We’ve all heard that third-party cookies are living on borrowed time, but until now, hard numbers have been elusive and a number of questions remain unanswered. I’m not talking about mind-bending abstractions or complex conundrums - rather, the fundamental kind of questions such as: how large is the third-party cookie dependency? What are third-party cookies used for? What is the risk presented by third-party cookies being phased out? What is the scale of the task at hand?
To answer these questions and more, I started a research project and called on a few friends at ObservePoint and Similarweb to help me select and pull the data. As a recovering analyst and not someone to do things by halves, I analysed the data for almost 400 sites spanning three markets to get beyond the opinions and hyperbole and compare the exposure of the top 100 sites in Australia, the US, and the UK.
We discovered that 81 of the top 100 websites in Australia have a dependency on third-party cookies, with advertising tech being accountable for the majority of third-party cookie domain counts (87.7% of total 1,681). Measurement was a distant second place contender with 5.8%.
Of more concern perhaps, was the small but notable proportion of cookie domains (1.7% of the total count) that had third-party cookie dependencies relating to ‘functional’ and ‘necessary’ cookie categories - the kind which supports things like live chat, social sharing, log-in and payment solutions.
Large or small, businesses need to act now
While Google has provided an extension to phasing out support for third-party cookies, it should be viewed as a ‘stay-of-execution’ rather than full pardon. Dependencies must be identified and mitigated as soon as possible to avoid future potential negative customer experiences.
It’s a reasonable starting assumption that small and medium-sized businesses may find similar or greater dependencies to those observed among the top-ranked sites. Organisations that put off or worse, ignore, addressing third-party cookie dependencies are at higher risk of reduced marketing efficiency and lower return on marketing investment, diminished measurement capability, and site functionality issues - all of which are largely preventable.
Mitigating the risk
The first step towards mitigating third-party cookie dependency involves figuring out the scale of your exposure. On average, the sites tested had 20 cookie domains and 37 cookies. In the Australian top 100, for example, the highest number of third-party cookie domains was 84, with 165 cookies.
Next, cookie domains should be grouped into categories to produce a risk profile, before digging into the details on a domain-by-domain and cookie-by cookie-basis. This will help highlight the types of tech and capabilities within the digital landscape that will be impacted.
Finally, once the scale and nature of the exposure and risk are understood, it is important to put together a robust roadmap to help position yourself well for the post-cookie era.
Marketers and business leaders can mitigate third-party cookie dependencies by working closely with developers, media agency partners, and adtech support teams to migrate existing solutions to first-party or server-side implementations where possible. If you identify advertising tactics or technologies which will simply not be possible without third-party cookies, then prepare to reallocate budgets and switch tactics ahead of time.
Consider using contextual targeting - this re-emergent alternative approach is back from the dead after being somewhat supplanted by cookie-based approaches. Contextual advertising targets either the specific site, type of site, or specific site content to maximise relevance.
For example, if you’re a furniture brand, it makes sense to place a furniture ad on an interior design website or a blog article discussing interior design. Contextual ad targeting can be very effective and doesn’t require third-party cookies to work.
Watch the walled gardens, by which I mean Google, Facebook, mazon, who are still jostling for position in terms of developing alternatives to cookie-based advertising. In the last six months, we have seen The Trade Desk’s unified ID 2.0 third-party cookie alternative given the cold shoulder by Google, which proposed FLoC within their ‘privacy sandbox’... which appears to have been blocked by some Amazon sites. Who knows what next week will bring?
While so much uncertainty remains, it’s anyone's guess where we will be at the end of 2023 when third-party cookies are scheduled to be phased out by Google Chrome. One constant though is the importance of remaining vigilant and ensuring that you leverage the latest and greatest features to drive value.
Revise your strategy
A key theme for any future state is a fundamental shift to respecting user privacy and competing on trust. One of the most important strategic moves should be increasing investment in first-party data assets, tech and capabilities that will support competitive differentiation and minimise the dependency on third-party ad spend as far as possible.
First-party data confers additional benefits of full ownership and control of user-consent management, which can foster sustainable, trusting relationships where users are happy to log in.
A natural bedfellow for first-party data is second-party data partnerships, which represent an increasingly appealing alternative to ‘all-in’ on Google, Facebook, Amazon. They can enable profile enrichment, enhanced targeting, and expansion of advertising reach with non-competitive organisations in a consented and privacy-compliant manner - though flexibility comes with an associated cost in terms of effort required in negotiating deals and the mechanics of data exchange.
Irrespective of how things play out between the big ad platforms and whenever third-party cookies are finally phased out by Google Chrome, one thing remains clear: the current exposure needs to be proactively understood, and risk mitigation roadmaps must be put in place in order to better position businesses for the post-cookie era.