fronts. Data privacy regulations have been spreading globally for years, and now influential tech partners are levying strict privacy requirements on their customers to ensure end to end privacy compliance in their operations. We look at the most important factors that marketers need to build into their operations to succeed in the privacy-led future.
1. Legal compliance with data protection and user privacy regulations
Data privacy laws are becoming well established, with the majority of the world’s population now protected by some form of privacy regulation. However, it’s not uncommon for many smaller companies to pay little attention even to established laws like the European Union’s General Data Protection Regulation (GDPR). It’s big and complex, there are large “gray areas” that require legal interpretation, and all the penalties that have grabbed headlines seem to exclusively land on giant tech companies with global operations and billions of Euros in revenue.
But what has grabbed the attention of millions of companies is new requirements handed down by Google to their customers and partners. Thanks to new laws like the Digital Markets Act (DMA), big tech platforms like Google, Meta, and Amazon have additional stringent privacy requirements to meet. And to ensure compliance, all the companies relying on their platforms for data, audience access, analytics, advertising, and more need to meet the same privacy standards.
2. Google’s requirements for advertisers
Google has also updated and is enforcing its EU user consent policy, which aligns with the requirements of the GDPR and ePrivacy Directive (ePD), further tightening consent requirements to its customer base.
If you’re using services like Google Ads or Analytics you need to implement a Google-certified consent management platform with the latest version of Consent Mode integrated. This enables you to collect user consent for data collection and processing and signal it to Google services, which are then controlled based on users’ consent choices. If you don’t comply, you can lose access to key functionality, like personalization features.
3. Google’s requirements for publishers
Google also now requires publishers serving ads on websites or in apps in the EU/EEA or UK to implement the latest version of the IAB’s Transparency & Consent Framework (TCF) implemented via integration with a consent management platform (CMP). Not implementing TCF 2.2 puts you at risk of loss of advertising revenue in significant markets.
While Google’s privacy requirements are not fully global yet, it’s inevitable that as data privacy regulations continue to spread and evolve, data privacy requirements and robust consent management — including for cookie use — will become the global standard for doing business with influential tech platforms, enforcing a cookieless future.
Data privacy and marketing alignment
Navigating these new requirements means marketers need to embrace privacy-centric marketing strategies and technologies that align with evolving user privacy expectations. It requires giving up old notions of control over data and bringing together technologies to update the marketing stack, using consented data to drive campaigns, and doing the work to get to know customers and prospects directly so they welcome simply being asked about what they want from your company.
Google has presented core strategies for the future of measurement, including Google Consent Mode, Customer Match, Server-side Tagging, and Enhanced Conversion Tracking, emphasizing the pivotal role of user consent and transparent data practices for robust marketing operations in the cookieless future.
From third-party cookies to a cookieless world: embracing a privacy-first approach to marketing
A knee-jerk reaction to the evolution of digital marketing operations is that a lack of data will hamstring campaigns, affecting paid channel performance and measurement, for example. But this notion fails to take into account a critical fact outlined in a Google/Ipsos survey: providing a positive privacy experience can increase share of brand preference by 43%. Additionally, 71% of people prefer to buy from brands that are honest about what data they collect and why.
It’s not that valuable data is no longer available to marketers; it’s that it hasn’t occurred to some of them to provide customers and prospects with the right kind of experiences — that respect data privacy and are transparent about using data — that make them happy to provide it.
The impending end of third-party cookies in major web browsers calls for advertisers to take a proactive approach to adapt their marketing practices and data operations to the new cookieless world.
The same study confirms the positive impact the privacy experience users have on your website or app. A positive privacy experience and a sense of control over user data can bolster brand preference and sales, while a negative experience can have a detrimental impact. With more and more data privacy regulations including the user right of data portability, being able to vote with their feet (or phones) and wallets has never been easier, and marketers need to pay attention.
Zero- and first-party data in a cookieless world
The quality issue with third-party data — the kind collected by third-party cookies — is its distance from the source, i.e. companies website visitors, app users, ecommerce customers, etc. So much of it has to be aggregated to gain useful insights, and even then it’s still nowhere near ideal.
What is ideal is building a direct relationship with these customers and getting their informed consent and preferences. This enables you to personalize communications, sales offers, targeted marketing, and more. Individuals hear from your company when they want and about what they want, which builds trust and increases engagement to grow long-term customer relationships and revenue. To do this, companies need zero- and first-party data.
Zero-party data for marketing in a cookieless world
Zero-party data is also referred to as self-reported, explicit, or opt-in data. It’s the gold standard for marketing in a cookieless world because it comes directly from visitors, users, and customers. It’s shared voluntarily and intentionally with their consent, and goes hand in hand with their consent choices about access to their personal data. Zero-party data doesn’t need to be aggregated or analyzed, because it’s direct information about what customers want.
Some examples of sources of zero-party data include surveys, product reviews, product preferences from orders, etc.
McKinsey has reported that companies earn 40 percent more revenue from personalization, so investing in operations to obtain and activate zero-party data are well worth it, via preference management and other mechanisms.
Zero-party data is also valuable for product development and improvements, improved marketing programs, better sales strategy, and more.
First-party data for marketing in a cookieless world
First-party data is also referred to as proprietary, customer, in-house, or owned data. It’s obtained slightly less directly than zero-party data, so insights from it can be less accurate, but it’s still more valuable than third-party data, and an important source for marketing strategy and analysis.
Some examples of sources of first-party data include website analytics, ecommerce records, app usage data, and social media activities.
First-party data is particularly valuable for showing patterns in user behavior and preferences via activities, such as website session duration, page views, online purchases, software usage data, email engagement data, etc. Sometimes data from what people do can be more accurate than what they self-report via voluntary channels.
This data is useful for improving product user experience, enabling users to get more value from products, faster. On the business side, the data is useful for audience segmentation, marketing communications personalization, predictive modeling based on browsing and purchasing habits, campaign performance analysis, ROI interpretation, and budget optimization.
Preference management in a cookieless world
Preference management involves requesting information from users and customers, and then using it to tailor those individuals’ experiences with your company via communications, offers, and more. It’s a key source of zero-party data, and involves the most direct interaction rather than collecting data via user activities like web browsing.
Preference management also goes hand in hand with consent management, as when you want to know what customers want, that includes what personal data they agree to share with you and possibly with third-party partners.
Unlike with some third-party data collection, combining consent and preference management helps to ensure customers have full control over what they consent to in their interactions with companies regarding collection of data about them, communications, profiling and targeting, and more.
A preference management solution helps you gain higher open rates for emails, text messages, and more since they match the preferences of each customer. You target advertising more accurately, gain better visibility for product launches and sales, targeting customers who’ve specifically requested information about these campaigns.
Preference management delivers better customer experience all around and demonstrates respect for privacy and customer preference and choice. A cookieless future all companies can get behind.
Server-side tagging in a cookieless world
Server-side tagging is another solution to the end of third-party tracking. With this function, your tags are served from a server directly, rather than in the visitor’s browser. This provides more control over privacy compliance in data collection and sharing with third parties, important when evolving marketing activities for a cookieless culture.
Client-side tagging transmits data to one or more servers, and commonly, with tag management, shares collected data with third parties, e.g. marketing technology partners. But there is no central control over data and who can access it, hence the privacy value of server-side tagging.
Server-side tagging is sitewide, so website and customer data are securely hosted on a central first-party server, which functions as a buffer between customers (and their consent) and third-parties that want their data for tracking and analysis. It enables a cookieless tracking solution where your customers’ consent choices determine what data is made available, and you control who gets access, when, how, and to what specific information.
Additional benefits of server-side tagging include:
- more centralized source of information for legal audits
- a comprehensive view of customers across touchpoints
- improved website performance in terms of page speed, conversion rates and SEO (Core Web Vitals)
- improved monetization and data collection by bypassing ad blockers
- improved customer experience by recording consent preferences once and enabling transferring across devices and platforms
Digital marketing in a cookieless world
With all these changes to how marketing and advertising work online, it’s understandable that marketers could be worried. But there’s no need to be. There are already tools and solutions available that not only replace third-party data from cookies, but enable consented collection and use of higher quality zero- and first-party data, higher user engagement, better customer satisfaction, and sustainable revenue growth.
Marketing measurement in a cookieless world
Marketers are greatly concerned about moving away from relying on third-party data and meeting business and regulatory requirements for obtaining valid user consent to access personal data, primarily due to accuracy concerns. They need to maintain accurate measurement of marketing activities and target new and existing audiences accurately. Fortunately, there are solutions to help marketers accurately obtain and signal user consent and obtain the data they need for accurate measurement.
The Google cookieless future arrived for many companies with the advent of Google’s new requirements for marketers, advertisers, and publishers in the EU. As of early 2024, the company requires its Google Ads customers to use a Google-certified consent management platform (CMP) that’s integrated with the latest version of Consent Mode in order to maintain access to key features of its services, like personalization.
A solution like Usercentrics CMP enables companies to obtain valid consent for the processing of personal data, per the compliance requirements of laws like the GDPR. Then the integrated Consent Mode v2 signals the consent information to Google services, controlling tags for website and advertising performance with it, and blocking or enabling cookies and trackers depending on users’ consent choices.
Watch our video to see how easy it is to enable Consent Mode with Google-certified Usercentrics CMP.
Where measurement is concerned, even when individuals decline consent, Consent Mode enables the collection of anonymized data only, which can’t identify an individual. This data is used for conversion modeling to develop insights while data privacy rights and requirements are respected. Website operators get back a significant amount of data for advertisers and gain conversion insights and information about consent banner interactions to optimize consent rates. It’s a strong example of a sophisticated solution for a cookieless world that’s driven by consent and enables marketing operations and business growth.
Marketing attribution in a cookieless world
Digital marketing is moving away from multi-touch attribution tools as the phase-out of third-party cookies draws nearer. So how can marketers accurately track customers’ conversion journeys? Here, again, conversion modeling can help.
Conversion modeling uses machine learning to assign links between ad interactions and conversions. This provides accounting in cases where cookies or other identifiers aren’t available.
Ad interactions are grouped; one group has a clear link to conversion, and the others don’t. The conversions with clear conversion paths are subdivided into groups to identify patterns more specifically, e.g. distribution of product purchase volumes depending on the day of the week or time of day.
Machine learning can then predict characteristics for the other group of unidentified ad conversions based on data that is known, and characteristics from the clear conversion paths. Modeled conversions are typically only included in reporting when the degree of confidence is high that an ad display resulted in a conversion. This helps with reporting accuracy.
Google has also proposed Privacy Sandbox APIs. These are meant for several advertising use cases, including attribution reporting, while enabling data privacy compliance. Advertising interactions can be linked to specific actions or conversions, so individual tracking isn’t needed. Advertisers can understand campaign impact in a privacy-centric way.
Optimized targeting and retargeting in a cookieless world
First-party data, coming directly from users, allows for significantly greater precision in optimizing targeting and retargeting activities. Consumers are all too familiar with poorly targeted ads, especially when they seem to follow individuals around online. Companies need to know what a prospect who converts looks like, which can be modeled from data collected (with consent), ideally in real time. Google Ads enables optimized targeting to help you find your ideal audiences, and is one of the Google services supported by Consent Mode to help ensure adherence to privacy standards.
As marketing evolves away from cookies, contextual targeting is becoming more important. Companies can direct advertising based on users’ demonstrated interests, respecting their privacy and data preferences, rather than trying to broadly harvest enough data in an effort to understand the user and present ads that engage them.
To do retargeting well, companies need good data sources and user consent, which consent and preference management explicitly deliver. As retargeting evolves, along with many digital marketing operations — not to mention data privacy laws, business requirements, and consumer savvy — this will only continue to become more important.
For a successful user journey that results in conversions (and happy customers), companies will need tools and insights to carefully craft messaging that matches customers’ actions, interests, and consent choices. Instead of blasting individuals who didn’t immediately convert with ads and potentially questionable personalization, companies can use more sophisticated campaigns to stay top of mind with prospects where they like to browse, based on known patterns and interests, until they’re ready to buy.
Google’s tools to implement consent and a privacy-first approach also extend to retargeting efforts. The Privacy Sandbox APIs support it, enabling these important conversions on future interactions.
Consent management in a cookieless world
Consent management is the lynchpin of these new marketing tactics, in addition to being a key tool to enable data privacy compliance with an ever-increasing number of regulations, guidelines, and policies around the world.
While companies have gotten used to established laws like the GDPR, more recently, regulations like the Digital Markets Act (DMA) have contributed to new pressures to achieve and maintain privacy compliance due to business requirements. As companies like Google, Meta, and Amazon are required to meet stringent new standards, to enable end to end privacy compliance, that means they need to levy their own requirements on their customers to ensure consent for advertising, analytics, and other data uses.
A consent management solution sits at the middle of the marketing stack to record customers’ consent preferences, and enable signaling them to control the many marketing functions, from Google tags to vendor campaigns. It also enables companies to prove that they obtained valid consent in the event of an audit or data subject request.
A consent management platform enables users to make granular choices about their data use, saying “yes” to cookie use for marketing purposes, “no” to analytics, etc. Or they can consent to all cookie use (increasingly first-party as third-party cookies are deprecated) or decline the use of all cookies and tracking technologies except those essential for core website functions.
What’s next for the marketing cookieless future?
While marketers have relied on third-party cookies for a long time, they have always been imperfect tools, and they simply don’t fit today’s technology and privacy requirements, and customers’ expectations.
Not to worry, there are plenty of tools now for the marketing stack, and evolving strategies that respect privacy and enable compliance, while still delivering the data marketers need for precision, engagement, and conversions.
Of course, as with any big change, getting your new privacy-led marketing tactics and measurement right will require some fine-tuning. You will need to test and optimize both to get the zero- and first-party data you need, and increase data volumes by improving opt-in rates and increasing user buy-in to personalization.
A layered approach is also important, including using advanced data modeling and AI. AI-driven attribution is being considered as a solution to stitch together longer customer journeys, enabling more effective tracking and personalized targeting in the absence of traditional cookie-based measurement systems.
Each company needs to determine the right toolkit for its operations; there isn’t one blanket solution to overhaul marketing operations or preserve traditional methods of measurement. Not all companies will have sufficient data volumes for functions like modeling, and so may need to shift to internal data science functions. Very small companies may lack both the data and resources, but even tiny startups can listen to their customers, respect their privacy, and deliver great customer experiences that make people happy to share their preferences and information.
The cookieless future is here, and it brings with it better customer experience by incorporating built-in end-to-end privacy in marketing operations, relying only on data coming directly from the customer, which in turn enables true personalization, and builds longer-term relationships based on trust.
Usercentrics does not provide legal advice, and information is provided for educational purposes only. We always recommend engaging qualified legal counsel or privacy specialists regarding data privacy and protection issues and operations.
