Sunsetting of 3rd Party Cookies: Secrets No One Is Telling

So, Google has finally decided to restrict third-party cookies in its browser, Google Chrome. After months of delay, this news was expected. From 4th January onward, 1% of Chrome users won’t get any third-party cookies while browsing.

Will this change the Paid Ads industry as we know it? Will the lack of third-party cookies increase the money you pay for ad conversion? Above all, will the death of 3P cookies break Google Ads as we know it? Let’s explore!

Cookies: What They Are

Have you ever wondered why you don’t need to log into Facebook with your password every time you visit the site? That’s because Facebook places a small text file on your browser the moment you land on the website and log in. This text file contains information that associates your browser with your Facebook account. This kind of code that uniquely identifies you is what we call cookies.

Cookies are small text files that websites that you visit place on your web browser. These text files store various information about the user – eg. whether the user is logged in or not, the products that the user added to the cart, his or her language preference etc.

A cookie file placed by The New York Times looks like this –

You too can see which websites use which cookies. You just have to inspect elements (f12) and search for cookies.

First-Party Cookies Vs. Third-Party Cookies

When the website that you explicitly visit places a cookie on your browser – that’s first-party cookies. Apart from helping you preserve your session info – like whether or not you are logged in, it can also be used to track your behaviour across that specific website. But it can’t be used to track your browsing behaviour elsewhere.

Third-party cookies are set by domains that you have not explicitly visited. For example, suppose you visited Website A, which uses an ad network. Then you visit Website B, which uses the same ad network. Now, website B will be able to leverage your browsing activity on Website A. So, if you look at some nice t-shirts on Website A, you might see ads about those or other t-shirts on Website B.

As you can see, this is a privacy nightmare from a user’s perspective. Ad networks can track the browsing behaviour of a user quite easily with 3rd party cookies. Calls for banning such cookies aren’t new. Browsers like Safari or Firefox already took a strict stance against 3P cookies long ago. Now, Google Chrome is doing the same thing.


The Death of Third-Party Cookies Shakes up the Entire Paid Ads Industry (Or Does It?)

Third-party cookies have been the backbone of Paid Ads for a long time. More specifically, when it comes to targeting, retargeting and identifying last-mile conversions – these cookies helped a lot. 

Think about it –

  • Without third-party cookies, ad networks can’t get the data about the sites you visited earlier.
  • If they don’t get this data, how will they create a profile of your browsing activity?

Secondly, if third-party cookies are blocked, ad networks won’t even know if your potential customer has really bought that pair of Pyjamas or just abandoned the cart.

Things That The Death of 3P Cookies Will Affect:

  • Building browsing profiles of individual users
  • Displaying targeted ads based on that browsing profile
  • Retargeting – and capping the number of times the same ad can be shown to a specific user.
  • Identifying conversions

Hence, ad networks will (theoretically) have to work harder to create a cohort of relevant audiences. This, in turn, will increase the cost of advertising online.

Breaking News: The Blocking of 3P Cookies Will Hardly Affect the Ad World

That’s right. You thought Google would easily give up its most important leverage? There are many reasons why Google has decided to go ahead with blocking 3rd party cookies.

Among the hype surrounding this news, there are some secrets that are getting buried.

Secret 1: Third-Party Scripts Can Still Read First-Party Cookies

Google Chrome – as of now – will only block entities from placing third-party cookies. However, third-party scripts can still read first-party cookies placed by websites.

Let us explain this with an example:

Suppose you visited Facebook. It places a first-party cookie on your browser. Later, you visit a consumer goods website. This website has the Facebook share option. This means that Facebook has its script running on that consumer good website.

So when you visit that website, the Facebook script will see the first-party Facebook cookie that has your information. This script will then tell Facebook – “Hey, this Facebook user has visited this website and browsed these products.”

Now, imagine the same thing with Google.


Most Chrome users remain logged in to their Google account while browsing. So Google already has its first party cookie set.


Now every website or app that uses Google ad network can easily be the home to Google scripts (at least in those websites that do not need to be GDPR compliant). These scripts can then associate the browsing data with the specific user – ofcourse in an anonymised form. You can obviously opt out of this. But most people don’t care about opting out.

However, ad platforms can’t depend on this ‘workaround’. Most browsers, these days, limit access to first party cookies to protect user data.


Secret 2: Google Already Has a (Legal, Not Sneaky) Alternative

Google Chrome has come up with a new standard that would render processing user data on their server irrelevant. The data processing will now happen in the users’ browsers. This new paradigm is termed a Protected Audience or Privacy Sandbox. (Some data processing might happen on the server. But the sensitive ones will happen on the users’ browsers)

Here’s a simple explanation of how the Protected Audience API works.

  • Demand-side platforms like Google Ads (websites or companies that want to promote their services or products) create an Interest Group – an audience cohort – in the user’s browsers. For example, a DSP like Google Ads can ask the user’s browser to create an Interest Group titled – Cycling Enthusiasts. Criteria for asking the browser to enrol into this Interest Group can be – age between 20 and 40, frequent visits to bicycle-related blogs, etc. This criterion remains encrypted. Even a DSP can’t see which browser.
  • Later, when you or I bid for an ad, we can use this Interest Group to target the most appropriate audience that we want to show our ads to.

Long Story Short: Despite the sunsetting of third-party cookies, ad targeting won’t be affected. But Programmatic Advertisers Are In Danger

As mentioned, there are ways to still display target ads and allow retargeting campaigns in a fairly accurate manner. However, non-Google advertisers – especially third-party data collectors and programmatic ad companies are in danger. Google will still be getting user info one way or the other. However, these programmatic ad tech companies needed third-party cookies to function efficiently. How they maintain their leverage will be a thing to see.


This Content Has Been Written By a Human Being
No AI Used

This Content Has Been Written By a Human Being
No AI Used!