With Google recently committing to phasing out third-party cookies as Firefox and Safari have already done, we take a brief look at the possible alternatives and replacements for using cookies to track and understand user behaviour.

Cookies

Cookies are pieces of code/small text files used for tracking and stored on the browser of someone who visits a website. First party cookies are generated when a person visits one particular website (domain) and are only used for finding out what that person did when they visited that particular site. This type of cookie does not record details about a person’s activities when they go on to visit other websites after leaving that website.

Third-party cookies are created by a third-party (e.g. an advertiser) and are placed on a visitor’s computer when that user visits a website.  The purpose of third-party cookies is to track a web user and gather data about their activities and preferences (e.g. websites they visit frequently, what they purchased online and what they show interest in). This enables the building of a visitor profile which, in turn, leads to them being shown ‘relevant’ targeted adverts.

The Trouble With Third-Party Cookies

Google has recently joined other browser companies in committing to the phasing out (over 2 years) of third-party cookies. The reasons for phasing out third-party cookies are:

– Legislation. Improved and new data privacy laws. The introduction of GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) preventing tech companies from tracking everything that users do without permission and sharing the data with multiple other third parties.

– Privacy Campaigners. Many privacy campaign groups and others have challenged tech companies and advertisers over the years about privacy and tracking users.

– High profile Criticism. Among other things, in January the UK Competition and Markets Authority started investigating whether restricting cookies on Chrome could help Google increase its dominance in the online ad industry. For example, some commentators have questioned Google’s motives for removing third-party cookies, suggesting that forcing a reliance upon first-party cookies may simply be a way for Google to get more of a grip on the ad market and receive the revenue that would have been spent on third-party platforms.

The Challenge

The challenge is to create an alternative that is compliant, acceptable to users and privacy groups, and enables advertisers, publishers, and owners of ad-supported websites to keep revenue streams.  For example, Google (Ad manager) data shows that when advertising is made less relevant by removing cookies, funding for publishers falls by 52 per cent on average.

Alternatives

With this in mind, here are some examples of the possible alternatives to cookie-based systems:

– Using machine learning systems (Google) to model user behaviour and to pursue a modelled, first-party approach. This means using first-party data and the data Google can gather from users who consent, integrated with tools like the Google Tag Manager. Consent Mode, for example (announced in September 2020), gives advertisers access to a new tag setting, dubbed “ad_storage”.  This controls cookie behaviour for advertising purposes, including conversion measurement. With Consent Mode, a website visitor is given the option to consent to the use of ads cookies (or not) on the cookie consent banner, thereby enabling Google tags to determine whether or not permission has been given for the site to use cookies for advertising purposes for that user. If a user consents, conversion measurement reporting continues normally. If a user does not consent, the Google tags are adjusted accordingly to not use ads cookies, but instead to measure conversions at a more aggregate level. Crucially, Google’s Consent Mode enables the use of conversion modelling for those who don’t consent, thereby recovering some 70 per cent of ad-click-to-conversion journeys that would otherwise be lost to advertisers. Google believes that Consent Mode, coupled with its Tag manager is a way for Google Ads, Campaign Manager, Display & Video 360, and Search Ads 360 to continue reporting conversions while respecting users’ consent choices for ads cookies.

– Google’s Privacy Sandbox, which it originally announced last August, and touched upon again in January this year.  Google describes this as “a new initiative to develop a set of open standards to fundamentally enhance privacy on the web” and “a secure environment for personalisation that also protects user privacy”.  The idea of Sandbox is to move all user data into the Google Chrome browser where it can be securely stored and processed so that it stays on the user’s device and is, therefore, making it compliant with privacy laws. It is understood that the Privacy Sandbox may also include an algorithm to group people according to their common web browsing and thereby create ‘clusters’ of people (who can’t be directly identified) with similar interests. These clusters can then be targeted by adverts without affecting the privacy of the individuals in a cluster.

– Federated Learning of Cohorts (FLoC).  This is another Google idea that uses third-party data, doesn’t affect the ability of publishers to track their own visitors, and allows ads to be targeted at groups of users based on common interests (interest-based advertising). The FloC idea, however, has been met with criticism from the Electronic Frontier Foundation over privacy concerns and that it could be equivalent to a “behavioural credit score.”

– Microsoft’s PARAKEET proposal is an alternative to Google’s FLoC.   PARAKEET (Private and Anonymized Requests for Ads that Keep Efficacy and Enhance Transparency) places a proxy server between the user and the ad company, with users being given a unique ID, known only to the proxy server. This means that when a web page requests an ad, the request is routed via the proxy server and statistical noise is added to mask the user’s private data.  This system allows the PARAKEET gatekeeper service to provide aggregate reporting to ad networks.

– Systems made by rivals of Google Ads, such as Trade Desk Inc’s (open source) Unified ID 2.0 where people can protect their privacy by logging on to websites using encrypted copies of email addresses, i.e. the system creates an identifier for each person who logs in with their email address. Also, Criteo SA, an AdTech company is reported to have developed a possible alternative.

What Does This Mean For Your Business?

The ad ecosystem, which ultimately provides huge amounts of revenue for companies like Google also supports (and is very important in revenue terms for) ad customers, publishers, and owners of ad-supported websites. While new solutions must be found that provide acceptable levels of privacy (which is a task in itself), the way forward in terms of alternatives to cookies has generated a number of different options including the use of machine learning, proxy servers, and encrypted email logins, all of which are designed to provide smarter and more private and acceptable ways of still supplier data for advertising. With Google being the most powerful of the big advertisers and cookie users, it appears likely that its modelled, first-party approach using its machine learning resources is going to be the most prominent replacement for cookie-reliance. It is relatively early days though, and the important aspect for many businesses that rely heavily upon Google Ads is that any new system is still able to provide the same or better results in terms of conversion.