What is a Cookie? Why Are We Looking at a Cookieless Future?
With all this talk of our impending cookieless future, I think a lot of digital advertising professionals struggle with a couple questions from the start: what exactly is a cookie? And what makes a cookieless future so concerning?
In the simplest terms a cookie is a small data file, which is sent by various web servers every time you load a web page using either a desktop or mobile web browser. Cookies are classified in one of two ways: either first-party or third-party.
A first-party cookie is set by the domain of the website you’re visiting. For example, if you’re on yyy.com, yyy.com would set a first-party cookie on your browser with the domain yyy.com. This allows yyy.com to recognize you the next time you visit the site.
A third-party cookie is not set by the domain of the website you’re visiting, but instead is set by a third party. For example, if you’re on yyy.com which has given Ad Company X access to the page for the purposes of serving an ad, Ad Company X would set a third-party cookie on your browser with the domain adcompanyx.com, allowing Ad Company X to “recognize” you on other websites with which they have also been provided access to serve ads.
While cookies have been a foundational part of the internet since the early 90s, they were invented for the sole purpose of trying to make the newfangled internet endeavor commercially viable. Cookies eventually became the most popular and persistent way of tracking internet users in terms of marketing campaigns and site personalization, as well as more recently consent management. However, since the technology was really intended more for commercial purposes, it lacked the persistence to make either site personalization or consent management truly effective. And the way the court of public opinion has played out: cookies are now just known as annoying mechanics of online advertising with disturbing potential privacy ramifications.
Browser companies are well aware of their users’ frustrations with ads and have come up with various product differentiations to try to attract privacy-minded (or just ad-disinclined) folks to use their browser over competitors. These products usually fall into two categories: ad blockers and overall browser deprecation of cookies. You can consider ad blockers to be an appetizer to browser deprecation: ad blockers leverage blocking third-party cookies to power blocking ads, but when browsers deprecate cookie technology, all ad technology powered by third-party cookies will therefore be deprecated as well.
Another reason why cookie deprecation has become such an important product push for browser companies is worry over the legality of cookie technology itself. Internet data privacy is a serious concern, one in which globally the governance is woefully behind the technology, and governments are just starting to catch up. GDPR, a set of EU-based regulations, was one of the first out of the gate, but was quickly followed by legislation in California, Vermont, Brazil, and many other jurisdictions. There were two immediate operational concerns with these new laws: the laws themselves were inconsistent, so a blanket solution wouldn’t work, and consent management personalization, which relied at least partially on third-party cookie technology, was a very flawed way of handling consent management.
Since privacy is now the prevailing mindset for a modern internet, stakeholders came together and decided to deprecate old, flawed technology in favor of a solution that offered the data transparency and control that users are now rightfully demanding. So if a cookieless future is going to offer more user authority and fewer annoying ads following you, that sounds great, right? What could be concerning about that?
On the publisher side the main concern is the massive drop in ad related revenue that will occur if they do not come up with a strategy that will allow them to continue their programmatic and other audience-targeting related lines of business.
On the consumer side the concern is twofold:
Firstly, the technology to power a cookieless internet is likely to actually expose far more about a user (for instance: an email address identifier vs an anonymized cookie). Certainly there will end up being profile management tools that will help shield the actual user’s identity, but it is something for consumers to consider as we accept/reject new technology offerings.
Secondly, another important consideration is actually the same concern as that for publishers: this sea-change is likely to cause a huge drop in publisher revenue. Ads going away is not in fact a good thing, unless you’d like to live in a world where you pay out of pocket for all content you consume. Although advertising may be annoying and disruptive at times , it also is what enables publishers to stay in business. While it is certainly not users’ concern how publishers will end up replacing the income lost via cookie deprecation, it should concern users how this drop in revenue is likely to ultimately lead to further publisher consolidation and homogenization of available content, specifically from major outlets.
The next natural question is: what’s up next? A broad question to answer indeed! Time will tell what technology ultimately ends up overtaking the cookie, as neither interest in consent on the internet nor commercialization of the internet is likely to go away any time soon.
