The past twenty years will probably pass into internet history as the Golden Age of cookies. Never before has it been so easy to collect comprehensive data on web users’ behaviour and track them across the web. And it probably never will be again.
Whether this circumstance is desirable or regrettable is determined by the point of view. One thing is certain: cookies have an expiration date. Everyone seems to agree the future will be “cookieless”. It may be a buzzword, but most companies that engage in online marketing will have to adapt to it.
But what does cookieless really mean?
If you want to understand why web tracking is currently in a state of upheaval, you first need to know the basic principle behind cookies and their areas of application.
The triumph of cookies
Cookies are code that websites store in the browser’s memory. Their main purpose is to make the browser recognisable, like a kind of virtual ID card or a transponder of an aeroplane.
Shopping carts in online stores are a classic example of the usefulness of cookies. Without cookies, the shopping cart will appear empty every time a new page is visited because the online store does not recognize the user’s browser – it cannot assign the correct shopping cart to it.
Thanks to a cookie that is placed in the browser during the first visit to the store, the online store knows which browser it is and which shopping cart belongs to it, no matter how many pages in the store the user visits.
This usually works even if the person leaves the site completely or returns days later – as long as the store’s cookie is stored in the browser. This plays a role in another important application of cookies, namely remembering the login status so that users do not have to log in again every time they visit a website.
This basic principle has taken on a life of its own over the years. Soon, the advertising industry and the big tech platforms came up with the idea of using cookies to serve ads. If you can recognise browsers, then you can also record the browser user’s surfing behaviour (tracking). This, in turn, allows conclusions to be drawn about a person’s consumption behaviour, which in turn makes it possible to effectively target that user with advertising.
The cookies that make all this possible usually do not come from the operators of the websites on which they are set. Operators enter into agreements with advertising service providers such as Google and the myriads of other players in the digital advertising ecosystem who provide their cookies and tracking codes. In the relationship between the user and the website operator, they are third parties. Their cookies are therefore known as third-party cookies.
Parallel to this, and at least as consequential, some browser manufacturers have severely restricted the storage of third-party cookies in their browsers. Apple’s Safari now routinely blocks them on Macs and iPhones for privacy reasons. Firefox and Microsoft’s Edge have also introduced stricter restrictions. In addition, there are adblockers and tracking preventions that can also prevent the installation of third-party cookies.
Google hesitated for a long time to restrict cookies in Chrome, the world’s most popular browser. In the meantime, however, the company committed itself, after several postponements, to abolish third-party cookies in 2024.
The Future is cookieless
For marketers, however, the current situation surrounding cookie-blocking browsers already means that data quality has diminished considerably to a point, where there is often not much more that can be done with the web data captured. The industry is already undergoing technological upheaval – away from third-party cookies, towards a “cookie-less” future.
Strictly speaking, cookieless does not mean the complete abandonment of cookies; on the contrary, cookies will remain with us to power much of the functionalities, like shopping carts and remembered log-ins, we have come to love and rely on on the web. However, these are so-called first-party cookies. The difference: first-party cookies belong to the website operator, not some third-party service provider. The captured data is transmitted to the website operator who has control of the data and is responsible for it, not to third-party service providers in an uncontrollable fashion.
First-party data collection is already the most effective alternative to third-party cookies. For website operators, this presents new challenges.
First-party Data and Privacy
On the one hand, first-party data itself must be collected and processed. On the other hand, attention must also be paid to legally compliant implementation in terms of data protection laws such as the GDPR. In recent years, a variety of new approaches have been proposed to identify users and enable tracking even without third-party cookies.
Server-side tracking has emerged as a promising solution to both challenges. In contrast to client-side tracking – when tracking code is executed directly in the browser and third-party cookies are typically used – server-side tracking moves these processes to servers. In the browser, typically only a first-party cookie is set. From the server, the collected first-party data can be forwarded to third-party tools in a controlled, and ideally compliant, manner.
Server-side tracking positions website operators to achieve better data quality because the collection is in their own hands and first-party cookies are (still) blocked less intensively by browsers. Additionally, raw data can also be obtained, which third-party providers rarely make available.
Whether data protection requirements are also met depends on the respective implementation. In this regard, when selecting a server-side tracking provider special care should be taken to ensure that it is an EU-based service with European cloud infrastructure. In addition, the server-side tracking solution must also be able to take into account the user’s consent settings and should offer the option of pseudonymising or anonymising the data, as the JENTIS Data Capture Platform provides.
Of course, targeting and retargeting of web users will become more tricky without the use of third-party cookies. But there are multiple promising solutions in development and some have existing for a long time, such das contextual targeting. The data protection service DataGuard has compiled a comprehensive list of possible solutions: Cookieless tracking: How to prepare for a web without cookies