After years of back-and-forth, third-party cookies are finally on their way out.

Major browsers have been phasing out third-party cookies for a lot longer than you may think: Safari lost third-party cookies in 2017, Firefox in 2019. Since then, roughly 50% of the internet has been without third-party cookies. So, what’s going on today?

Everything changes in 2024 as Google begins to fully remove third-party cookies from their ecosystem after much delay. On January 4, 2024, Google deprecated third-party cookies for 1% of randomly selected Chrome users worldwide to test alternative solutions (collectively referred to as the Privacy Sandbox). Pending approval from the UK Competition and Markets Authority, Google is expected to remove 100% of third-party cookies in Q3 of 2024.

Digital advertisers have long used third-party cookies as an easy way to target, pace, measure and personalize their campaigns. Once they’re gone, the chasm between those who can continue to serve relevant advertising—and those who can't—will grow deeper.

Epsilon saw the flaws in third-party cookies long ago, and Google’s latest moves to finish what they started doesn’t change anything for us. We’re here to lead marketers through the changing industry by connecting brands with their consumers in ways that don’t rely on third-party cookies. Plain and simple. 

Here, we’ll explore what are third-party cookies, why they are going away, and how advertisers continue to deliver relevant, effective messaging in the new digital world.

What are third-party cookies?

Websites use cookies to remember a user’s actions and preferences, so they aren’t asked to perform a task again and again. As a result, they help provide a better, more personalized user experience.

Third-party cookies are created and placed by someone other than the owner of the website you’re visiting to track consumers across the internet. Some common uses include cross-site tracking, retargeting and ad serving. Third-party cookies are also regularly used for person-level measurement, as they can identify when a transaction or another conversion type (page visit, log-in, etc.) occurs.

First-party cookies, on the other hand, are generated by the host domain. They are specific to the host domain, do not transfer across other sites, and help provide a better user experience. These cookies enable the browser to remember important user info, such as what items you add to shopping carts, your username and passwords, and language preferences.

For an example, let’s say you visit a website called learn.com. Any cookies put on this website by learn.com would be first-party cookies. Any cookies put on learn.com by any other site, like a social media site or an advertiser, would be third-party cookies.

Why are third-party cookies used?

Cross-site tracking: the practice of collecting browsing data from numerous sources (websites) that details your activity and provides behavioral insights.

Retargeting: the effort of reigniting engagement or conversion by delivering visual or text ads to previous visitors based on the products and services in which they’ve shown interest.

Ad serving: making decisions regarding the ads that appear on a website, deciding when to serve these ads, and collecting data (and reporting said data, including impressions and clicks) in an effort to educate advertisers on consumer insights and ad performance.

Personalization: data collected by third-party cookies helps marketers learn a user’s browsing behaviors and preferences, which enables brands to more effectively tailor ads to the consumer.

Measurement: many use third-party cookies to measure the effectiveness of their marketing campaigns. Analytics provided help marketers attribute specific conversions to specific ads.

Why are third-party cookies going away?

Major browsers began eliminating third-party cookies in 2017. They say it’s because of consumers’ growing demand for privacy.

But without third-party cookies and IDFA, are consumers really better off? It’s no secret Google and Apple’s moves personally benefit them. Their direct customer relationships will keep them relatively unaffected while many other advertising vendors are weakened. For many marketers, a loss of third-party cookies means a loss of personalization capabilities.

According to Epsilon research, 82% of consumers say they view a brand positively when they advertise a product that person needs, and 77% view brands negatively when they include inaccurate information about them in their advertising messages. So, at the end of the day, who wins and who loses? 

How will the death of third-party cookies impact digital advertising?

The death of the third-party cookie is causing a stir: About 80% of advertisers rely on third-party cookies, and 67% feel a combination of disappointed, frustrated, overwhelmed, helpless and even confused by the news.

Here are the aspects of advertising that will be most impacted by third-party cookie deprecation:

Reach: Without third-party cookies advertisers are scrambling for a way to reach their customers and prospects online, often turning to search, owned channels and walled gardens—to their own detriment.

Personalization: Behavioral and browsing data will be limited, making it hard for advertisers who depend on third-party cookies to personalize ads.

Campaign management: Basic capabilities like A/B testing and frequency capping will be challenging for advertisers who depend on third-party cookies.

Performance measurement: Analytics and attribution based on third-party cookies will be much less effective. We anticipate many advertising vendors will not be able to calculate metrics like ROAS anymore, and will turn to the less effective Media Mix Modeling (MMM).

Our research shows that 69% of advertisers think the death of the third-party cookie will have a bigger impact than the GDPR and CCPA, and 70% feel that digital advertising overall will take a step backward.

But despite the understanding of importance and concern, fewer than half (46%) feel “very prepared” for the change.

What will replace third-party cookies?

Marketers will need to find a new way to identify people online so they can continue to personalize messages, optimize campaigns and measure performance.

To start, they'll want to get familiar with the different options for identifiers. When marketers understand the strengths and weaknesses of the most common identifiers, they'll be able to choose a smart approach to identity. To succeed, partner with an established, people-based identity solution—one that’s future-proofed against the loss of identifiers and built with privacy in mind. Any adtech and measurement partners you work with should have a solid plan that doesn't rely on third-party cookies.

Epsilon’s identity graph, CORE ID, is anchored to deterministic data elements which makes it not only reliable in finding the right consumers, but stable against regulatory shifts. Our data is privacy-centric and pseudonymized before it enters the digital ecosystem, keeping consumer information safe.

What's Epsilon's response to third-party cookie deprecation?

Epsilon has never needed third-party cookies to connect with consumers. They’re not people-based, not transparent and can’t identify people over time.

We’ve always known that the key to identity is first-party relationships with publishers and brands. That’s why we began building our identity solution in 2007 and started investing in publisher relationships all the way back in 2012. Today, Epsilon has over 17,000 PubLink integrations and a similar number of direct publisher relationships on CORE Private Exchange, our Supply-Side Platform. CORE ID does not rely on third-party cookies and 98% of our ads are delivered to individuals, not to cookies or devices. In fact, 33% of the impressions served worldwide by Epsilon Digital go to Apple users who are cookieless today.

The industry agrees that Epsilon leads the way in helping marketers deliver people-based, measurable ads that drive performance long after third-party cookies are gone.