Upcoming Changes to Browser Cookies and Privacy

Alain Schlesser 7 min read

Web browsers, particularly those based on the Chromium engine, are heading towards more stringent privacy controls. These changes center around the deprecation of third-party cookies (3PC). 

As privacy concerns have mounted, browser developers have sought to provide users with greater control over their data. For businesses, this shift requires understanding the implications and adapting strategies accordingly.

What are Third-Party Cookies and When Are They Being Phased Out?

Third-party cookies are a browser-based storage mechanism used for various on-site functionalities, such as enabling logins across multiple domains and embedding third-party services like videos or live chats. They are also at the heart of the ad-based revenue models that power the open web.

However, starting in Q1 2024, Chromium-based browsers will begin to block third-party cookies in an incremental manner, commencing with 1% of all global web traffic.

A timeline showing the planned deprecated of third-party cookies, with 1% of all traffic starting in Q1 and all third-party cookies gone by Q3.

The Impact of Third-Party Cookie Deprecation on Businesses

The deprecation of third-party cookies and the side effect of partitioning all storage access can have significant impacts on businesses. Here’s what to expect:

Impact on Advertising and Marketing

Advertisers will experience a reduction in targeting capabilities, bringing new challenges in audience segmentation. This will be accompanied by a shift towards contextual advertising that relies on data-rich platforms, higher acquisition costs, and complexities in ad verification. 

Publishers face declining ad revenue due to less effective targeting. This is supported by a large-scale survey by the UK’s Competition and Markets Authority, which estimates a 70% decrease in short-run publisher revenue due to blocked third-party cookies. 

Three mobile devices and a padlock, representing user data privacy

Operational and Technological Adaptations

As data privacy compliance takes a more streamlined approach, and alternatives to cookies become more prevalent, there will now be an ongoing requirement to prioritize heightened data security measures. This means businesses will need to invest in adopting new technologies and methodologies. 

There will also be a significant shift in the importance of first-party data, meaning businesses will have to actively cultivate direct customer relationships, reevaluate and potentially modify collaborations with third-party vendors and advertising networks, and adapt strategies to meet shifting consumer data privacy expectations.

A magnifying glass over a browser and a downwards arrow, showing that the amount we can ascertain from a user's data is diminishing

Changes in Data Analytics and Insights

Website managers will see a reduction in the level of detailed analytics available, due to the current reliance on aggregated data. This shift has implications for cross-site tracking, impacting attribution modeling and the comprehension of customer behavior patterns across various platforms. 

One of the consequences of this change is the restriction in tailoring content, which extends to personalized recommendations that can no longer be finely tuned to individual users’ preferences and interests.

A file surroudned by icons that represent some of the ways we can mitigate the effects of the cookie deprecation. A cookie icon, a code snippet, a typography icon, and a favorite icon.

Potential Solutions and Mitigations

Avoiding third-party cookies on your sites and applications are crucial to respecting user privacy and complying with data protection regulations. The technical implications of doing so, however, can be quite complex. Here is a non-exhaustive list of techniques that help to avoid third-party cookies:

Local Resource Handling

  • Local Hosting: Host resources like fonts, scripts, and images locally instead of using third-party CDNs that might set cookies.
  • Server-Side Tracking: For tracking and analytics, consider server-side tracking as an alternative to relying on third-party cookies.

Cookie Management

  • Use First-party Cookies: If possible, use first-party cookies instead of third-party cookies for functionalities like tracking and personalization.
  • Disable Third-party Cookies in Tag Manager: If you use a tag manager, make sure to disable third-party cookies in its settings.
  • Use Cookie-Free Services: Switch to using third-party services that explicitly state they do not use cookies.
  • Consent Management Platforms (CMP): Use a Consent Management Platform to give users control over which third-party services, if any, can set cookies.
  • Leverage Client-side Storage: Use client-side storage options like LocalStorage or IndexedDB, where appropriate, instead of cookies.
A key going into a lock with a code snippet in the middle

Analytics & Tracking Alternatives

  • Switch to Privacy-friendly Analytics: Use privacy-centric analytics services that do not rely on third-party cookies, such as Plausible, Fathom, or Parse.ly.
  • Update Third-party Scripts: Regularly update third-party scripts and ensure they conform to the latest best practices regarding cookies.
  • Avoid Ad Networks That Use Third-party Cookies: If your site uses advertising, choose ad networks that don’t rely on third-party cookies for ad targeting.
  • Use the Privacy Sandbox: Explore new technologies like Google’s Privacy Sandbox, which aims to provide a privacy-centric alternative to third-party cookies for ad targeting.

Security & Code Management

  • Use Content Security Policy (CSP): Implement a Content Security Policy header to restrict the sources from which content can be loaded, effectively blocking third-party cookies from unwanted sources.
  • Use Proxies: For certain services, a server-side proxy can be used to interact with the third-party service, preventing the service from directly setting cookies in the user’s browser.
  • Educate and Train: Educate and train your development team on the importance of privacy and the avoidance of third-party cookies.
  • Remove Unnecessary Plugins/Widgets: Remove unnecessary third-party plugins, widgets, or integrations that may be setting third-party cookies.
  • Subresource Integrity (SRI): Utilize SRI to ensure that the third-party content loaded on your website has not been altered, which could lead to unwanted third-party cookies.

Remember that the avoidance of third-party cookies should be part of a broader privacy strategy that respects user consent and complies with data protection regulations.

A magnifying glass looking at a webpage

How XWP Can Assist: Privacy Audits

XWP offers a specialized Privacy Audit service to help businesses assess the situation and get advice on how to mitigate potential impacts. 

The Audit delivers a concise, tailored analysis of website cookie usage, assessing third-party cookie deprecation impact, and providing expert guidance for balancing functionality and user privacy.

Our partners will benefit from unparalleled insights and expertise in the privacy domain, receiving a detailed report covering cookie analysis, business processes, and components, use case analysis, impact breakdown, technical recommendations, an implementation roadmap, and ongoing monitoring and support recommendations.

The Privacy Audit delivers significant value, equipping clients with actionable strategies to safeguard their website’s privacy management. It serves as a crucial step in securing long-term success and proactive mitigation in the ever-changing digital landscape—whether clients choose to engage XWP for follow-up work or implement changes independently.

Alain Schlesser, Andrey Lipattsev, Rowan Merewood and Andreea Cucu speaking about Privacy at Google I/O Connect

XWP’s Partnership with Google

Our direct partnership with Google provides us with access to internal Google teams and early access to critical information. This enables us to offer in-depth insights into the changes and their ramifications, as well as tailored strategies for mitigation.

Our team has accumulated significant expertise in this field and has partnered with Google at conferences and online to provide educational material for developers and businesses alike. If you have a question for which we don’t have an immediate answer, we have the resources and connections to thoroughly research the issue and get to the bottom of it.

Conclusion

  • As the digital landscape evolves in response to mounting privacy concerns, businesses face an inevitable shift with the deprecation of third-party cookies. 
  • The challenges are significant, yet so are the opportunities to adapt and innovate. 
  • By understanding the impact of these changes, strategically implementing privacy-friendly alternatives, and fostering direct customer relationships, businesses can navigate this transition effectively. 
  • XWP – through its specialized Privacy Audit service and its partnership with Google – is ready and prepared to equip businesses with insights and strategies to manage this transformation proactively, ensuring they remain competitive while respecting user privacy in this new era.

Schedule a Call

Schedule a call with our team and discover how your website can become your most powerful asset.

Contact us