Blog post

Introduction to Digital Advertising on Preparing for the Post-Cookie World: Part 1

Editor’s Note: This blog post was originally published in September 2021, courtesy of the Association of National Advertisers. It is reused with permission.

– PART I –

Five-part series preview

In an age of constant change in digital advertising, a constant question lingers in the minds of advertisers: What do we do after third-party cookies are gone? The digital marketing ecosystem is built on the ability to track and target consumers as they browse websites, apps, and online platforms. This is facilitated by third-party cookies – small digital files that websites download to a user’s device to help identify the user as they interact with a website and browse the Internet. In two years time, the third-party cookie will likely be obsolete, and with it, the third-party consumer behavior-based digital advertising model that depends on it.

Due to a confluence of new data privacy laws and ad technology standards, the cookie, particularly the third-party cookie, is expected to be phased out by the end of 2023. The questions advertisers are properly asking now are: what will replace the third-party cookie, and how should they best position themselves to market brands in the post-third-party cookie world? The good news is that alternative data solutions are already in development and the picture of what the post-“cookie-pocalypse” landscape of digital advertising might look like is starting to take shape.

This five-part series begins below with a brief overview of cookies before focusing on the third-party cookie in particular, including its many use cases and role in today’s digital advertising ecosystem. Part Two examines the many foreign and U.S. privacy laws and regulations that govern – and to some extent limit – the ability of businesses to use third-party cookies to collect, track, and share personal information from consumers to. for advertising purposes. The third part provides a summary of the phase-out of major third-party cookie technologies; updates to Google’s Privacy Sandbox, a protected test environment used to determine how to perform ad targeting, fraud measurement and prevention without third-party cookies, and Apple’s SKAd network, the company’s alternative to advertisers attribute impressions and clicks to installs on iOS apps launched in connection with its new iOS 14.5 App Tracking Transparency (ATT) privacy feature. Part Four will look at industry-wide post-cookie trends, focusing on the evolution towards the development and cultivation of first-party consumer data strategies, the various alternative identification solutions. emerging and contextual models based on advertising. Finally, Part Five will conclude with the key takeaways and best practices that advertisers should consider as early as possible to begin preparing for the inevitable transition from a framework based on tracking and targeting consumers to this. who might follow.

What are third-party cookies and why are they important

Cookies are small text files stored on a user’s computer or mobile device generated by a website through users’ browsers when they visit a website. Websites use cookies for many purposes. At the most basic level, cookies help improve or simplify a user’s web experience by allowing web servers to track user activity on the site. For example, websites use cookies to identify users, remember the user’s language preferences and passwords, and store user information from page to page while browsing. Cookies can also be used by a third party, i.e. a website other than the one visited by the user, to enable behavioral or targeted advertising online.

There are a wide variety of cookies, and they can be broken down and set along many different lines. But for the purposes of this introduction, OneTrust provides a useful breakdown of cookies into three general categories: lifetime, purpose, and domain:

  • Lifespan: As its name suggests, these cookies activate their temporal use. Session or temporary cookies are only active when the browser is open and disappear when the user closes the browser, while persistent cookies remain on the user’s device for a defined period and are used to remember information. such as settings, preferences and login information.
  • Purpose: There are four basic categories of use case cookies:
  • Strictly necessary or essential, which are used to provide basic functions on the website and without which the website would not work as intended.
  • Performance or Static, which collects information about how users navigate a website, such as pages visited and clicks. Think about analytical cookies, which are generally aggregated and do not identify individuals.
  • Functional or Preference, which allows websites to track and “remember” a user’s past preferences and choices on the website to provide a more personalized experience, eg username, password or connection, region and language.
  • Targeting or tracking, which is used to manage the performance and display of advertisements and to create user profiles.
  • Domain: first-party cookies versus third-party cookies, i.e. the entity that stores the cookie on the device:
  • First-party cookies are set by the web server of the page visited and share the same domain.
  • Third-party cookies are set by a domain other than the visited website.

First-party cookies allow websites that collect analytical data, among other things, to provide a deeper understanding of user habits while helping to provide a better user experience. These cookies cannot be used to track user activity anywhere other than the originating website that set the cookie. Third-party cookies, on the other hand, are used by social media platforms, advertisers, and ad technology companies to track user online behavior and deliver personalized or targeted advertising. Types of third-party cookies include advertising, tracking and targeting cookies, which are specifically designed to create user profiles for website visitors. Tracking cookies collect data ranging from geographic location to browsing history and purchasing trends and can track a user across multiple websites or platforms.

Third-party cookies have been a mainstay of digital marketing for over 20 years, and over time advertisers have developed various ways to exploit them in advertising campaigns. It’s important to recap these use cases to understand the functionality brands can lose when they can no longer rely on third-party cookies to fuel their online advertising strategies. For example, it is the third-party cookie – after assignment to a user’s browser – that enables a number of key programmatic advertising tools, such as the use of software and algorithms to automate the buy / sell. ads and feed the auctions in real time. . The use cases of third-party cookies for digital advertising can be classified into the following categories:

  • Identification: This is one of the most common uses of third-party cookies. Adtech platforms such as supply-side and demand-side platforms use third-party cookies to identify users on the web. The cookies are then used for behavioral targeting and retargeting once an advertising platform can identify users, showing them personalized advertisements based on their behavior and interests.
  • Limiting the number of exposures: This practice identifies whether a user that a business is trying to reach has seen a given ad a specific number of times in order to limit the number of times the user sees the same ad.
  • Measure performance and attribution: Third-party cookies can also help measure campaign performance and execute attribution, allowing advertisers to understand which action was responsible for the conversion and which ads were clicked, were seen and led to the purchase.
  • Audience Activation: This use case allows advertisers to use Data Management Platforms (DMP) to take advantage of cookie sync (see below), to build audiences and target them to different Web sites.
  • Cookie synchronization (aka cookie matching): This use case underpins many of the above use cases, for example, enabling audience, and essentially means matching cookies that were created by different players in the digital advertising ecosystem, such as DSPs, SSPs and DMPs, in a single cookie ID to theoretically identify the same user (“theoretically” because the synchronization of cookies and tables have their limits and are far from a perfect match).

Many of these use cases are part of most digital advertising campaigns today. This is probably why the end of third-party cookies, and what to do after they disappear, has become such a big deal for digital advertising. Brands may still be able to perform a combination of targeting, measurement and attribution without third-party cookies, especially with some of the potential solutions that we’ll discuss in detail later in this series, but the main difference will be in the ‘ladder. Simply put, advertisers may not achieve the same scale in terms of targeting ads and measuring their performance across different websites without third-party cookies, and this likely reality should inform every brand’s post-cookie strategy.

Stay tuned for our next article, in which we’ll discuss privacy laws and regulations, such as GDPR and CCPA, that govern and limit the ability of businesses to collect, track and share consumers’ personal information. for advertising purposes. These laws are not only relevant to how businesses should run their digital advertising campaigns now, but are ultimately part of the driving force behind the industry moving away from a third-party cookie-centric model.