Unless you’ve been living under a rock for most of the internet age, you’re at least somewhat familiar with “cookies” and their function as a sort of digital token associated with you and your actions. You may also have heard the term “cookieless,” which has taken hold more recently as concerns about privacy and security gain traction with consumers. And while you might venture a guess at what “cookieless” means (no more cookies?), the implications are more nuanced than the simplicity of the name implies. Let’s talk about what cookieless means, for businesses and users.
WHAT IS A COOKIE?
Before talking about cookieless, we need to level-set on what cookies are. Cookies track your actions across the internet with the aim of enhancing (depending on your definition of “enhance”) your experience. By associating users with a digital code, brands, marketers, and businesses of all sorts can get a clearer view into the paths people take to find their products and services, as well as a more well-rounded view of the individuals who buy from them. That enables them to target their messaging to the right people in the right way.
Cookies are the reason you’ll look at a raincoat on a website today and spend the next month seeing that same coat in ads on every other website you visit. That feeling of being haunted is why the general public aren’t fans of cookies. But cookies are also the reason your frequently-visited pages load quickly, and why form information you submit can be easily inserted instead of manually duplicating your efforts every time. Cookies help businesses sell, but they help consumers, too.
Still, advocates for consumer privacy and protection make a compelling case that the costs of cookies outweigh the benefits for the masses. But as noted above, not all cookies are the same. Let’s talk about the differences between first- and third-party cookies.
FIRST-PARTY VERSUS THIRD-PARTY COOKIES
It’s easy to get lost in the weeds when it comes to cookies and their applications, so I’ll keep it simple:
• First-party cookies are stored directly by the website or domain you visit. That means when you log into your Netflix account, there’s a direct connection between you and Netflix enabling the cookies. First-party cookies tend to be most helpful to users.
• Third-party cookies are set by a website other than the one you’re on. A Facebook “Like” button on a recipe blog, for instance, creates a cookie that would identify your behaviors and actions to Facebook, even though you didn’t directly connect with them. Third-party cookies tend to benefit marketers.
Third-party cookies are the primary targets of the General Data Protection Regulation (GDPR) and other policy changes at present, since they’re largely the type used for cross-site tracking. First-party cookies tend to fall more into the category of remembering your language preferences or geographic region. What this means, of course, is that digital marketers and brands face a more challenging future.
Governments and governing bodies have started to err on the side of consumer protection, and new regulatory measures are now being established. The much-vaunted GDPR policy out of the EU is maybe the best-known example of a regulatory effort to tackle the challenges cookies present, but it is by no means the only one. Earlier this year, Apple switched to opt-in defaults for information sharing with apps running on their iOS systems, and Chrome will be implementing advanced cookie-blocking mechanisms in the future. Sooner or later (and increasingly it looks like sooner), businesses will need to figure out how to grapple with this new, cookie-averse standard.
Cookies aren’t perfect, but businesses have grown extremely dependent on the data insights and market advantages they can offer. So what will the so-called “death of cookies” mean for businesses?
A COOKIE-LESS FUTURE?
Already, online experiences have exploded with disclaimers about cookie usage, but that’s just the beginning. Expect those disclaimers to get more granular in the future, with greater clarity about what kinds of cookies are in use when you visit a business’ site.
Ultimately, the sweeping changes to cookie policies and implementations mean that businesses will need to rely more on first-party cookies for data. That will bring changes to the user experience, like an increased focus on logging in, signing up, or otherwise granting permission to the host to make a direct and ongoing connection to the user.
There are also other systems in development—ones that use anonymized data to greater effect, allowing them to circumvent some of the policies as currently written—but it will likely be some time before there’s a stable understanding of what is and isn’t permissible when it comes to data tracking on the web.
The heart of the discussion around cookies is data. Data’s ascent in the past decade has created a drive for brands to gather as much information as possible, and as consumers grow more aware, they grow more wary. As with almost all things, it will take time to find an equilibrium.
Data is necessary for creating the experiences that users have come to know and love. It’s also necessary for building a more inclusive future through adaptive experiences that will open doors for countless people. But those benefits aren’t carte blanche for information collection, and businesses will need to find ways to collect the information they need without compromising the privacy and safety of their users. Anonymized and first-party data will both play significant roles going forward, giving users protections against bad actors and the power to take their information into their own hands.