Open Navigation
Cardlytics Research and Insights
Blog

Third-Party Cookies and Their Impact on Privacy

Google’s 2020 announcement that it would ban the use of third-party cookies in 2022 made big waves for both consumers and digital marketers. Cookie privacy isn’t a new concern—Apple’s Safari and Mozilla’s Firefox browsers have been blocking cookies for almost a decade. But the news that Google planned to follow suit rocked the industry. 

That’s because Google Chrome is by far the most popular browser, accounting for over 63 percent of all global web traffic. Apple’s 20 percent and Mozilla’s 4 percent pale in comparison to Google’s tracking power. It’s no wonder that the latest move by Google has been hailed as the death of the third-party cookie. 

Google’s capitulation suggests that the cookie battle may finally be over and that privacy advocates are the de facto winners. But that means big changes for advertisers. What does that future look like? And how do privacy-safe solutions like Cardlytics’ “whole wallet” view provide the same impact for marketers without sacrificing consumer privacy?

What are third-party cookies?

Cookies are a bit of JavaScript embedded in a website that stores data about a particular browsing session. Cookies come in two main flavors, first-party and third-party. 

First-party cookies are created by the host domain (think GoDaddy, Hostgator and WPEngine) to help create a better experience for the user. They store data like website preferences, usernames, passwords, and shopping cart contents. First-party cookies are generally considered ‘good’ cookies and don’t draw the ire of privacy advocates.

Third-party cookies, on the other hand, are not created by the website a user is visiting, but by other entities such as marketers, advertisers, and social media platforms. Cookies can be placed on multiple sites allowing the tracking entity to create a holistic picture of a user’s activity on the web.

What do third-party cookies do?

Third-party cookies collect an impressive amount of information about users. Cookies track information about search requests, page visits, time on page, purchase decisions, even social media ‘likes.’ 

But that’s just the beginning. Cookies can also help advertisers pool data such as age, gender, occupation, income, location, payment types, and interests to create highly detailed user profiles. 

This type of tracking can be incredibly intrusive because most users feel that they haven’t given advertisers explicit permission to collect so much personal data. 

Privacy concerns with third-party cookies

Cookies aren’t inherently bad and, in fact, about 95 percent of all websites use cookies for relatively harmless purposes that ensure a returning visitor has a seamless experience. 

The problem is that ad networks track and store incredible amounts of information, including personally identifiable information. Because they place cookies on a massive variety of sites, they may have access to sensitive information such as medical history, sexual orientation and gender identity, and even political affiliation. Even more troubling is that this information is likely linked to the user’s real name.

Privacy as a human right

Third-party cookie tracking is ubiquitous and all-encompassing; it’s become a central pillar of modern digital advertising. The privacy implications are obvious and enormous. In just the past 10 years, massive data breaches have exposed billions of users’ private information, much of it collected and stored through the use of cookies, often without the user’s knowledge or explicit permission. 

Few privacy violations rocked the collective conscience like the Cambridge Analytica Facebook scandal. Prior to the 2016 elections, political consulting firm Cambridge Analytica harvested vast swathes of Facebook user data and used it on behalf of political campaigns to help shape voting behavior. 

While most Facebook users were peripherally aware that the social media company collected personal data, few had any inkling of the scope and detailed nature of the information Facebook stored. Even worse, they had no idea that using certain apps on the platform gave the app developer access to the personal data of all their Facebook friends. 

For many, the Cambridge Analytica scandal was a watershed moment that galvanized privacy advocates and brought privacy as a human right to the forefront. As a result, consumers are becoming more savvy about cookie tracking and the information they are willing to share.

Tech steps up

Regulators and legislators have been trying to tame the third-party cookie beast since the dawn of the 21st century. The EU passed a series of e-privacy directives under the General Data Protection Regulation (GDPR), including the ‘cookie law.’ Several states in the US passed similar privacy protection laws, including the California Consumer Privacy Act (CCPA). These measures are designed to bring more transparency to third-party data collection and cookie-based privacy issues.

A few forward-thinking tech CEOs championed the cause of cookie privacy, taking the lead in giving consumers control over their data. Apple CEO Tim Cook was among the first to give Safari users the ability to block third-party tracking in 2012. Apple remains at the forefront of privacy. Its latest iOS 14.5 rollout includes features that provide deep transparency into the type of tracking that takes place on consumers’ devices and the ability to opt out at the site and app level. 

Apple has forced other major tech companies to change their approach to cookie privacy. Facebook launched a very public PR war against Apple, claiming Apple’s privacy protections will harm businesses that rely on cookie-based advertising. The spat underscores the fundamental tug-of-war between profit and privacy; iOS 14 threatens the $86 billion in targeted ad revenue Facebook generates each year. 

Google’s upcoming cookie phase-out is also likely at least partly due to Apple’s privacy protection rollout. Whatever the impetus behind the change, however, Google’s new cookie policy represents a sea change for marketers who’ve relied for years on cookie-based targeting.

The coming cookieless future

Ready or not, the death of third-party cookies is imminent. While marketers should be prepared for some disruption, a cookieless future presents an opportunity for brands to be on the forefront of more transparent, privacy-friendly solutions that win consumers’ trust.

Cardlytics has always been ahead of the cookie privacy debate. Our platform uses relevant, first-party insights obtained from one in every two credit card swipes and combines it with powerful Purchase Intelligence built on real transactions from real banking customers.

A cookieless future doesn’t have to mean an end to targeted campaigns. Cardlytics helps you reach the right audience with the right offer without compromising privacy.

Get our insights delivered to you

Stay up to date. Subscribe now.

Research & Insights