Third-party cookies aren’t going anywhere: What does it mean for your role? 

The last few years of debate and decision about online cookies have left many privacy, compliance, marketing, and Information Technology (IT) professionals with whiplash.

At least for now, though, the dust seems to have settled, with Google announcing that they will continue to use third party cookies for the foreseeable future.

People in these roles can all pause, take stock, and reorganize around their new opportunities and responsibilities.

A quick look at the history up to and including today’s picture can help everyone know what to expect moving forward…

The past, present and (fortune cookie) future 

The origin story of online cookies takes us back to 1994, when Lou Montulli – a web browser programmer with Netscape Communications – both invented and named those text files we all call “cookies.” His original intent with cookies was to facilitate saving online shopping cart information, but of course the scope and use of cookies since then expanded exponentially.

In less than a year (1995), one of the first AdTech companies, DoubleClick, began to employ cookies in tracking web visitors across the web for ad targeting purposes. Google bought DoubleClick some years later (2008) for a staggering US $3.1 billion and expanded its advertising activities from search page ads to targeted website advertisements. Since then, the push-pull of conflicting pressures, with consumer and regulator privacy concerns on the one hand, and profit and monetary pressures for businesses on the other, has created a confusing churn of actions in the marketplace related to cookies.  

On reason for the shrill tone of the cookie debate is that the stakes are high. The profit pressures for companies related to online advertising are enormous. One source values the global AdTech market at for than USD 871 billion in 2024 and estimates a value of USD 2547.17 billion by 2032. Google reported approximately USD 305 billion in advertising revenue for 2023, which is not precisely the same thing as cookie-generated revenue but could be considered a close cousin.  

Legislative shifts

On the other end of the spectrum, regulators, privacy advocates, and consumers recognize the potential intrusiveness of online tracking through cookies. Privacy compliance professionals recognize that the correct application of the European Union’s GDPR requires opt-in consent for advertising cookies.

Many American State privacy laws, including the California legislation, requires at least opt out consent for third party advertising cookies. Other jurisdictions also implicitly or explicitly require consent for cookies. As a result, a brief survey of most public websites will show that companies have reacted to customer wishes and compliance requirements and present some sort of cookie banner experience through which web visitors can express some sort of choice regarding cookies.  

Technology shifts

Browsers responded to privacy concerns as well. In a trend started by Apple’s Safari, in addition to allowing users to set cookie preferences for all websites once in the browser, browsers began to hand over user control in other ways. In a trend also started by Safari in 2017, many browsers phased out third party cookies altogether.

At first, Google agreed to follow suit and committed to fully deprecate third party cookies in 2022. Google then extended that deadline to 2025. As that milestone date approached, however, Google abandoned its deprecation commitment altogether in July 2024. Given that Google’s Chrome browser is the heavy hitter of the browser marketplace, with more than 66% of global market share,  this large step back from cookie deprecation means that cookies are here to stay – at least in the short term.  

This leaves marketing, digital strategy, web development, and information technology departments wondering what all of this means for them. Especially those professionals who proactively prepared their companies for ‘going cookieless’ may now be asking ‘what now?’ The answer may be less dramatic than what one might think. One answer is that Google’s decision to step back from cookie deprecation only alleviates some timing pressure for the transition, but that smart companies will continue the journey to a cookieless future through other, non-cookie, marketing options. Here is why.  

Cookies still require consent

Though third-party advertising cookies may be around for a while longer, most jurisdictions still require some sort of consumer consent for them. Web visitors still opt out or fail to opt in to cookies, set their Global Privacy Control (GPC) setting to off, and block ads in other ways through their browsers and browser add-ons. Legislators still propose new laws to further define and restrict cookies and cookie consent experiences, and regulators are still eager to enforce the laws.

In other words, though third-party cookies are still a valid option for personalized advertising, they no longer represent a cloudless sky of opportunity without risk. Due to consent requirements and general customer suspicion of online tracking, available cookie data is already reduced and will continue to decline over time. Companies relying on third party advertising cookies also must address regulatory risk and the challenge of future-proofing practices against new regulations.  

There are other (privacy sensitive) options

A world without cookies does not have to be a world without targeted advertising. The earlier threat of Chrome’s cookie deprecation spurred investment and resulting growth in alternative practices and technologies. Artificial intelligence (AI) and other advancements, including in consent management platform solutions, make a first party strategy for targeted marketing a viable – even stronger and more effective – alternative to third party cookie-based marketing.

There are also techniques related to alternative identifiers and pseudonymization that provide a more privacy-sensitive way of target marketing. Regardless of the combination of strategy and tactics right for a given company, technology and related vendors have developed deep expertise and capabilities that can make the cookieless path not only painless, but also more productive for transitioning companies.  

Final thoughts…

Whether a company has taken a wait-and-see approach to evolution of third-party cookie deprecation, or whether it spent significant money preparing for a cookieless future, the fact that third party cookies are here to stay (at least in the short term) may just provide a little breathing room for transitioning away from them. Despite the churn Google’s uncertainty created, just the threat of deprecation was enough to spur innovation and vendor assistance that support alternatives to third party cookies. This means that the answer to the “now what?” question might be, “continue away from a cookie-based marketing strategy” – only without all the pressure of a deprecation deadline.