Welcome back to our series on cookies, how they work, how they're used, and how they're changing. It's a pretty big series - last time around we talked about privacy legislation in the EU and the United States, and how laws like GDPR and CCPA affect targeting and the use of cookies.
After years of being hammered by Apple and later Microsoft about its use of cookies and customer data, in August 2019, Google announced that it would eventually be phasing out third-party cookies in the Chrome browser. This was a very big deal - at the time Chrome was by far the world's most popular browser, accounting for around two thirds of all internet traffic across mobile and desktop devices - a trend that continues to this day.
This had the potential to be catastrophic for the advertising industry - without third-party cookies, tracking consumers across sites would become impossible without some kind of alternate workaround. The loss of third-party data targeting would mean a massive drop in efficiency and the ability to optimize campaign delivery, while also making conversion and performance tracking difficult to impossible without server-to-server integrations. At the same time, ad serving would also be negatively impacted for anyone not running with Google's DoubleClick ad server, making it difficult to track ad exposures, retarget site visitors, and frequency cap delivery.
The Mad Dash for Identity Solutions
In the wake of Google's announcement, the industry began a wild dash to secure some kind of identity resolution solution. For the better part of 2020 and 2021, the industry was awash in acquisitions and announcements about new identity technology which would allow advertisers to continue targeting in a post-cookie world. The reasons for this rush were threefold:
First, there was a real need for many of these companies to shift their approach after they'd spent upwards of two decades depending on cookies for targeting. The potential impact of decreased revenue and performance as a result of losing access to meaningful data for a majority of consumers made the idea of a cookieless future pretty unpalatable.
Second, cookieless targeting represented an easy, understandable new way for businesses to differentiate in a space where differentiation is hard to come by - typically in programmatic media the only meaningful ways you can differentiate are either through data or inventory - and having access to exclusive, scalable pools of either. A proprietary solution for cookieless targeting was an immediately sexy piece of technology in which ad buyers could easily understand and see the value.
Third, there was a real sense that the first company to nail cookieless targeting could determine the standard by which the industry operated. This was particularly the case with the Trade Desk's Identity 2.0 solution, an open-source framework that the company hoped would become the industry standard for identity resolution, punching its ticket to the upper echelons of the ad ecosystem.
How Cookieless Solutions Work
While we're on the topic, let's talk about what cookieless solutions actually look like, from a technology and benefits standpoint. It's worth touching on The Trade Desk's ID 2.0, as well as the myriad solutions from Google. This group of solutions isn't comprehensive, but it covers most of what showed up in the market between 2020 and 2024.
Contextual Targeting
This isn't so much a cookieless solution as the obvious alternative that was already available. You can and always will be able to know the website you're about to serve an ad on programmatically, and so making the decision based on the content of that site is table stakes. It's also one of the most effective forms of targeting already out there - potentially much more so than data-based targeting methods - and so even if cookies are removed from the equation, everyone still has an easily implemented solution already at their fingertips. The downside? Good context is limited - not every site is ESPN - and expensive, particularly when competition for a small pool of high-quality contextual inventory heats up.
First-Party Data
Of course, the loss of third-party cookies only affects you if you have third-party data you rely on. Why not use your own customer data? First-party data can be onboarded to most DSPs very easily, providing an easy framework for targeting and retargeting consumers based on the rich, deterministic data you've already collected. And if you collected that data ethically you're already off the hook from a privacy standpoint.
Of course, this all relies on you actually having first-party data, and having data at scale. Even some of the world's largest brands struggle to collect meaningful amounts of first-party data to use in advertising, and maintaining and harnessing that data takes skill and technology that can be expensive to build and run.
Identity Graphs
Of course, you can always build your own database of users for targeting, storing their information on your server and using that to identify them online without a cookie. Identity graphs do this in part by combining different pieces of online data, usually a mix of non-PII data with a PII identifier like an email address. When someone logs into a site or network you control using that email address, you can re-identify them and connect whatever device they're on to a server-side profile, and then use that for making your targeting decision. This is more or less the ideal future for advertisers, since this combination of deterministic data with some probabilistic matching for incomplete records lets you replicate all of the upsides of cookies with few of the downsides. And this is more or less how The Trade Desk's solution works, assigning consumers a UID2 ID code based on a mix of different factors.
The downside is that building a framework like this at scale usually requires buy-in from other parties, such as publishers who can pass data from people logging into their websites and advertisers managing and tracking data. That can be a problem if you're seen less as a benevolent force in the industry, and for TTD that became a sticking point very quickly as they've been one of the industry's largest players. This led to low adoption rates and UID2 being available in only a very small percentage of online auctions. Having your own in-house identity graph doesn't necessarily require this same broad adoption, but it does require a massive investment in technology and infrastructure and at the end of the day, you're making that investment to achieve the same performance (or worse) than you'd get from cookies.
Digital Fingerprinting
One way to track someone without building out the infrastructure for an Identity Graph is to do fingerprinting, where you combine information about a consumer like their device, browser, screen resolution, and so on to create a unique ID that you target across the web. Over multiple sessions you can create pretty accurate maps of who someone is for targeting using mostly data from their userAgent string. That said, this is usually considered PRETTY SCUMMY from a privacy standpoint and multiple browsers have but blocks in place to make doing this both difficult and less effective.
Machine Learning and Probabilistic Approaches
Then there's machine learning - you could use machine learning as a way to segment out the consumers you see and target them, with less of a consideration for who they are and the individual datapoints associated with them. A good machine learning approach to targeting may not even end up using cookie data - factors like browser, OS, connection speed, location, and time of day may be more relevant to the click or conversion model than often-incorrect datapoints indicating age and gender. Of course, while these solutions are theoretically great for performance, there's some question as to what a machine learning process is actually doing, and whether it's really driving success for you or just figuring out how to cheat whatever attribution algorithm you've put in place. And that's before you wander into the rat's nest of problems which can arise from ML systems incorporating human bias in decision making. But ML-based approaches to ad delivery are kind of agnostic to cookies anyways - you could use them for identity graphing, but you could also just apply them to delivery and not worry about it.
Google's Privacy Sandbox Initiative Solutions
Over the past four years Google introduced a number of different solutions to the cookieless problem it was creating. These varied in effectiveness and complexity but generally work around the idea of associating groups of users based on shared interests related to the content of sites they visit. The catch is that rather than associating all of this data with a user, the datapoints which might be associated with a person (site content topics from a list of 350 options) are randomized and changed week-to-week, so with Google's Topics API, only five categories from the sites you visited last week will stick.
This, frankly, sucks. While it's easy for a layperson to understand, it's terrible for actually making advertising decisions. For one, the data is too high-level to be useful - good advertising decisions aren't made based on whether you're a baseball fan, they're made on you being a Mariners fan who buys season tickets. They're not based on you being a grocery shopper, they're based on you buying environmentally-safe products at a higher cost. Compared to Google's prior failed Sandbox initiative, FloCs - which had 30,000 categories - Topics was woefully inadequate. And FloCs wasn't great, either.
Google's retargeting solution was FLEDGE, which did similar things to Topics, but for retargeting. The idea is that you wouldn't specifically hit someone who visited your site, but someone with interests like theirs. This makes FLEDGE more or less a worse version of Lookalike Modeling.
None of these were well received, some were outright derided publicly, and the resulting backlash from advertisers and WC3, combined with the fact that enough time had passed that people had largely stopped caring about cookie privacy and most businesses were now distracted by AI, helped push Google to just renege on its decision to deprecate cookies.
The Current Day and What's Next
Flash forward to July 2024, when Google announced it would not be phasing out third-party cookies in Chrome. This effectively ended an era of hand-wringing and technology grabbing while at the same time allowing Google to have their cake and eat it too: They got the benefit of saying they were going to kill cookies to improve privacy, then didn't have to follow through after consumers eventually found other things to be mad about.
That said, Google isn't killing its Privacy Sandbox just yet, and had deprecated cookies for 1% of Chrome users in order to do some basic testing. Results weren't great - Google projected that advertisers using Ad Manager stood to see a 34% drop in revenue if cookies were deprecated, while advertisers using AdSense would see a 21% drop. Meanwhile Criteo projected losses of 60% in programmatic revenue for publishers if Google implemented its current Privacy Sandbox solutions instead of third-party cookies. Not great!
Even without Google killing cookies, the technology is still in a bit of a decline, as the rise of Connected TVs has created a massive ecosystem of cookieless devices which represent the majority of the video-viewing audience. Ultimately however, this is good news for an advertising ecosystem which just wasn't ready for a cookieless future - the technology is too easy and too important to how we do business to drop, and none of the alternatives were remotely satisfactory. That said, you can expect that the companies who did invest heavily in identity resolution to continue beating that particular drum, calling for a switch to more future-proof solutions and privacy-friendly marketing. While there's definitely some wisdom in that, it also definitely comes from a place of self-interest.
Ultimately the uncertainty around cookies highlights a set of greater needs for marketers: The need to be informed, the need to contextualize new developments and apply them to their business, and the need to be agile enough to respond to those developments effectively. A cookieless future is only a problem if you aren't on top of the potential solutions and don't understand what it means for you and your business. Competing solutions are only an issue if you don't know what they are, how they work, and how to navigate them. The ecosystem is complicated, but often the solutions are easier than you'd think.
That wrap ups our series but we'll be back next week discussing new topics. Hopefully this has proved equal parts entertaining and informative, but if you have more questions or there are topics you want to learn about, our team is always available. Hit us up via the contact link on our site and we can talk about scheduling some time to do educational work.
Comments