How to Prepare for the Cookieless Era

Digital Marketing Technology

Eversince Google announced that third-party cookies will be disabled in the Google Chrome browser by 2022, increased attention has been drawn towards Cookieless matter in the digital advertising industry. 

However, a new study by Aroscop and Brand Equity that polled over 450 marketers, advertisers, publishers, and technology providers, found that only 22% of the respondents believe that a cookieless future may have a severe impact on brand building and only 8% of the respondents have deployed alternate solutions to prepare for the shift.

Disabling cookies is a topic that should be accurately understood and appropriate action to be taken by everyone involved in digital marketing.  Read this article and find out what Cookieless is all about and how you can prepare for the new era. 

Cookie is a text file with a small piece of data. When we visit a website, the server sends cookies to the browser to record the data such as the number of times to visit the site and how we behave on pages. The cookies will be stored in the user’s browser for a certain period of time and the data will be utilized for the next site visit. For example, cookies help browsers to save login information, and products added to the cart on online shopping stores.

What are the first-party and third-party cookies?

There are two types of cookies: first-party and third-party cookies. From a technical perspective, there is no real difference between the two types of cookies. The difference is defined by who issues the cookie and for what purpose it is used.

Cookies that are issued by the website which the users are visiting are called first-party cookies. These cookies are used by the website owners to collect analytical data, remember user preferences and provide a personalised experience on their web site.

On the other hand, third-party cookies are issued by entities other than the website that the users are visiting. It’s often the providers of advertising on the web site as the image ow shows. Third-party cookies are used for cross-site ad tracking, wider audience profiling/targeting and personalisation in advertising.

Recent movements regarding third-party cookies

Thanks to third-party cookies, users can see personalised advertising according to their preferences. However, there are people who don’t want their data to be collected without noticing and used for targeting advertising based on cookies issued by the entities other than the web sites they visit.

In view of this, several countries have already enacted laws regulating the use of third-party cookies to protect consumer privacy. The EU General Data Protection Regulation(GDPR) and California Consumer Privacy Act (CCPA) are the most famous examples. While in Asia, the Personal Data Protection Act (PDPA) in Singapore, the Personal Information Protection Act (PIPA) in Korea, the PDPA in Thailand and China’s Cybersecurity Law (CSL) have also been enacted.

In the meantime, browser providers are starting to move towards disabling third-party cookies. Apple, the provider of Safari, launched ITP (Intelligent Tracking Prevention) as a feature of Safari in September 2017, putting strict restrictions on the use of third-party cookies. Mozilla, the provider of the Firefox browser has turned on blocking of third-party trackers by default in Firefox for desktop and Android since September 2019. 

However, the largest impact comes in the future when Google Chrome (which has more than 70% of browser share in Asia) sunsets the use of third-party cookies in 2022.


[Column] Is this different from the issues surrounding iOS14?

Another hot topic related to user privacy and data usage is Apple’s announcement that app developers need to receive the user’s permission through the AppTrackingTransparency framework to track them or access their device’s advertising identifier (IDFA) from iOS 14.5.

IDFA is the unique ID to identify iOS devices and it’s mainly used for measurement and optimisation of app advertising campaigns. So far, users have been able to reset their IDFA and opt out of ad measurement and ad personalisation using their ID. However, starting with iOS 14.5, each app needs to ask users for permission to collect and use their data (change to opt in scheme). This will significantly reduce the amount of data and will have a huge impact on app advertising campaigns.

The sense of the issue behind this is the same as the discussion around third-party cookies. It’s for putting the control of data use back in the hands of the users. Briefly, the difference is that third-party cookies are the technology for the browser, whereas IDFA is for apps.

The disabling of third-party cookie will affect the digital advertising industry in 4 main aspects: audience targeting, retargeting, conversion measurement and frequency control.

1. Audience Targeting

The audience targeting features offered by advertising platforms rely on the data of online user behaviour stored by third-party cookies. As major browsers will block third-party cookies, the amount of user data that advertising platforms will be able to capture and utilise for targeting will be reduced.

2. Retargeting Advertising

Retargeting advertising is generally recognised as an advertising method that is more likely to lead to conversions, because it allows advertisers to reach people who are already interested in their products or services. By embedding retargeting tags issued by the advertising platform into the website, advertisers can store the visitors data and deliver the advertising outside of the site. However, retargeting ads also use third-party cookies, which means that it will no longer be available in near future.

3. Conversion Measurement

Even if third-party cookies are disabled, it is still possible to measure conversions if users enter your website via advertising and make purchases without leaving the site.  However, in many cases, users will search for products and visit the product pages multiple times before making purchase decisions.  If third-party cookies are disabled, you will no longer be able to measure attribution from ads other than the last click before conversion, and we will probably see fewer conversions from ad campaigns.

4. Frequency Control

Advertisers tend to show the same ad creative to a user for a limited number of times per day/week. And, this frequency control feature relies on third-party cookies. Without third-party cookies, as there is no way to do frequency control yet, ad experience is going to be worse.

Impact on each stakeholder

Here we look at the impact of disabling third-party cookies will have on each stakeholder in the digital advertising industry.


Internet users will have more control over their online privacy. On the other hand, they will be more likely to encounter advertising that they are not interested in, due to the difficulty of advertising personalisation. 


As mentioned earlier, advertisers will no longer be able to use audience targeting and retargeting method using third-party cookie technology, so they will have to explore new ways to reach their target audience.

It is also predicted that more advertisers will reallocate their performance advertising budgets to awareness and branding marketing activities.


The audience data gained from third-party cookies has helped to increase the value of the ad inventory. Disabling third-party cookies would lower CPM and reduce revenue for publishers. A study by Google, which disabled browser cookies for some users and looked at the impact it had on publishers’ revenues, found that publishers’ revenues fell by 52% on average.

Practical Solutions

While a perfect alternative to cookies has yet to be established and is still being explored, here are some ways in which advertisers and publishers should expect to make use of them.

First party data 

Publishers and brands are starting to obtain user data without depending on cookies, for example, they ask users to sign up to access their premium contents.The sign up form can include email address, contact number, as well as occupation, income range, interests and so on. Marketers can utilize these data for their own marketing. 

Second party data

Project Rearc* encourages marketers to explore the use of second party data, which is sharing the first party data between different, trusted, non-competing organisations.

Second-party data refers to first-party data from one business that was given exclusively to another business. This exchange of data may occur between businesses, marketers, platforms or publishers. The use of second-party data represents an opportunity for marketers to leverage each other’s data and come up with mutually beneficial arrangements. Ultimately, customers should be the main beneficiaries of such partnerships because their favourite brands can offer more relevant and personalized experiences.

*Project Rearc is an initiative introduced by IAB and IAB Tech Lab. Stakeholders across the digital advertising and media supply chain are working together to propose data uses which do not rely on third-party cookies, and try to find new privacy-friendly solutions.

New user identify framework

To keep the healthy ecosystem in the digital advertising industry, the development of new frameworks for user identification is being explored. In most cases, publishers, advertisers and ad tech companies work together to develop new ID frameworks to continuously offer optimized advertising experience.  

▼Leading framework for user identify

To create cookieless targeting capability, these ID frameworks are going to identify each user that they are currently engaging with or delivering ads across multiple touch points. Each of these users will be given an anonymous identifier by using hashed first party data by publishers and advertisers such as email address, contact number, and online/offline behavior. 

This solution should support transparency and privacy control so that users have choice over the use of their data and they can choose to opt in or out, also allowing them to customize user experiences.

FreakOut has also joined the Unified ID 2.0 initiative led by theTradeDesk to work towards a better approach to consumer identity across the open internet.
[LINK] Unified ID Solution 2.0 | The Trade Desk

Google Chrome’s Privacy Sandbox

Privacy Sandbox is a new advertising system for Google Chrome browser proposed by Google in 2019 that will replace third-party cookie while protecting user privacy.The detailed mechanism is still under discussion, but at present, the following APIs are being considered for use.

Advertising on Premium Media 

Before the third-party cookie enabled programmatic media buying, media category and contents targeting were commonplace. Advertising on premium media that require users to log in to read quality editorial contents, or vertical media that have apparent user interests, enables to approach categorised groups of users without relying on audience targeting.

Contextual targeting 

Contextual targeting is a solution that is attracting particular interest as an alternative to third-party cookie based audience targeting.The intention for contextual targeting is to drive user engagement by serving ads that are relevant to the content being consumed. 

With the recent improvement of machine learning, contextual targeting capabilities have become much more intelligent, resulting in a move beyond simple keyword, category, and inclusion list targeting. Meanwhile, creative optimisation is now available which allows you to choose the most relevant ad from a range of materials depending on the content of the surface.

In addition, contextual targeting solutions for not only text based articles, but also video contents are now offered that can understand the context of videos and play relevant video ads.


Privacy regulation is an irreversible trend, but it is essential for making the internet a better place for consumers. All stakeholders in the industry should take this issue seriously in order to build a continuous relationship of trust with consumers.

Keep up with the ever-evolving solutions for the cookie-less era and take the necessary measures for each organization, while keeping privacy at the top priority.

Reference List