Future of third-party cookies: advanced store looks optimistically into the unknown

UPDATE (09.06.2023)

Google will enormously restrict the possibilities of third-party tracking in the coming year. Advertisers will therefore have to look for new ways to target users for whom their products or services are relevant. As Internet users' privacy becomes more of a focus, targeting options will also change dramatically.

Google has therefore been working on an alternative to cookie tracking for a long time. With the following Chrome update in July, the Privacy Sandbox can now be tested in general by website operators. Since Google doesn't plan to make any more changes to the API interfaces until third-party cookies are discontinued, developers should start using them now to run scaled live tests.

To highlight the focus on user privacy, Google has also renamed the FLEDGE API to the Protected Audience API. This API allows for audience segments to be created and website visitors to be assigned to specific segments in order to display interest-based advertising to them. If the advertising solution provider has other websites in its partner network that relate to the same segment, it can also add the visitors of these websites to this segment. The assignment of users to the target group segments remains on the device, thus protecting the privacy of the users. Cross-location tracking is thus restricted.

UPDATE (20.05.2023)

Google certifies TCF 2.2 Consent Banner

With the certification of the TCF 2.2 Consent Banner, Google takes another step towards a more transparent and privacy-focused digital advertising ecosystem where users have more control over their data. The certified Consent Banner includes information about the types of data that are collected and processed, as well as the purposes and parties involved. Website operators who want to use Google's advertising systems must thus obtain users' consent for the processing of their personal data.

UPDATE (21.09.2022)

Google sticks to cookie deactivation

During DMEXCO in Cologne, Google manager Matt Brittin announced that Google would start deactivating third-party cookies as planned in the second half of 2024. There is still no replacement solution, and there were also protests from many sides against the abolition of cookies, so that their end was postponed to 2024.

However, personalized advertising will still exist in the future. Google is working on a solution that does justice to both user data protection and the advertising companies. With "Topics," users will be able to determine for themselves which topics are of interest to them and for which they accept advertising.

UPDATE (28.07.2022)

Google defers disabling third-party cookies until 2024

Google today said it will extend the testing period for its Privacy Sandbox APIs. This means that the elimination of third-party cookies in Chrome will be postponed for the time being. The company is still looking for a way to balance user privacy with the interests of businesses online. More time is needed "to assess and test the new privacy sandbox technologies before eliminating third-party cookies in Chrome," according to the Google blog. Accordingly, the deactivation of these cookies should start in the 2nd half of 2024 at the earliest.

UPDATE (28.03.2022)

Trans-Atlantic Data Privacy Framework: Data flow between EU and US soon possible again?

After the European Court of Justice ruled in 2020 that the former Privacy Shield on data protection between the EU and the U.S. was insufficient, it was often no longer possible to use online offers from the U.S. without restrictions for data protection reasons. This affected online trade between the two continents, as companies were not allowed to store the data of Europeans in the USA. This could now soon come to an end. US President Joe Biden and EU Commission President Ursula von der Leyen announced the introduction of a Trans-Atlantic Data Privacy Framework. This is intended to allow the flow of data between the two continents once again. On the one hand, the United States commits to implementing new safeguards to ensure that personal data of EU citizens cannot be read by intelligence agencies unless it is necessary and proportionate to protect national security. In addition, EU citizens will be able to seek redress if they believe they are being unlawfully targeted for intelligence activities, according to a White House statement.

What does this mean for advanced store?

As it stands, our ability to serve ads outside of Europe is limited because there is no regulation between the EU and the US. For example, we cannot use DSPs or SSPs with some advertisers that do not host their data within the EU. In addition, the bureaucracy involved in working with non-EU advertisers is enormous. This means less sales for us and therefore less revenue for us.

That's why we have high hopes for a new edition of a Trans-Atlantic Data Protection Framework. "The Trans-Atlantic Data Privacy Framework is a liberating blow for the European Digital Economy. The current status was characterized by uncertainty and a step backwards for the free Internet, said advanced store CEO Marc Majewski. "We are convinced that the new regulation now accommodates all stakeholders and will be sustainable for the longer term in the future."

UPDATE (02/10/2022)

IAB TCF without legal basis?

The Belgian Data Protection Authority (APD) apparently classifies the Transparency Consent Framework of IAB Europe as insufficient in terms of the GDPR. Because the existing cookie consent banners do not sufficiently inform users about the use of their data and are not transparent enough, the IAB must improve the TCF. It now has two months to do so.

In its decision, APD judges the IAB Europe to be responsible for the registration and co-responsible for the dissemination of TC Strings (digital signals with user preferences) as well as for the subsequent processing of personal data within the TCF. In a factsheet, the IAB comments on the decision of the data protection authority, against which it now intends to take action.

UPDATE (01/25/2022)

Byebye FLoC, hello Topics

While last year FLoC - a method of storing user behavior in the browser and forming interest groups with similar browser data - was the big thing as a replacement for third-party cookies, Google has now said goodbye to this approach. Instead, the focus is now on developing the Topics API.

As the name suggests, Google uses browsing history to evaluate the topics that seem to be of particular interest to the user. Based on this, the user then receives suggestions and can select topics on which he or she would like to see advertising. All this happens only in the browser of the respective end device, so that the user would have the option to choose different areas of interest on each device. The selection is saved for three weeks. The user can view and edit the selected topics via the browser settings. If he does not select anything, he will be shown random ads.

Original post

A spectre is haunting the industry, the evil word "cookiecalypse" keeps popping up. The end of third-party cookies seems inevitable. But it will not come as quickly as initially feared. This gives the industry time to rethink old strategies and develop new ones.

There will be a streamlining of existing technologies and it will open the way for new ones. It is even possible that the end of third-party cookie tracking will be reconsidered, because there is definitely resistance to it. The last word has not yet been spoken in this matter. Therefore, advanced store is optimistic about the future of tracking, because even without third-party cookies, there will still be opportunities to target users with advertising and to deliver campaigns efficiently.

It is true that advertisers are dependent on "global players" like Google. Overall, however, the advertising sector is only one part of the online business. Work is already underway on a wide variety of data protection-compliant solutions for the time after the "cookiecalypse". To paraphrase the words of German chancellor candidate Annalena Baerbock: bans can also be drivers of innovation. A ban on third-party cookie tracking will inevitably lead to the industry having to develop other ways to best reach users and track transactions.

However, we are faced with two problems that need to be approached differently: How do we reach the appropriate target group (audience targeting) and how do we measure the resulting conversions? There are already various solutions for both questions.

Evolution towards more cookie control

There was already a lot of excitement in the run-up to the introduction of TCF 2.0, but the implementation succeeded. advanced store is a recognised "IAB registered vendor" of the framework and supports the standardised solution for processing GDPR-compliant data consent. The IAB Europe is now tightening its measures to control compliance with the TCF agreements. Repeated violations threaten exclusion from the framework.

So now third-party cookies are no longer to be accepted by browsers in order to use, among other things, users' view data for conversion purposes. Google is already working on a solution with the "Privacy Sandbox": "The Privacy Sandbox initiative is developing innovative, privacy-centric alternatives for key online business needs, including serving relevant ads," it says on the Privacy Sandbox website. At Google, they are certain that "relevant advertising and monetisation do not have to be sacrificed in favour of a private and safe web browsing experience". However, the introduction of the Privacy Sandbox has meanwhile been pushed back further. Originally announced for 2022, the end of third-party cookies is now set to be heralded in mid-2023 and will be completed by the end of 2023 after a three-month transition period. "For Chrome specifically, our goal is to have the key technologies ready by the end of 2022 so that the developer:inside community can adopt them then. [...] Chrome could then phase out third-party cookies over a three-month period - mid to late 2023," the Google blog outlook said.

Until major market players like Google provide alternatives, Chrome will continue to allow third-party cookies - as can be seen from the recent deadline shift and the various solutions being pursued by the Web Incubator Community Group (WICG).

Proposed solutions (Google) under development:

• FLoC: Federated Learning of Cohorts enables user behaviour to be evaluated by the browser and matched against similar browser data. The data is processed internally on the device and is not passed on to third parties.
• Fledge: The user's browser combines interest group data with ad buyer and seller data and business logic to conduct an "auction" to select an ad. This ad auction takes place locally on the user's device rather than sharing data with a third party.
• First-party sets: Third-party domains allowed by the site operator are treated as first-party.
• Conversion Measurement API / Attribution Reporting API: Development of APIs for measuring click and view events.

When it comes to measuring view and click data, Google is relying on "privacy-focused techniques" such as aggregating information, adding noise and limiting the amount of data when creating the Chrome Conversion API, according to the Google blog. "In the coming months, Google Ads teams will continue to explore how the planned conversion measurement APIs can be used in conjunction with Google's measurement products to support use cases such as reporting view-through conversions, determining incrementality and reach, and attribution."

The most promising development currently, in our view, is that of conversion measurement API and first-party sets. But here, too, an agreement on a uniform standard of the various browser providers is necessary in order not to rely on isolated solutions.

More market power for Google?

It may come down to a central first-party data strategy solution from Google and its countless services. Google could also win the race in international competition in the measurement of views and clicks with its Chrome Conversion API. However, this would essentially contradict what the EU data protectionists actually want to achieve, as it would give the US corporation the greatest power over the data and its processing. After all, the purpose behind all measures is to protect the user's personal data.

But therein also lies the opportunity to improve the quality of the data collected. If only those users who are willing to receive offers tailored to their interests agree, the likelihood that they will also make a purchase increases. "Black sheep" in the industry who do not want to protect user data would gradually disappear. So instead of banning cookies completely, they could be made more controllable and "white lists" could be created for reputable providers.

"Advertising has always existed and will always exist. The (data protection) regulations separate the wheat from the chaff. Black sheep' in the industry will have a harder time, quality providers will prevail" (advanced store CTO Fabian Hübner).

advanced store is therefore relatively relaxed about the change that will inevitably come. For the time being, there will be no complete shutdown of third-party cookies, so there is still enough time to develop solutions that satisfy both data protection and the interests of advertisers.

Related links to the topic:

Google Privacy Sandbox: https://privacysandbox.com/

Google Blog: https://blog.google/intl/de-de/

IAB Europe: https://iabeurope.eu/

TCF 2.0: https://iabeurope.eu/tcf-2-0/