Everything You Need to Know about Third-Party Cookies

An essential part of web monetization, these online IDs will disappear when Google Chrome stops passing cookie data to tech vendors. When that happens, the primary revenue stream for content on the web – advertising – will be at risk.


Third-party cookies are the data files collected by technology vendors when people visit a website. Cookies are an ID for that user so that the site operator can recognize individual visitors and their activity on the site, such as the stories users previously read or items they added to a shopping cart.


Cookies were introduced during the early days of the commercial internet as a non-intrusive means of anonymously tracking users.

First-party cookies are typically used by site owners for things like customer profiling, site analytics and fraud prevention. The information contained in these cookies generally does not leave the specific site they are used for.

Third-party cookies are most commonly used for online advertising. Instead of being used on a site-by-site basis, third-party cookies are either generated by ad serving technology or are generated by third parties that place tags on multiple sites (such as a company‘s owned and operated portfolio of web brands or a of group sites that are represented by a single media company) so the information they attain can be utilized across the web. Since all advertising technology vendors see the same cookies, the online advertising ecosystem can cohesively match and measure audiences.

What‘s next:

Advertisers and adtech companies use third-party cookies to target audiences. Meanwhile, publishers use third-party cookies to increase the value of their ad impressions and demonstrate return on investment (ROI) when their audiences see ads and later make a related sale.

Both the Safari and Firefox web browsers eliminated support for third-party cookies over the past few years. In 2023, Google Chrome — the most popular web browser — will follow suit. So third-party cookies will disappear in the next two years when Google Chrome stops passing cookie data to technology vendors, citing privacy standards.

When that happens, the primary revenue stream for content on the web — advertising — will be at risk.

Supporting views:

Consumer advocacy groups have long pushed for the elimination of most forms of cross-site consumer tracking online. Increasingly, regulators across the globe have been pushing for far more transparency and consumer control with regard to web targeting.

Apple — which owns the Safari browser — has been a vocal proponent of eliminating web tracking, using privacy as a value proposition in its marketing as well as a way to present itself as pro-consumer to lawmakers. Meanwhile, Google‘s ad business stands to be impacted fairly significantly by the elimination of third-party cookies, though the company also stands to gain if its proposed targeting alternative — the Privacy Sandbox   — catches on.

Opposing views:

Third-party cookies are an essential part of web monetization, particularly for the open web. Therefore, any company that relies on cookies to drive its advertising revenue is facing a fundamental threat to its business model. That list includes individual publishers, adtech companies and attribution firms. In addition, brands will lose some ability to target individuals who have shown interest in particular products.

Of course, companies across the ecosystem have been working to lessen their reliance on cookies to run their businesses, given the huge importance of mobile traffic (cookies generally do not work in mobile web browsers). Most constituents in the digital ad world are on board with moving toward a more private internet where individual user data is more protected. The hope is to balance this need while maintaining the effectiveness of digital advertising, which is a vital part of so many web companies‘ business models.

The retargeting category may have the most to lose from cookie deprecation. Typically, when a site operator sees someone who abandoned the checkout process, they may retarget that person with messaging that will help complete the sale. That tactic is unlikely to function in the same fashion in a post-cookie world; many companies are exploring ways to continue to deliver ads to potentially interested or recent browsers by targeting aggregate groups over individual web users.

Similarly, third-party cookies are also the primary tool for attribution, which helps advertisers understand what tactics are most effective and helps web publishers get credit for actions that take place on an advertiser‘s site, for example. Without third-party cookies, it‘s likely that advertisers will lose some measurement visibility into the web, which will likely work in favor of search engines and online retailers who have closed-loop reporting.

What it means:

In the short term, the elimination of cookies will make some aspects of advertising on the open web more challenging or limited for marketers.

There is an overarching fear that because giant tech firms like Google, Facebook, Amazon, Pinterest and others have vast pools of first-party data that has been directly shared by millions of consumers, brands will funnel even more of their digital ad budgets to these so-called “walled gardens.”

In response to this fear, the digital publishing industry is working toward numerous solutions aimed at replacing cookies as user identifiers that can be employed to power ad targeting. Among the high-profile initiatives in the works are The Trade Desk-backed UID and similar ID products being developed by companies such as LiveRamp and Neustar.

At the same time, Google has been putting forward its own targeting/measurement solution, FloC, which purports to build “cohorts” of similar-minded/behaving web users via anonymous data from its Chrome browser. The future of digital advertising may indeed hinge on whether the industry continues to push toward a more “one-to-one targeting approach backed by a new identifier or collection of identifiers — or whether it shifts toward a strategy of targeting broader groups using a combination of contextual and AI technologies.

Bottom line:

These walled garden giants not only know the identities of the hundreds of millions of users who log in to their platforms, but they can also track users‘ activity across the web and connect users to their mobile devices. So, while a person may be anonymous on the open web, for example, the walled gardens know that person uses their platforms.

Plus, walled gardens can increasingly accommodate the use of brands‘ own first-party data by offering “clean room” data services. These clean rooms are controlled environments in which marketers can match aggregated walled garden data with their own first-party data without violating user privacy. This allows walled gardens to effectively continue offering online adtech features without third-party cookies. Theoretically, the walled gardens will be able to blend all the best aspects of digital advertising — precise targeting, tracking, measurement, remarketing — without cookies — while publishers on the open web scramble to implement new solutions. In other words, the strong threaten to become much stronger, while the weak face an existential threat to their ability to do business. Thus, the stakes behind the cookie‘s future couldn’t be higher.

Further reading:

WSJ: Google‘s Ad Changes Prompt Big Brands to Revamp Data Strategies

Ad Age: Google Rejects Plan to Replace Third-Party Cookies with Personal Ad IDs

Learn More


What Is First-Party Data?

The information businesses collect when they engage directly with their customers, users or audiences, first-party data has shifted from important to vital within the digital ecosystem.

Read More


What Is FLoC?

For advertisers, FLoC is a sign of how online advertising will change, from one-to-one targeting to aggregate targeting. Publishers wonder if it will be an adequate replacement for third-party data.

Read More



Everything you need to know about two of Google’s proposed solutions to target online ads without third-party cookies and without exposing user-level data.

Read More