Most people don’t know the name Lou Montulli but he’s indirectly responsible for one of the biggest invasions of privacy of the modern era. In 1994, Montulli was a 23-year-old founding engineer at Netscape with a number of Internet innovations to his credit, including web browsers, HTTP proxying, and the infamous tracking cookie.
Montulli never imagined the privacy issues that would arise from the cookie. The Netscape founders were extremely privacy-focused, as were most early Internet pioneers. When Montulli created the cookie to help a single website remember a particular user from visit to visit, he believed the small text file it contained would not allow users to be tracked.
As history shows, that was definitely not the case. In record time, ad tech companies figured out how to hack the cookies and track users from site to site as they browsed the Internet.
Nearly 30 years later, ad tech has become increasingly stealthy and sophisticated in its ability to collect consumers’ most intimate personal information, often without their explicit consent. But the war between privacy advocates and the $120 billion digital advertising industry may be at an end. With Google’s latest timeline for privacy milestones, third-party cookies will disappear completely in 2023. The privacy advocates prevailed and the era of cookieless advertising has arrived.
The switch to consent-based data collection represents a significant change for consumers and advertisers alike. Although Google continues to work on third-party cookie alternatives, no viable replacement is on the immediate horizon. Given the profound implications of a cookieless future, it’s worth looking at how we got here.
How the cookie became so important
In the early days of the Internet, websites had a memory problem. They lacked a mechanism to recognize a returning user. It was a disaster from a user-experience perspective. Many of the features people take for granted today—shopping carts that remember our selections, websites that remember our login credentials and site preferences—couldn’t exist without Montulli’s cookie invention.
When advertisers figured out how to exploit cookies for revenue, the problem was more nuanced than it first appeared. At the time, advertising was the only source of revenue for most websites. Robust ecommerce was years in the future. So advertising was the only way to monetize websites and essentially keep the whole Internet in business.
The underlying exchange—free content for a limited amount of advertising—was nothing new. Radio and TV operated on a similar system. The problem was the extensive data collection and privacy implications, as you can see from the following timeline of events.
The reign of the third-party cookie
Once Google bought DoubleClick, the Internet became the wild, wild west for third-party cookies. Without regulatory oversight, ad tech companies became ever more aggressive in their data collection tactics. They went beyond online behavior and location to personal information like age, gender, income, health status, and even, in some highly unethical cases, keystrokes.
The concept of Internet privacy was dying on the vine. Despite the 2002 ePrivacy Directive requiring websites to inform users about data collection activities and allow them to opt out, many sites did not allow users to block cookies. The objective for ad tech was to collect and monetize as much detailed personal information as possible.
The tracking frenzy finally caught the attention of the Federal Trade Commission (FTC) and the European Union (EU). In 2012, the FTC slapped a record-breaking $22.5 million penalty on Google for misrepresenting their tracking activities on Apple’s Safari browser. The EU passed Directive 2109, also known as the Cookie Law, which led to the ubiquitous cookie consent popups on websites.
Big Tech also stepped up to give consumers more control over their data. Both Apple and Mozilla enabled third-party ad blocking on their browsers, and later, disabled third-party cookies altogether. Google Chrome, the leading browser, was the only holdout.
In 2008, Cardlytics launched its native ad platform. Cardlytics was a new solution to the privacy needs of the moment. Because it operated within the digital channels of major financial institutions and used first-party purchase data obtained with consent, it offered advertisers an ethical approach to targeted campaigns.
Internet privacy hits mainstream
Whether due to the flurry of legislation or the collective shock of the Cambridge Analytica scandal, in 2019, Big Tech finally stepped up to protect consumer privacy. Apple and Mozilla took the lead, giving users maximum control over cookies in their browsers. Apple’s Intelligent Tracking Prevention not only disabled third-party cookies, but it also gave users control over their first-party cookies for the first time.
Google was the last to the privacy party but it, too, is phasing out support for third-party cookies in 2023.
What’s coming in 2022 and beyond?
There’s a lot of apocalyptic messaging about the future of cookieless advertising. The Interactive Advertising Bureau projects that cookieless advertising will cost publishers $10 billion in revenue while Google estimates they’ll lose 50% to 70% of their ad revenue.
The developers at the Privacy Sandbox, Google’s initiative to replace third-party cookies with privacy-conscious alternatives, are working on a set of API solutions. Although Google’s Federated Learning of Cohorts (FLoC) was paused, other options are still on offer. Turtledove, for example, is designed to enable granular retargeting on an individual level. SPARROW will allow advertisers to create lookalike campaigns built around interests. FLEDGE will help them target specific user cohorts.
All of these are still in development, however, so their features and future functionality are uncertain.
The bad news is that 75% of marketers believe cookie deprecation will negatively impact their business, and nearly 80% haven’t tested an alternative solution. The good news is that organizations still have more than a year to develop and implement a plan before Google pulls the plug on third-party cookies in late 2023.
The future of cookieless advertising is in flux. Cardlytics offers a proven solution for precision targeting that doesn’t rely on third-party cookies. Get in touch to learn more.