7. February 2022

What is cookieless Tracking?

The end of third-party cookies is causing a major transition across many industries. Everyone agrees the future of tracking is cookieless. But what is cookieless tracking, really?

The past twenty years will probably pass into internet history as the Golden Age of cookies. Never before has it been so easy to collect comprehensive data on web users’ behaviour and track them across the web. And it probably never will be again.

Whether this circumstance is desirable or regrettable is determined by the point of view. One thing is certain: cookies have an expiration date. Everyone seems to agree the future will be “cookieless”. It may be a buzzword, but most companies that engage in online marketing will have to adapt to it.

But what does cookieless really mean?

If you want to understand why web tracking is currently in a state of upheaval, you first need to know the basic principle behind cookies and their areas of application.

The triumph of cookies

Cookies are code that websites store in the browser’s memory. Their main purpose is to make the browser recognisable, like a kind of virtual ID card or a transponder of an aeroplane.

Shopping carts in online stores are a classic example of the usefulness of cookies. Without cookies, the shopping cart will appear empty every time a new page is visited because the online store does not recognize the user’s browser – it cannot assign the correct shopping cart to it.

Thanks to a cookie that is placed in the browser during the first visit to the store, the online store knows which browser it is and which shopping cart belongs to it, no matter how many pages in the store the user visits.

This usually works even if the person leaves the site completely or returns days later – as long as the store’s cookie is stored in the browser. This plays a role in another important application of cookies, namely remembering the login status so that users do not have to log in again every time they visit a website.

Third-party Cookies

This basic principle has taken on a life of its own over the years. Soon, the advertising industry and the big tech platforms came up with the idea of using cookies to serve ads. If you can recognise browsers, then you can also record the browser user’s surfing behaviour (tracking). This, in turn, allows conclusions to be drawn about a person’s consumption behaviour, which in turn makes it possible to effectively target that user with advertising.

And here’s the kicker: Because cookies can remain stored in the browser for a long time, a person’s surfing behaviour can be tracked across websites and platforms for long periods. This is why that pair of shoes you once looked at in an online store still appears weeks later as an ad on other websites (so-called remarketing or retargeting).

The cookies that make all this possible usually do not come from the operators of the websites on which they are set. Operators enter into agreements with advertising service providers such as Google and the myriads of other players in the digital advertising ecosystem who provide their cookies and tracking codes. In the relationship between the user and the website operator, they are third parties. Their cookies are therefore known as third-party cookies.

Cookie Revolution

Because third-party cookies usually collect and send data in an uncontrolled manner, they have become the target of activists and lawmakers. Regulations such as the ePrivacy directive and the EU’s General Data Protection Regulation (GDPR) now set strict rules for the use of cookies (keyword: cookie banners) and the data they collect.

Parallel to this, and at least as consequential, some browser manufacturers have severely restricted the storage of third-party cookies in their browsers. Apple’s Safari now routinely blocks them on Macs and iPhones for privacy reasons. Firefox and Microsoft’s Edge have also introduced stricter restrictions. In addition, there are adblockers and tracking preventions that can also prevent the installation of third-party cookies.

Google hesitated for a long time to restrict cookies in Chrome, the world’s most popular browser. In the meantime, however, the company committed itself, after several postponements, to abolish third-party cookies in 2024.

The Future is cookieless

For marketers, however, the current situation surrounding cookie-blocking browsers already means that data quality has diminished considerably to a point, where there is often not much more that can be done with the web data captured. The industry is already undergoing technological upheaval – away from third-party cookies, towards a “cookie-less” future.

Strictly speaking, cookieless does not mean the complete abandonment of cookies; on the contrary, cookies will remain with us to power much of the functionalities, like shopping carts and remembered log-ins, we have come to love and rely on on the web. However, these are so-called first-party cookies. The difference: first-party cookies belong to the website operator, not some third-party service provider. The captured data is transmitted to the website operator who has control of the data and is responsible for it, not to third-party service providers in an uncontrollable fashion.

First-party data collection is already the most effective alternative to third-party cookies. For website operators, this presents new challenges.

First-party Data and Privacy

On the one hand, first-party data itself must be collected and processed. On the other hand, attention must also be paid to legally compliant implementation in terms of data protection laws such as the GDPR. In recent years, a variety of new approaches have been proposed to identify users and enable tracking even without third-party cookies.

Server-side tracking has emerged as a promising solution to both challenges. In contrast to client-side tracking – when tracking code is executed directly in the browser and third-party cookies are typically used – server-side tracking moves these processes to servers. In the browser, typically only a first-party cookie is set. From the server, the collected first-party data can be forwarded to third-party tools in a controlled, and ideally compliant, manner.

Server-side tracking positions website operators to achieve better data quality because the collection is in their own hands and first-party cookies are (still) blocked less intensively by browsers. Additionally, raw data can also be obtained, which third-party providers rarely make available.

Whether data protection requirements are also met depends on the respective implementation. In this regard, when selecting a server-side tracking provider special care should be taken to ensure that it is an EU-based service with European cloud infrastructure. In addition, the server-side tracking solution must also be able to take into account the user’s consent settings and should offer the option of pseudonymising or anonymising the data, as the JENTIS Data Capture Platform provides.

Of course, targeting and retargeting of web users will become more tricky without the use of third-party cookies. But there are multiple promising solutions in development and some have existed for a long time, such as contextual targeting. The data protection service DataGuard has compiled a comprehensive list of possible solutions: Cookieless tracking: How to prepare for a web without cookies 

Any questions on how JENTIS can help your business? Get in touch!

Contact us

Weitere Beiträge


JENTIS wins EY's Scale-up of the Year Award

Recognised by a 52-member jury among 250+ entries, JENTIS' relentless innovation & commitment to digital transformation has been honored.

Past Events

Interview: The origin of the Web-Cookie

Watch an exciting interview with the inventor of the web cookie - Lou Montulli.


Legal Glossary

TTDSG, LIA, CCPA? We have got you covered! Learn about legal terms related to data processing, data privacy and current legal developments.


Effective campaigns with the Facebook CAPI and server-side tracking

Forward your first-party data to Facebook’s Conversion API (CAPI) with your Data Capture Platform. JENTIS is a certified Meta Business Partner.


Facebook Tracking declared unlawful under GDPR by the Austrian DPA

In a recently published decision, the Austria DPA finds Facebook's tracking practices violate GDPR and Schrems II.


How Remarketing works with Server-side Tracking

Remarketing and retargeting are ubiquitous in online marketing. Here's how it works with server-side tracking.


Switzerland's new data protection law: How to become compliant

On September 1, Swiss companies must have switched to privacy-compliant tracking. JENTIS offers the most effective solution for maximum data protection and data quality.


Norway declares Google Analytics non-compliant with GDPR

The Norwegian data protection authority has come to the preliminary conclusion that the use of Google Analytics is non-compliant with the GDPR.


EU Parliament: Why MEPs rejected the Data Privacy Framework in committee

Our analysis of the opinions voiced on the Data Privacy Framework and what they mean for the implementation process.


How to choose the right server-side tracking provider

What do you need to consider when choosing your server-side tracking provider to avoid surprises? Find answers in our buyer’s checklist.


Server-side Tracking for Google Analytics 4

JENTIS supports full server-side tracking for Google Analytics 4, delivering higher data quality and exceptional data control.


Live in 30 days

The most powerful server-side tracking live on your site in 30 days or less – guaranteed with JENTIS.


What is Server-Side Tracking?

Online marketers and web analysts agree - 2023 will be the year for server-side tracking. We answer the most important questions about the new tracking technology.


The forgotten Data Protection Regulation that started it all

Have you heard of the groundbreaking data privacy regulation that threatened to disrupt data flow between the EU and the US? Hint: it’s not the GDPR.


The 3 biggest Challenges for Digital Marketing 2023

What will be important in the coming year? What will pose the most difficult challenges for digital marketing? An analysis from a marketer's point of view.


How DPAs determine the level of GDPR fines

The GDPR applies as a legal basis to all EU data protection authorities. But there is far less uniformity when it comes to the level of fines. How high can they get? A quick guide to what companies can expect.


Server Infrastructure: How to master the Black Friday Test

Each year, e-commerce websites face an onslaught of web traffic during Black Friday week when shoppers hunt for the best deals. Four reasons why the best server infrastructures handle it easily when others fail.


Here's how often DPAs impose fines for breach of GDPR

The number of publicly known GDPR fines handed down each month has reached a significant level. However, analyses suggest that the published cases are only the tip of the iceberg.


How to update your Standard Contractual Clauses

By the end of 2022, businesses must have updated their Standard Contractual Clauses. Here's how to do it.


The Beginner's Guide to Standard Contractual Clauses (SCCs)

Standard Contractual Clauses are an essential measure mandated by the GDPR. Find out what they are about in our Beginner's Guide.


JENTIS wins the EIT Challenge 2022

20 European scaleups pitched for the main prize in one of Europe's major pitch competitions. JENTIS gains access to the EIT's prestigious accelerator program.


How to keep using Google Analytics compliantly

The use of Google Analytics has been declared unlawful by European data protection authorities. But Website operators have options if they want to become data privacy compliant.


The Trans-Atlantic Privacy Framework is taking shape. But will it stick?

U.S. President Biden has signed an executive order detailing regulations for the planned EU-U.S. Data Privacy Framework. The legal limbo is likely to continue for businesses on both sides of the Atlantic.


Preventing Data Loss with Server-Side Tracking

Outages and downtimes of critical services affecting data collection are becoming more frequent – and costly. But with server-side tracking enabled, marketers have an ace up their sleeve.


Denmark: Google Analytics declared unlawful

Google Analytics can no longer be used in a legally compliant manner without further measures. With its decision, Denmark's agency joins other data protection authorities in Europe.


The Founder Story of JENTIS

Looking back to the foundation of a company


Executive Summary: International data transfers

The essential knowledge on transferring personal data from the European Economic Area to other countries.


Personal data

GDPR-compliant data processing explained


Avoiding legal uncertainties in website tracking

Together with Spirit Legal, we shed light on the legal uncertainties of transferring personal data to a country outside the European Union


Self-hosting as a solution?

In 2022, a lot has happened in terms of tracking. In particular, recent rulings by data protection authorities across Europe have fuelled the discussion about the compliance of US tools - most notably Google Analytics.


Why remarketing has an expiration date

2024 will be the end of Third-Party-Cookies


American Surveillance Explained

What you need to know for your job as online marketer and analyst


Italy stops Google Analytics

Authority warns of illegality of sending data with GA to the U.S.


CNIL confirms Server-Side Tracking

We could hardly believe it when we at JENTIS read the two new articles from the French data protection authority CNIL. A whisper went through the office "Are they writing about us?"


New decision of CNIL

CNIL: "Google Analytics cannot be used in a GDPR-compliant way on client side."


Case Study

Pixum collects up to 29.2% more data with JENTIS Server-Side Tracking, corrects 55% of customer journeys and increases its campaign performance by 176%.


Server-Side Tracking, Step by Step

Looking to implement server-side tracking at your organisation? Here is our guide with the necessary steps on your way to compliant, first-party data collection.


Pseudonymisation versus anonymisation

Worin der wichtige Unterschied liegt


Solve Schrems II

Through pseudonymisation on European servers you can keep using U.S. 3rd Party vendors.


CNIL against client side Analytics

French data protection authority confirms non-conformity of client side GA


Is Google Analytics now taboo for us Europeans?

Which options you really have now. Analysis by Thomas Tauchner


Foxes that anonymize chickens

IP-address, GDPR & Analytics - an analysis by Thomas Tauchner


Use of Analytics illegal

Google Analytics was found to be non-compliant in Austria


How to improve pagespeed

How JENTIS can help to optimize the pagespeed of your website


Page speed & Webtracking

How to optimize your Core Web Vitals - Co-authored by Johannes Fröhlich and Dreifive


CNIL judges Google & Facebook

Judgment for violation of Article 82 of the French Data Protection Act


5 Tools to Audit your Reliance on Third Party Cookies

How to prepare for the Cookieless era


The Forced Data Loss

Can you do it successfully with 60% of your data missing?


JENTIS Infrastructure for Performance, Reliability and Scalability

When it comes to capturing data for our customers, there is no room for error. We built JENTIS' server infrastructure with maximum performance, reliability and scalability in mind.


Superpower of Online Marketers

And why is it so important to understand data capture and privacy regulation


The 5 best Podcasts about Marketing, Martech and GDPR

What we listen to to stay up-to-date


What you need to consider when tracking

An analysis by Fieldfisher


TTDPA explained

What is the Telecommunications Telemedia Data Protection Act and how can you comply with it?