Everything marketers need to know about the death of the cookie

Online marketing has gotten ever-more complex since cookies lost their full powers to track consumers from website to website and since device identifiers started disappearing, thanks to actions from companies such as Apple to stomp out “surveillance advertising” on iPhones.

Apple has even made its pro-privacy push a foundation of its own advertising.

Frankly, the data party ended for easy internet advertising. Arun Kumar, CEO of Kinesso and global chief data and marketing technology officer at IPG, puts it this way: “Imagine you’re in a club and there is low lighting but it is consistent lighting and you’re able to see everyone in the club.” That was what it was like under the old paradigm, when ad marketplaces enabled brands to sift through cookies on everyone’s web browsers and know everything about them: what they shopped for online, their interests, their internet viewing habits.

Watch: A growing horde invades man’s life in Apple privacy ad

Now, “you’re starting to see strobe lights,” Kumar said, “which are very powerful, but they’re inconsistent, they flash, and you can see movements of people, but you can’t see them all the time. So you have to infer.”

Why are cookies going away?

In 2017, Apple — the device maker that accounts for more than half of the U.S. phone market — decided that the personalized advertising industry was out of control. It started limiting the kinds of trackers it would tolerate on its iPhones. Cookies were first in the crosshairs with a program Apple called Intelligent Tracking Prevention, which limited third-party cookies through Safari web browsers.

The industry pushed back at first. “We strongly encourage Apple to rethink its plan to impose its own cookie standards and risk disrupting the valuable digital advertising ecosystem that funds much of today’s digital content and services,” declared a 2017 letter from six major advertising industry groups such as 4As, ANA and IAB.

Cookies have been going away from most web browsers, and even Google, the biggest internet ad company, is moving away from them on Chrome. And other trackers have been going away, too, like device IDs known as the Apple Identifier for Advertisers, IDFA, which have been the connective tissue for apps to conduct marketing on mobile. And lately, Apple has been restricting collecting internet protocol addresses as a workaround identity data for targeting.

• Why Google’s timeline to kill the cookie irks ad tech companies
• What Apple’s iPhone update means for the ad industry

Why are cookies important to advertisers?

The average users may vaguely understand the concept of cookies when they clear their browser history; by erasing their previous browser sessions, the web addresses from past sessions disappear, and sometimes readers have to reenter passwords into websites because they erased the cookie that previously retained their logged-in status. Erasing the cookies also erases the tracks that marketers previously followed to, say, retarget ads or detect if people were in the market for certain products.

There is a difference, though, between a first-party cookie, meaning one the publisher implants on a reader’s browser, and a third-party cookie, which gets dropped without the reader really consenting to an unknown party keeping tabs on their whereabouts.

Read: Privacy watchdog slaps IAB, real-time ad bidding on notice

Cookies have since been regulated through acts like the General Data Protection Regulation in the EU in 2018, and the California Consumer Privacy Act in 2020. Web users have gotten used to seeing consent forms on almost every website that ask readers to either accept or decline cookies, and they often disclose the potential uses of those cookies and third parties that could potentially access the data collected.

Is publisher revenue in decline?

There is a whole ad tech ecosystem with supply-side ad networks, demand-side ad networks, data management companies, retargeting ad companies, and major internet ad companies like Facebook and Google that auction ads in real time for the ad inventory that loads on millions of websites and apps.

The publishers, even the big ones such as The New York Times, Wall Street Journal, Gannett’s USA Today, Bloomberg, Insider, Condé Nast, Hearst and the rest often depend on retaining data about who visits their sites to sell targeted ads and to run multiple web domains for their multiple publications. When Google or Apple change the rules on what data can be collected on their devices and browsers, it can affect how all these companies make money.

There are plenty of publisher support organizations advocating for the open web that claim free content is only available because of the data industrial complex and, without it, a free media and services for consumers are at risk.

“Publisher revenue is really in jeopardy,” Orchid Richardson, senior VP, programmatic and data center, IAB, told Ad Age following the release of a report on the subject earlier this year. “It’s at $10 billion, we’re forecasting that [publishers are] going to lose, because we’re not going to be able to do audience targeting and leveraging third-party data, if we don’t come up with a solution.”

Read: Publishers risk losing $10 billion thanks to cookie cuts

What are the dangers of cookie data leaks?

When the online ad inventory goes into the complex internet auction ecosystem, the cookies and sometimes personal information can leak into what’s known as the “bidstream,” and it can get slurped up by parties with whom the web user never consented to share.

The potential insecurity of the bidstream was highlighted in one report in 2020 about how the gay dating app Grindr exposed personal information on its 3 million users through the ad tech ecosystem. The report called out ad platforms such as OpenX, AT&T’s Xandr, and Twitter’s MoPub for allegedly lax enforcement when it comes to ensuring any data transmitted was done so with the consent of users of apps like Grindr.

Read: Twitter suspends Grindr from ad platform

“Twitter’s MoPub managed data transmissions that included personal data of a Grindr user,” researchers from Mnemonic, a Norwegian security firm, said in its report calling for fines against ad tech companies. “Simultaneously, a number of other third parties were observed receiving personal data directly through their SDK integrations in the Grindr app.”

U.S. regulators have been following their European counterparts scrutinizing the practices that have been exposed in the real-time bidding ecosystem. The Senate has held hearings on the subject, most recently on Sept. 29 in a session called “Protecting Consumer Privacy.” And lawmakers recently approved a whopping $1 billion to enhance the Federal Trade Commission’s privacy enforcement powers.

How are the privacy concerns being addressed? 

The industry is getting innovative to replace the function of cookies and device IDs like IDFA. Google has undertaken what it calls Privacy Sandbox, a program that will attempt to infuse anonymity into the advertising supply chain by relying on “cohorts,” groups of individuals to target and measure ads rather than personal identity. Facebook has been developing what it calls Privacy-Enhanced Technology to do the same.

Other players in the supply chain are banking on new kinds of online identifiers to do the connecting between ad networks and consumers. Those identifiers are rolling out with rapid speed from stakeholders like the ad platform The Trade Desk, developing Unified ID 2.0., now operated by Prebid and endorsed by Magnite, SpotX, Index Exchange  and others. Ad agencies like OMD and IPG have expressed willingness to work with Unified ID 2.0. That ID relies on email addresses, anonymizing them through encryption, to create profiles on web users, who could theoretically be targeted with ads without the need for matching them with now non-existent cookies on websites they visit.

“We are seeing collaboration with the open internet,” Sara Stevens, VP of digital capabilities at Epsilon, said about the industry efforts. “We have consortiums like [Partnership for Addressable Media] looking to collaborate with the non-walled gardens and allow our IDs to communicate with alternate IDs.”

What are the post-cookie first-party data marketing challenges?

The loss of cookies and other trackers has created a rush for brands to harvest first-party data, which has become the gold standard for marketing campaigns online. What’s so appealing about first-party data is that it theoretically comes with the direct consent of the consumer, who can be confronted with a consent option at the point of contact online or in a store. Sometimes merely filling out a form online gives the opportunity to capture their permission.

Earlier this year, Unilever’s Executive VP for Global Media Luis Di Como told Ad Age in a statement that the company is investing in first-party data tech to address the post-cookie marketing challenges. Procter & Gamble Co. Chief Brand Officer Marc Pritchard said the same: “Over the course of the past couple years, the mindset we have simply taken is that we will have a more privacy-focused internet with more opt-in, that’s consent-based, with consumers having a say in what data they provide,” Pritchard told Ad Age. “As our good friend and CEO of Gillette Gary Coombe says, ‘If it’s inevitable, get enthusiastic.’”

Read: Why marketing might be better off without cookies

The key to using this data, however, could come down to relying on the new ad ID products popping up in the ad tech ecosystem. Instead of cookies, the marketers need to match the consumer through those new connectors. That is still going to be a challenge, the more platforms like Apple shut down pathways to understanding exactly who it is browsing the web at that moment.

A lot of times, marketers will be relying on what’s knowns as “probabilistic” models, which are basically guesses, compared to the older “deterministic” models afforded by direct cookie matching.

“In the past, the ID space was largely deterministic,” said Kumar of Kinesso and IPG. “But in the future, given the regulations going and with obviously the cookie going away, and various other changes that are being made by the likes of Apple, you’re going to see a greater linkage of that identity space to first-party data.”