7. December 2022

What is cookieless Tracking?

The end of third-party cookies is causing a major transition across many industries – and the challenge of reconciling data quality and data protection. Everyone agrees, the future of tracking is cookieless. But what does it mean?

The past twenty years will probably pass into internet history as the Golden Age of cookies. Never before has it been so easy to collect comprehensive data on web users’ behaviour and track them across the web. And it probably never will be again.

Whether this circumstance is desirable or regrettable is determined by the point of view. One thing is certain: cookies have an expiration date. Everyone seems to agree the future will be “cookieless”. It may be a buzzword, but most companies that engage in online marketing will have to adapt to it.

But what does cookieless really mean?

If you want to understand why web tracking is currently in a state of upheaval, you first need to know the basic principle behind cookies and their areas of application.

The triumph of cookies

Cookies are code that websites store in the browser’s memory. Their main purpose is to make the browser recognisable, like a kind of virtual ID card or a transponder of an aeroplane.

Shopping carts in online stores are a classic example of the usefulness of cookies. Without cookies, the shopping cart will appear empty every time a new page is visited because the online store does not recognize the user’s browser – it cannot assign the correct shopping cart to it.

Thanks to a cookie that is placed in the browser during the first visit to the store, the online store knows which browser it is and which shopping cart belongs to it, no matter how many pages in the store the user visits.

This usually works even if the person leaves the site completely or returns days later – as long as the store’s cookie is stored in the browser. This plays a role in another important application of cookies, namely remembering the login status so that users do not have to log in again every time they visit a website.

Third-party Cookies

This basic principle has taken on a life of its own over the years. Soon, the advertising industry and the big tech platforms came up with the idea of using cookies to serve ads. If you can recognise browsers, then you can also record the browser user’s surfing behaviour (tracking). This, in turn, allows conclusions to be drawn about a person’s consumption behaviour, which in turn makes it possible to effectively target that user with advertising.

And here’s the kicker: Because cookies can remain stored in the browser for a long time, a person’s surfing behaviour can be tracked across websites and platforms for long periods. This is why that pair of shoes you once looked at in an online store still appears weeks later as an ad on other websites (so-called remarketing or retargeting).

The cookies that make all this possible usually do not come from the operators of the websites on which they are set. Operators enter into agreements with advertising service providers such as Google and the myriads of other players in the digital advertising ecosystem who provide their cookies and tracking codes. In the relationship between the user and the website operator, they are third parties. Their cookies are therefore known as third-party cookies.

Cookie Revolution

Because third-party cookies usually collect and send data in an uncontrolled manner, they have become the target of activists and lawmakers. Regulations such as the ePrivacy directive and the EU’s General Data Protection Regulation (GDPR) now set strict rules for the use of cookies (keyword: cookie banners) and the data they collect.

Parallel to this, and at least as consequential, some browser manufacturers have severely restricted the storage of third-party cookies in their browsers. Apple’s Safari now routinely blocks them on Macs and iPhones for privacy reasons. Firefox and Microsoft’s Edge have also introduced stricter restrictions. In addition, there are adblockers and tracking preventions that can also prevent the installation of third-party cookies.

Google hesitated for a long time to restrict cookies in Chrome, the world’s most popular browser. In the meantime, however, the company committed itself, after several postponements, to abolish third-party cookies in 2024.

The Future is cookieless

For marketers, however, the current situation surrounding cookie-blocking browsers already means that data quality has diminished considerably to a point, where there is often not much more that can be done with the web data captured. The industry is already undergoing technological upheaval – away from third-party cookies, towards a “cookie-less” future.

Strictly speaking, cookieless does not mean the complete abandonment of cookies; on the contrary, cookies will remain with us to power much of the functionalities, like shopping carts and remembered log-ins, we have come to love and rely on on the web. However, these are so-called first-party cookies. The difference: first-party cookies belong to the website operator, not some third-party service provider. The captured data is transmitted to the website operator who has control of the data and is responsible for it, not to third-party service providers in an uncontrollable fashion.

First-party data collection is already the most effective alternative to third-party cookies. For website operators, this presents new challenges.

First-party Data and Privacy

On the one hand, first-party data itself must be collected and processed. On the other hand, attention must also be paid to legally compliant implementation in terms of data protection laws such as the GDPR. In recent years, a variety of new approaches have been proposed to identify users and enable tracking even without third-party cookies.

Server-side tracking has emerged as a promising solution to both challenges. In contrast to client-side tracking – when tracking code is executed directly in the browser and third-party cookies are typically used – server-side tracking moves these processes to servers. In the browser, typically only a first-party cookie is set. From the server, the collected first-party data can be forwarded to third-party tools in a controlled, and ideally compliant, manner.

Server-side tracking positions website operators to achieve better data quality because the collection is in their own hands and first-party cookies are (still) blocked less intensively by browsers. Additionally, raw data can also be obtained, which third-party providers rarely make available.

Whether data protection requirements are also met depends on the respective implementation. In this regard, when selecting a server-side tracking provider special care should be taken to ensure that it is an EU-based service with European cloud infrastructure. In addition, the server-side tracking solution must also be able to take into account the user’s consent settings and should offer the option of pseudonymising or anonymising the data, as the JENTIS Data Capture Platform provides.

Of course, targeting and retargeting of web users will become more tricky without the use of third-party cookies. But there are multiple promising solutions in development and some have existing for a long time, such das contextual targeting. The data protection service DataGuard has compiled a comprehensive list of possible solutions: Cookieless tracking: How to prepare for a web without cookies 

Weitere Beiträge

Blog

The forgotten Data Protection regulation that started it all

Do you know the story of the groundbreaking EU data privacy regulation that threatened to disrupt data flow between the EU and the US? Hint: it’s not the GDPR.

Blog

The 3 biggest Challenges for Digital Marketing 2023

What will be important in the coming year? What will pose the most difficult challenges for digital marketing? An analysis from a marketer's point of view.

Blog

How DPAs determine the level of GDPR fines

The GDPR applies as a legal basis to all EU data protection authorities. But there is far less uniformity when it comes to the level of fines. How high can they get? A quick guide to what companies can expect.

Blog

Server Infrastructure: How to master the Black Friday Test

Each year, e-commerce websites face an onslaught of web traffic during Black Friday week when shoppers hunt for the best deals. Four reasons why the best server infrastructures handle it easily when others fail.

Blog

Here's how often DPAs impose fines for breach of GDPR

The number of publicly known GDPR fines handed down each month has reached a significant level. However, analyses suggest that the published cases are only the tip of the iceberg.

Blog

How to update your Standard Contractual Clauses

By the end of 2022, businesses must have updated their Standard Contractual Clauses. Here's how to do it.

Blog

The Beginner's Guide to Standard Contractual Clauses (SCCs)

Standard Contractual Clauses are an essential measure mandated by the GDPR. Find out what they are about in our Beginner's Guide.

News

JENTIS wins the EIT Challenge 2022

20 European scaleups pitched for the main prize in one of Europe's major pitch competitions. JENTIS gains access to the EIT's prestigious accelerator program.

Blog

How to keep using Google Analytics compliantly

The use of Google Analytics has been declared unlawful by European data protection authorities. But Website operators have options if they want to become data privacy compliant.

Blog
News

The Trans-Atlantic Privacy Framework is taking shape. But will it stick?

U.S. President Biden has signed an executive order detailing regulations for the planned EU-U.S. Data Privacy Framework. The legal limbo is likely to continue for businesses on both sides of the Atlantic.

Blog

Preventing Data Loss with Server-Side Tracking

Outages and downtimes of critical services affecting data collection are becoming more frequent – and costly. But with server-side tracking enabled, marketers have an ace up their sleeve.

News

Denmark: Google Analytics declared unlawful

Google Analytics can no longer be used in a legally compliant manner without further measures. With its decision, Denmark's agency joins other data protection authorities in Europe.

Blog

The Founder Story of JENTIS

Looking back to the foundation of a company

Blog

Executive Summary: International data transfers

The essential knowledge on transferring personal data from the European Economic Area to other countries.

Blog

Personal data

GDPR-compliant data processing explained

Blog

Avoiding legal uncertainties in website tracking

Together with Spirit Legal, we shed light on the legal uncertainties of transferring personal data to a country outside the European Union

Blog

Self-hosting as a solution?

In 2022, a lot has happened in terms of tracking. In particular, recent rulings by data protection authorities across Europe have fuelled the discussion about the compliance of US tools - most notably Google Analytics.

Blog

Why remarketing has an expiration date

2024 will be the end of Third-Party-Cookies

Blog

American Surveillance Explained

What you need to know for your job as online marketer and analyst

News

Italy stops Google Analytics

Authority warns of illegality of sending data with GA to the U.S.

Blog

CNIL confirms Server-Side Tracking

We could hardly believe it when we at JENTIS read the two new articles from the French data protection authority CNIL. A whisper went through the office "Are they writing about us?"

News

New decision of CNIL

CNIL: "Google Analytics cannot be used in a GDPR-compliant way on client side."

Blog

Case Study

Pixum collects up to 29.2% more data with JENTIS Server-Side Tracking, corrects 55% of customer journeys and increases its campaign performance by 176%.

Blog

Start Google Analytics 4 with JENTIS

Why smart marketers switch to Google Analytics 4 with JENTIS now

Blog

Server-Side Tracking, Step by Step

Looking to implement server-side tracking at your organisation? Here is our guide with the necessary steps on your way to compliant, first-party data collection.

Blog

Pseudonymisation versus anonymisation

Worin der wichtige Unterschied liegt

Blog

Solve Schrems II

Through pseudonymisation on European servers you can keep using U.S. 3rd Party vendors.

News

CNIL against client side Analytics

French data protection authority confirms non-conformity of client side GA

Blog

Is Google Analytics now taboo for us Europeans?

Which options you really have now. Analysis by Thomas Tauchner

Blog

Foxes that anonymize chickens

IP-address, GDPR & Analytics - an analysis by Thomas Tauchner

News

Use of Analytics illegal

Google Analytics was found to be non-compliant in Austria

Blog

How to improve pagespeed

How JENTIS can help to optimize the pagespeed of your website

Blog

Page speed & Webtracking

How to optimize your Core Web Vitals - Co-authored by Johannes Fröhlich and Dreifive

News

CNIL judges Google & Facebook

Judgment for violation of Article 82 of the French Data Protection Act

Blog

5 Tools to Audit your Reliance on Third Party Cookies

How to prepare for the Cookieless era

Blog

The Forced Data Loss

Can you do it successfully with 60% of your data missing?

Blog

JENTIS Infrastructure for Performance, Reliability and Scalability

When it comes to capturing data for our customers, there is no room for error. We built JENTIS' server infrastructure with maximum performance, reliability and scalability in mind.

Blog

Superpower of Online Marketers

And why is it so important to understand data capture and privacy regulation

Blog

The 5 best Podcasts about Marketing, Martech and GDPR

What we listen to to stay up-to-date

Blog

What you need to consider when tracking

An analysis by Fieldfisher

Blog

What is Server Side tracking?

A quick overview on what you need to know about the future's tracking technology

Blog

TTDPA explained

What is the Telecommunications Telemedia Data Protection Act and how can you comply with it?