“The death of cookies,” to borrow a phrase, is (mostly) fake news. I wouldn’t be concerned with this topic, except that so many reputable media outlets have been publishing misleading and sensational headlines about it.
Take a look:
Adweek sent an email special report with the headline: “The Death of Cookies.”
AdAge with Cheetah Digital posted on social with the same frenzied phrase: “The death of cookies”
And Segment (Twilio’s customer data platform) went even further with this social gem: “Digital Advertising in a Cookieless World.”
But here’s the problem: It. Isn’t. True.
So let’s get to the bottom of why all these authorities are spewing all this gunk.
The first thing that’s important to know is that there are two primary kinds of cookies: these are called “first-party cookies” and “third-party cookies.” (I know, it’s weird that there’s no “second party cookies.” Somebody got ripped off in this deal.)
First-party cookies are data files that are shared between your browser and any website you visit. When you visit a site, especially a site that you may go back to multiple times, say a news site like NYTimes.com, a small text file is generated and stored on your browser. It contains information about you (nothing too personal, unless you choose to save passwords via your browser, and please don’t do that,) like the browser you’re using, the operating system, where you’re located (via your IP address,) and even the browsing history. They were originally created to optimize the performance of websites. Since there’s a history encoded in the cookie, the website does not have to fully reload each time you visit it – it sort of restores the previous session, and then updates the site with its latest content. This is why your shopping cart on e-commerce sites is “remembered” and preferences on other sites are stored. Each time you go back to the site, the cookie is updated with more information. So it’s a bit of a history log between your browser and a specific domain.
Disclaimer: This is an oversimplification of first-party cookies, but it will serve to help distinguish it from the other type.
Third-party cookies are different in many ways. First, and most important, they are stored under a different domain than the one you are visiting. They are typically “shared” from the domain you’re visiting with – you guessed it – third parties. The most basic example is this: you go and visit NYTimes.com to read the news, and you see banner ads on the top and along the right side from a brand like Toyota. Since NYTimes is a publisher, and has sold advertising space to Toyota, they may have also agreed to share your data, and allow Toyota to drop a third-party cookie to track your browsing behavior. The thinking with this was “it would help Toyota to know what other kinds of sites readers of the New York Times might visit, and what their browsing behavior is, so we can build a better profile of potential targets.”
Disclaimer: this is also an oversimplification of third-party cookies, but it should serve to help distinguish it from the other type.
So, the headlines you’ve been reading are misleading, because they leave out a very important qualifier: the only thing that’s “dying” is the third-party cookie.
Pushing out headlines like “the death of cookies” or “a cookieless world” is like saying “music is dead” just because we’ve banned Justin Bieber. It’s sensationalizing the story at best. It’s clickbait at worst.
First-party cookies are here to stay, and there’s no way they’re going away, since it would cut off hundreds of billions of dollars in revenue being transacted every year. First-party cookies form the basis of ad targeting, retargeting, (yes, you can still be retargeted via first-party cookies,) display advertising (banner ads,) most social media platform algorithms, and the mighty Zeus of them all, search engine marketing and its associated retargeting.
[The post ends there, but I have a few words to say about WHY third-party cookies are getting the axe.]
The whole kerfuffle over third-party cookies is generally about privacy, and not having one’s data shared without one’s knowledge. But who are we kidding? Our data is getting shared every day, all over the place, whether we a.) like it or not and b.) know it or not. Did you ever Google yourself? I’m sure you didn’t actively and purposefully put all that information there – it was aggregated from across the web without your knowledge or consent. How do you think data marketing companies make money? They go and mine data they already have, or it’s getting shared with them from retailers, credit card companies, and others. Yes, GDPR legislation has been adopted, but all it effectively does is add another annoying click before I get to the content I want on any new website. Ugh. And if the last year has showed us anything, (since third-party cookies have started phasing out and Apple’s iOS tracking regulations have been adopted,) it’s that you can still run effective and even mobile-friendly ads without third-party cookies and nobody is any worse for wear.
This author’s preference is to have his data shared (no social security numbers, credit card numbers or bank account numbers, thank you very much,) so that my general Internet experience is more carefully curated and more fully tailored to my preferences. Killing third-party cookies was accelerated as a knee-jerk reaction to the 2020 election and fears of the “echo chamber” effect, and more sensitive issues like child welfare, gender identity, and other possibly incriminating privacy gaffes. All the while, forgetting that you can still be retargeted via first-party cookies. They could have worked that stuff out and still made the Internet an interesting and contextualized place.
If Toyota wants to follow me around for two weeks to find out that I’m not a fit for their brand, so be it. At least I won’t see ads for the 2022 Camry hybrid anymore.