One of the most significant news regarding cookies is yet to come. At the second anniversary of the entering into force of the GDPR, even before the ePrivacy Directive (Directive 2002/58/EC) had been updated, some big technology companies announced their intention to phase-out third party cookies from their websites. Their intention is to anticipate the foreseen amendments to the ePrivacy Directive. For many years, third-party cookies have been the cornerstone of internet advertising, especially in behavioural and retargeting ad strategies. However, as already highlighted in our article, this era seems to be over. Nevertheless, the decision of the big technology companies to phase-out third-party cookies from their browsers has generated serious concerns among all the stakeholders involved in the digital advertising supply chain (such as agencies, advertisers, publishers, etc.), which will be the most affected by this remarkable change.
The Guide underlines that most of the actual marketing campaigns will need to change and adopt new approaches, due to the fact that the “crumble” of third-party cookies will impact the most common online advertising features applied in ad campaigns. In particular:
- audience targeting will no longer be able to rely on third-party data’s usage;
- frequency capping - being largely based on third-party cookies ̶ will became unavailable in its actual form;
- retargeting and other creative targeting forms will become impractical;
- data management platforms will no longer be able to create identity linkages as they do today;
- last or multi-touch attribution will be impossible.
With regards to the current available alternatives, the IAB has identified the following:
- use of identity solutions, i.e. working with CMR data, emails or MAIDs (Mobile Advertising IDs);
- use of other advertising data to make targeting decisions, such as consumers’ engagement;
- use of contextual intelligence, which exploit only information about the content of the page.
Furthermore, the Guide addresses other several interesting questions, such as:
- the factors that contributed to the depletion of third-party cookies, which mainly include 1) the development of privacy and data protection legal frameworks requiring consent for online tracking, both in Europe (ePrivacy Directive and GDPR) and USA (California Consumer Privacy Act, CCPA); 2) the strengthening of browser gatekeeping initiatives ̶ i.e. privacy protections in internet surfing ̶ by tech companies (e.g. the “Privacy Sandbox” of Google or the “Intelligent Tracking Prevention” (ITP) functionality of Apple); 3) the enhancement of ad and tracking script blocking extensions on browsers (e.g. Mozilla’s Firefox “Enhanced Tracking Protection”);
- the impact on stakeholders’ usage of proprietary platforms, that, in an ecosystem without third-party cookies, will be able to offer targeting advertising solely on the base of first-party data;
- the consequences of third-party cookies depletion on ad verification (used to detect fraud, deliver brand safety or measure viewability) and measurement (used to identify exposure to advertising online) practices, which would no longer be based on third-party cookies.
From the Guide it is clear that, despite the wide range of potential solutions the businesses will be able to use to replace third-party cookies for online advertising, it will be essential for each company to carefully evaluate which is the best solution that suits its particular needs.
In any event, these tracking technologies will most likely fall under the ePrivacy Directive, which will soon be repealed by the ePrivacy Regulation (currently under discussion within the Council of the European Union). The European legislator is, therefore, required to provide indications that take into account the status of development of the ad strategies, in order to ensure that the-yet-to-come ePrivacy Regulation is not outdated before becoming effective.