Third-party cookies have been key to programmatic advertising, allowing advertisers to track users across sites for personalized ads. As privacy concerns grow, browsers like Safari and Firefox have blocked these cookies by default. In response, Google Chrome is shifting its approach. Instead of removing third-party cookies entirely, Chrome introduced the Privacy Sandbox, giving users more control over their data while maintaining the ad-supported internet.
In this article, you’ll learn about third-party cookies and their functions in Google Chrome.
Key Points
- Third-party cookies carry out advertising-related activities such as cross-site identification and profiling, ad targeting, retargeting, ad campaign measurement and attribution.
- Cookies are domain-specific, so they need to be compared against each other in a process called cookie syncing. This process causes lags in displaying ads and has a low match rate.
- Google’s advertising ecosystem heavily relies on third-party cookies — twelve Google products use them to deliver ads to users and reports to advertisers.
- Due to privacy concerns, including the role of third-party cookies, laws such as the General Data Protection Regulation have emerged and forced the AdTech industry to limit user tracking and look for alternatives to cookies.
- Google is preparing to release its cookieless environment, the Privacy Sandbox, and, at the same time, give users the choice to allow for tracking or opt-out from it.
The Role of Third-Party Cookies in Digital Advertising
Third-party cookies play a crucial role in the digital advertising ecosystem by storing user IDs and information on user activity.
Third-party cookies are created by domains other than the one a user is visiting. They are fundamental to key advertising processes:
Ad Campaign Performance Measurement and Ad Attribution
Third-party cookies help measure ad campaign performance and attribute ad impressions and clicks to user actions. By tracking user interactions across different websites, advertisers can generate detailed reports containing information on the effectiveness of their campaigns.
Ad Targeting
Third-party cookies enable supply-side platforms (SSPs) and demand-side platforms (DSPs) to deliver personalized ads to users based on their browsing history and preferences.
Retargeting
Another application of third-party cookies is retargeting, which involves showing ads to users who have previously visited a website but did not complete a desired action, such as making a purchase. By tracking users across the web, advertisers can re-engage these potential customers with their ads.
Cross-Site User Identification and Profiling
The main function of third-party cookies is to enable cross-site user identification and profiling. By aggregating data from various websites, advertisers build user profiles in a data platform, such as a data management platform (DMP) or customer data platforms (CDPs), to target users with ads tailored to their preferences.
Cookies Need To Be Synced
Websites, platforms and systems create IDs unique for their users and store these IDs in cookies. The IDs need to be matched to identify the same user across multiple domains and AdTech platforms and ensure effective identification.
The process known as cookie syncing matches user identifiers from different systems, creating a unified user profile that allows advertisers to perform advertising-related activities.
This is how the cookie-syncing process works:
- A user visits a website that has a space to display an ad.
- The advertiser’s platform, a DSP, receives the request to serve an ad to the user.
- The DSP sends a request and creates a third-party cookie.
- The ad exchange redirects (http redirect) the ad request to the pixel URL on the DMP’s side, passing the user ID in the URL parameter. The DMP reads its own cookie or creates a new cookie and then saves the user ID passed from the DSP along with its own user ID in the cookie-matching table.
- If the sync is bidirectional, the DMP makes the redirect back to the DSP, passing its own ID in the URL parameter. The DSP receives this request, reads its own cookie, and stores the DMP ID along with its own ID in the cookie-matching table.
- Now, both the DSP and DMP have each other’s user IDs in each other’s databases.
Cookie syncing, however, has its downsides. Here are the main ones:
- Low match rate: The success rate of matching user IDs is between 40% and 60%.
- Cookie blocking: Users use cookie-blocking programs or browse in incognito/private mode to disable cookies from collecting information on them.
- Lags in serving ads: The browser has to make multiple calls to different servers and this is the cause of ad-serving latency.
If companies couldn’t run cookie syncing, they wouldn’t be able to identify users.
What’s Happening with Third-Party Cookies in Google Chrome?
Third-party cookies have long been crucial for independent AdTech companies, especially in Google Chrome, which allows tracking across multiple websites to deliver targeted ads. However, in recent years, Chrome has made changes to enhance privacy, such as the introduction of the SameSite policy, which limits how cookies can be shared across sites.
Looking ahead, Google plans to phase out support for third-party cookies entirely and replace them with the Privacy Sandbox initiative. This new framework aims to protect user privacy while still allowing AdTech companies to provide relevant ads. Click here to learn more about it.
Third-Party Cookies in Google’s Advertising Business
Google itself also utilizes third-party cookies to display ads, personalize them, perform frequency capping, stop serving ads that a user has chosen to stop seeing and measure the performance of ad campaigns.
Here is the list of Google’s products that use third-party cookies for advertising:
- AdSense
- AdSense for Search
- Google Ad Manager
- Google Ads
- Campaign Manager
- Google Analytics
- Display & Video 360
- Search Ads 360
- YouTube
- Google Flights
- Google Hotel Ads
- Google Surveys
Examples of cookies used by Google include the ‘NID’ cookie, which displays ads to users not signed in, and the ‘ANID’ and ‘IDE’ cookies, which manage ads on non-Google websites. If personalized ads are enabled, these cookies tailor the ads shown; if disabled, they store users’ preferences.
What Is Currently Happening with Third-Party Cookies in AdTech and How Is Google Evolving User Privacy Choices?
In 2018, the General Data Protection Regulation (GDPR) regulation went into effect to enhance user privacy by setting new rules for processing personal data. To use personal data for ad-targeting and retargeting, companies have to collect consent from the user visiting their digital properties, e.g. website and mobile app — typically, via a consent management platform (CMP).
Apart from the GDPR in the European Union, there are a few other privacy regulations around the world that terminate how personal information can be stored and processed. The common denominator is to protect user data.
In addition to privacy regulations, major web browsers have also updated their privacy policies to prevent cross-site tracking. Two key examples are Safari and Mozilla. These two popular web browsers now block third-party cookies by default and limit cross-site tracking and tracking possibilities as a consequence. Google, however, has taken a different approach.
Instead of blocking third-party cookies, Google has launched a new project—the Privacy Sandbox—that would enable the delivery of targeted ads while still improving user privacy.
Initially, Google wanted to shut down support for third-party cookies as part of the roll out of its Privacy Sandbox initiative. However, after years of delays, Google has since announced that it won’t be shutting down support for third-party cookies and instead will allow users to decide whether third-party cookies can be created on their devices.
In its most recent announcement, Google said that it plans to:
- Introduce new features in the Chrome browser that would support making informed decisions on user tracking.
- Add IP Protection into Chrome’s Incognito mode.
- Continue to develop the Privacy Sandbox APIs.
Alternatives to Third-Party Cookies Google’s Privacy Sandbox
In response to the changing privacy landscape, various AdTech vendors have created their own identity solutions to offer a replacement for third-party cookies. The main alternative are universal IDs as they operate in a similar way to third-party cookies, albeit in a much more limited way.
A universal ID or an alternative (alt) ID, is a unique user ID leveraged by AdTech companies to identify users across different websites and devices. To create universal IDs, AdTech vendors use a piece of deterministic data, such as an email address or phone number, and then create a hashed and encrypted ID. This allows companies to identify users without exposing raw data.
Three examples of universal IDs are:
- Unified ID 2.0: Developed by The Trade Desk, it offers a secure, encrypted ID created via a user’s email address.
- LiveRamp’s IdentityLink: Connects a user’s online and offline data through a single identifier.
- ID5 ID: An independent identity vendor that provides an identity infrastructure to power addressable advertising across different channels, e.g. web/display (web browsers), in-app mobile and CTV.
Other alternatives to third-party cookies include data clean rooms, the IAB Tech Lab’s Seller Defined Audiences (SDA), self-serve ad platforms, and contextual targeting.
Google’s Privacy Sandbox
In 2019, Google initially released information about its Privacy Sandbox, a new initiative aimed at becoming a new advertising standard for the web.
The Privacy Sandbox delivers application programming interfaces (APIs) for online advertising to enable effective ad targeting and measurement. At the same time it protects user privacy, utilizing various privacy-enhancing technologies, such as differential privacy.
Here are the main advertising solutions in the Privacy Sandbox:
Private Aggregation API
Aggregates and reports cross-site data in a privacy-preserving manner. It uses the operation `sendHistogramReport()` to gather data from Protected Audience API and Shared Storage, providing noised summary reports. For instance, marketers can create histograms showing the approximate number of users in a location who have seen their ads.
Attribution Reporting API
Measures ad conversions without third-party cookies, tracking ad clicks and views in third-party iframes or first-party contexts like social networks.
Topics API (formerly FLoC)
Replaces FLoC, using broad interest categories for personalized advertising without extensive tracking.
Protected Audience API (formerly TURTLEDOVE and FLEDGE)
Developed from proposals like SPARROW, Dovekey, and PARROT, this API enables private ad targeting and re-engagement, with user interests stored by the browser.
None of these proposals use third-party cookies. However, Google will continue to support third-party cookies in its Chrome web browser for the time being.