Third-Party Cookies Aren’t “Going Away.” But, What Role Should They Play in Advertising & Customer Relationship Management?
Way back in 2020, Google announced its intention to phase out third-party cookies in its Chrome browser by the end of 2023. This decision was made in response to growing privacy concerns and regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Then, in July 2024, Google made an announcement: due to technical roadblocks — and after significant pushback from advertisers — the search giant would no longer be doing away with cookies on Google Chrome.
So, we’re now back to how things have always been? Well, kind of.
Google’s decision to keep cookies around hasn’t precluded the internet juggernaut from developing alternatives. As early as 2019, the company began working on a suite of Application Programming Interfaces (APIs) called the Google Privacy Sandbox. The ecosystem, a new alternative to third-party cookies, would “both protect people's privacy online and give companies and developers tools to build thriving digital businesses.”
Other privacy-focused developments, like the open-source Unified ID 2.0, or simply first-party data collected directly from users, could potentially replace third-party cookies in the future. But, before we get into all that… let’s start at the beginning.
Recommended reading
- Online Shopping vs In-Store Shopping: the Future of Retail?
- Top 15 Customer Returns Reasons in 2025 & How to Avoid Them
- eCommerce Personalization: Essential Strategies for 2025
- What is CNP Commerce? Why is CNP More Vulnerable to Fraud?
- They’re Here — Cyber Week 2024 Stats & Analysis!
- Card-Not-Present Transactions: Know the Risks & Rewards
What are Third-Party Cookies?
- Third-Party Cookies
Third-party cookies are text files placed on a user’s computer by a domain different from the website the user is currently visiting. The third-party domain, often an advertising partner, uses these cookies to track a user’s browsing history across websites.
[noun]/THərd • pär • dē • ko͝o • kē/
From an advertiser’s perspective, third-party cookies are useful because they enable cross-site tracking. The advertiser can see a user’s activity across different websites, rather than just one. This gives the advertiser the power to display a small group of targeted and personalized advertisements across multiple websites. These retargeting efforts remind customers about a product or service even when they are not on the website that offers them.
From the user’s perspective, though, third-party cookies can feel intrusive. Visit a website once and suddenly you’re bombarded with ads that attempt to coax you back to the site. No matter where you are — reading a news article, browsing social media, or on a completely unrelated website — you’re fed targeted ads over and over again. This has led to pushback about third-party cookie use.
Are Third-Party Cookies Going Away?
Third-party cookies are not going away entirely. But, changes to popular browsers are making them increasingly ineffective for marketing and eCommerce purposes.
The short answer is “no.” Due to Google’s abrupt reversal in mid-2024, third-party cookies remain enabled by default in Google Chrome, the browser of choice for two-thirds of the world’s internet users. But, some changes are coming that will impact how you use third-party cookies.
New privacy-focused features introduced by Google’s Privacy Sandbox initiative could allow users to have greater control over what information they share, when they share it, and which advertisers they share it with. In fact, as part of a pilot program that began in January 2024, third-party cookies are restricted by default for 1% of Chrome users. Eventually, the internet giant plans to move to an opt-in, “informed choice” model for third-party cookies on Chrome, though concrete details about this planned initiative remain scarce.
Besides, competing browsers like Firefox and Safari have been phasing out third-party cookies for years now. Both browsers now block them by default. This suggests their effectiveness as a tracking tool for advertisers is gradually waning, regardless of what moves Google makes.
Ad blocking technologies like AdBlock and uBlock Origin, along with privacy-focused browsers like DuckDuckGo, are rendering third-party cookies ineffective at best, and useless at worst.
These privacy-first tools limit or distort the data that advertisers can collect. As a result, the data that does get through is frequently fragmented and incomplete. Advertisers would be left with a skewed view of their audience, leading to wasted ad spend, inaccurate attribution insights, and ineffective marketing campaigns.
Understanding Cookie Compliance Requirements
Advertisers that plan to keep using third-party cookies need to ensure they’re compliant with data privacy laws in the markets they serve.
Okay, let’s say you still want to make use of third-party cookies, regardless of their limitations. What standards do you need to abide by?
The General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have made compliance a challenge for marketers that rely on cookies. Under GDPR, which applies to any business serving EU customers, cookies are considered personal data. This means merchants have to:
- Obtain explicit consent before setting non-essential cookies
- Clearly explain what data is collected and why
- Allow users to withdraw consent at any time
- Maintain records of consent for compliance audits
The CCPA takes a slightly different approach, requiring businesses to provide California residents with the right to opt out of the “sale” of their personal information; this includes data collected via third-party cookies.
Non-compliance isn't just a slap on the wrist: GDPR violations can result in fines up to 4% of annual global revenue, while CCPA penalties can reach $7,500 per intentional violation. Proper consent management requires a proactive, transparent approach:
Cookie Banners Done Right
Consent Management Platforms (CMPs)
Regular Audits
First-Party vs. Third-Party Cookies
First-party cookies remain a useful tool, even as the efficacy of third-party cookies diminishes.
Everything we’ve talked about so far applies to third-party cookies. It's crucial to distinguish between those from first-party cookies, though.
A first-party cookie is initiated and stored by the site you're actively browsing. This allows domain owners to gather insights about visitor behavior and enhance user experiences by recalling preferences like forms and language settings. Without first-party cookies, users would have to key in their login credentials and other specifics every time they navigated to a site.
In contrast, third-party cookies are created by domains other than the one you're accessing. They primarily serve tracking and advertising purposes. It's worth noting that the crosshairs are pointed at third-party cookies. First-party cookies, which capture actions only on the intentionally visited website, aren't the culprits here.
By default, browsers tend to allow first-party cookies. But, users still have the choice to disable them in their settings should they prefer.
Other Marketing Alternatives to Third-Party Cookies
So, first-party cookies are one option. But, what other options are there out there for reaching your customers?
Here are a few ideas for technologies that can improve personalization without crossing the privacy line:
78% of businesses surveyed by Twilio “consider first-party data to be the most valuable source of data for personalization.”
Where Do You Go From Here? A Practical Roadmap for Third-Party Cookie Use
Even if there are other options, third-party cookies can still come in handy in some (very specific) situations.
If third-party cookies are going to be an important part of your strategy for the short- to mid-term, I’d recommend that you conduct a cookie audit. This will let you know what information is being collected, what you’re using it for, and how this information can be derived using other tools:
Step #1 | Know What Cookies You Have Set
First, you need to create a comprehensive map of every cookie and tracker currently active on your digital properties. Use browser developer tools or specialized cookie scanning solutions to automatically crawl your site and identify all first- and third-party cookies being set. Look beyond your homepage; examine product pages, the checkout process, and login portals.
In addition, make sure to identify cookies used in third-party plugins or embedded services like your email marketing or social media tools.
Step #2 | Know What Your Cookies Are For
Once you have your list, sort each cookie into categories based on its function. Is it strictly necessary? How will it be used? For performance and analytics, for targeted advertising, or for site personalization?
More importantly, identify its origin: is it a first-party cookie you control, or a third-party cookie set by an ad network or tech partner? This process will uncover how heavily your site relies on external partners for data collection.
Step #3 | Determine How Important Your Third-Party Cookies Are
Now that you’ve categorized your cookies, it’s time to determine whether the data it provides is essential for a core business function or if it merely powers a “nice-to-have” feature. For example, what would break if this tracker disappeared tomorrow?
Your analytics platform may reveal some clues. Specifically, if a significant portion of your audience already blocks these cookies (e.g. Safari and Firefox users), then the insights you’re getting are already skewed and unreliable. If so, you may be able to jettison these third-party cookies with few adverse consequences.
Step #4 | Hash Out a Transition Plan
Finally, use your audit to build a forward-looking data strategy. Begin seeking alternatives for every third-party cookie you’ve identified as replaceable. For example, can the functionality be replaced with a first-party data approach? Could you use privacy-preserving technologies like Google’s Privacy Sandbox APIs to achieve a similar outcome?
Your roadmap should simultaneously prioritize phasing out dependencies on unreliable third-party data. It should address how to accelerate the implementation of first-party data collection strategies. Executed correctly, you can position yourself to thrive in a low-cookie — or even a no-cookie — future.
Affiliate programs anchored in first-party cookies can maintain their sales tracking mechanisms even as third-party cookies bow out. However, this doesn't insulate them from the overall goal of fully mandated privacy and any subsequent stipulations it might usher in down the line.
Take, for instance, the directive from the French Data Protection Authority advocating for a “decline all cookies” option. Such a mandate would encompass first-party cookies as well. The real conundrum lies in discerning the number of users who would willingly opt for cookies if rejecting them is presented as a straightforward alternative. And there's the lingering uncertainty: could this become a universally adopted mandate? Only time will tell.
That’s why you’d be best served by developing a road map for a post-cookie environment. Now’s the time to plan for an ecosystem in which alternative sources of customer data will make up the backbone of your advertising and customer relationship management strategies.
FAQs
How do eCommerce sites use cookies?
Cookies help eCommerce sites remember users’ preferences, provide personalized recommendations, and offer targeted promotions. eCommerce sites can also use cookies to retain login information and detect suspicious activity.
Is Google no longer deprecating third-party cookies?
In July 2024, Google announced that it would no longer be deprecating third-party cookies on Google Chrome, following technical challenges and comments from regulators and publishers. The tech giant’s decision means that Google Chrome will continue to support third-party cookies via an opt-in model.
What happens if I block all third-party cookies?
If you block all third-party cookies, the sites you visit will no longer be able to track your browsing history or provide you with personalized recommendations. In addition, certain websites or site features may cease to work properly.
What will replace third-party cookies?
Certain privacy-focused alternatives may replace third-party cookies in the future. These include API suites like Google’s Privacy Sandbox, open-source frameworks like Unified ID 2.0, or first-party customer data.
Is Chrome blocking third-party cookies?
No. Chrome is no longer blocking third-party cookies, after Google reversed its decision to do so in July 2024.
