Person smiling at a computer holding coffee

Adjusting to Cookieless Advertising—What You Need to Know

After much ado, cookie deprecation is finally in full swing, putting advertisers and publishers in a tricky spot.

But what, exactly, does third-party cookie deprecation mean for the industry?

What sort of cookie deprecation timeline are we looking at?

What do cookieless marketing and cookieless advertising look like?

The landscape continues to evolve, but we have some answers for the here and now. And Zeta is prepared to help marketers drive even better results in a cookieless future.

Differentiating between types of cookies

First things first — not all cookies are going away. It’s only third-party cookies that are deprecating.

A cookie is a snippet of data from a website or technology vendor that is stored within a web browser and contains a user ID. These IDs are attached to individuals’ devices as they use the internet, which allows marketing/advertising platforms and content servers to serve personalized content and ads to each website visitor.

Cookies also serve as instrumental linkages in identity graphs that power people-based marketing strategies.

But there are two distinct types of cookies:

  • First-Party Cookie: The first-party cookie is created and stored by the site you are currently visiting. It allows the website owner to collect analytics data, remember language settings, and provide personalized settings that create a better user experience. 
  • Third-Party Cookie (3PC): The third-party cookie is created by sites other than the one you are currently visiting. For example, if you visit a website with an ad from another company, that ad can place a third-party cookie on your browser. This cookie tracks your activity across different websites, building a profile of your interests. These third-party cookies can be used for retargeting, frequency capping, and multi-touch attribution.

Due to privacy concerns, shifting consumer preferences, and increasing industry regulations, browsers are sunsetting third-party cookies — but first-party cookies are still alive and well.

The cookie deprecation timeline

We’ve been hearing about it for years, but where do we stand now? And what should marketers and advertisers expect when it comes to cookieless advertising in the near future? Here are some of the actions various browsers, operating systems, and device makers have taken in the last few years — and where they’re going next.

Google Chrome, Android

  • February 2020: Google begins hinting at a plan for Chrome to block the third-party cookies.
  • July 2023: Google reports it will gradually begin enabling the Privacy Sandbox toolkit for Chrome developers, which will replace third-party tracking cookies with privacy-preserving API alternatives.
  • January 2024: Google migrated 1% of Chrome users (30 million people) to the Privacy Sandbox.
  • Q2 2024: Google announced an unspecified delay migrating 100% of Chrome users to the Privacy Sandbox and disabling all third-party cookies to accommodate ongoing industry challenges and to give the UK’s CMA sufficient time for testing.

Mozilla Firefox                      

  • November 2015: Firefox first begins blocking tracking with the release of Tracking Protection, a feature people could turn on by using Private Browsing mode.
  • October 2018: Firefox introduces Enhanced Tracking Protection, allowing users to activate it in regular browsing.
  • September 2019: Firefox turns on Enhanced Tracking Protection by default for all Firefox users, reflecting their commitment to actively protect users.
  • January 2020: Firefox starts blocking fingerprinting scripts by default to protect users from invasive online tracking.
  • January 2021: Firefox implements a supercookies protection feature. Supercookies hide in different parts of a web browser and can continue to track users online even after they have cleared their cookies.
  • April 2023: Firefox rolls out Total Cookie Protection, which confines cookies to the site on which they were created.

Apple, iOS, iPhone, Safari

  • March 2020: Apple added Intelligent Tracking Prevention enhancements to iOS and iPadOS 13.4 and Safari 13.1, which blocked the use of all third-party cookies.
  • April 2021: With the iOS 14.5 update, apps were forced to ask permission to track users. If users opt out, Apple won’t share their IDFA (identifier for advertisers).
  • December 2021: Apple expands privacy protections with the iOS 15, iPadOS 15 and macOS Monterey update, which enables users to opt-in to Private Relay, an always-on VPN-like service which hides IP and location data.
  • June 2023: Apple introduce Advanced Tracking and Fingerprinting Protection, which strips “tracking parameters” from URLs in an effort to further eliminate tracking loopholes.             

Major players involved in the phase-out of third-party cookies

There are three primary groups of players when it comes to cookie deprecation:

  1. Data protection authorities representing consumers
  2. Tech companies
  3. Marketers, advertisers, and publishers

Data protection authorities and regulators

In response to privacy concerns, various legislative bodies around the world have enacted regulations to protect consumer data, such as:

  • The European Union’s General Data Protection Regulation (GDPR)
  • The American Data Privacy Protection Act (ADPPA)
  • The California Consumer Privacy Act (CCPA)

These regulations have forced websites to be more transparent about their data collection practices and to give users more control over their personal information. Other states like Colorado, Connecticut, Utah and Virginia also have similar legislation in place.

Regulators have been particularly scrutinizing walled gardens for unfair business practices and abuse of market dominance. As Suzie Stultz of AdMonsters explains:

“Thanks to their dominance, Google, Meta, and Amazon will continue to attract the lion’s share of the advertiser’s budget. Over the next few years, they will account for 83% of global digital advertising revenue. Regulators across the globe are doing all they can to stop the dominance, of course, but Big Tech shows no sign of going down without a fight.”

Tech companies                                             

Speaking of Big Tech, Google is the largest provider of online ads, followed by Meta and Amazon. Other major players include Apple/Safari/iOS and Mozilla/Firefox. Regulators, marketers, and consumers all dislike various aspects of these walled gardens — specifically lack of transparency and privacy concerns.

While Google’s cookie deprecation efforts may appear to be a magnanimous fix to privacy concerns, regulators around the world are scrutinizing Google’s actions as potential “privacy fixing”. It’s important to ask how these actions will impact the company’s already dominant position in digital advertising.

For example, Google may see benefits from cookie deprecation like:

  • Increased reliance on first-party data: Thanks to its vast user base across Gmail, Search, YouTube and other services, advertisers will likely turn to Google Ads to leverage its treasure trove of first-party data for targeted campaigns.
  • A stronger position in the ad ecosystem: The decline of third-party cookies weakens smaller publishers who rely on them for ad targeting. This could lead to a consolidation of power within the advertising industry, benefiting large platforms like Google.

Marketers, advertisers, and publishers

Industry trade groups are defending consumers’ right to free and an open web by pushing for a pseudonymous cross-publisher ID that would improve responsible addressable advertising.

The goal is to enable targeted advertising that respects user privacy. Advertisers could reach specific audiences based on interests or demographics — without needing to track individuals across the web.

What cookie deprecation means for advertisers

Third-party cookies currently fuel the majority of programmatic and digital advertising — and cookie deprecation will impact most of the tactics marketers rely on for effective campaigns.

At its simplest, cookie deprecation will impact cross-site tracking and identifier persistency. Without these capabilities, advertisers will struggle with:

  • Reach: About 80% of advertisers depend on third-party cookies. Without them, those advertisers will need to search for other ways to reach their customers and prospects online.
  • Behavioral advertising: Without user data obtained from third-party cookies, marketers will no longer be able to create the detailed profiles and audience segments they use for targeted campaigns.
  • Retargeting: Third-party cookies allow ads to follow users from site to site and retarget users based on the actions they take. Cookie deprecation will reduce the effectiveness of retargeting campaigns and limit the ability to redirect traffic to a preferred site.
  • Frequency capping: Advertisers use third-party cookies to limit the number of times an ad is shown to a particular user. Without frequency capping, advertisers will waste more spend — and ROAS will decline.
  • Attribution and measurement: Losing third-party cookies means losing view-through attribution. This type of attribution allows you to track ad exposure across channels and evaluate the performance of your digital marketing mix. This will make it more challenging for marketing teams to unify fragmented customer journeys across channels.

Personalized ads in a cookieless world

With cookies finally on the way out, what’s a marketer to do?

The industry is developing and evaluating several new ways to provide cross-site data collection and persistent identifiers. This will be a time of adjustment for marketers as we all learn to work within this new and dynamic environment.

But there are a few key places to start adjusting.

1. Strengthen your first-party data

You’ll hear this one everywhere — as third-party cookies deprecate, first-party data will become more and more valuable. It will be critical to collect as much information about your own prospects and customers as possible, including:

  • Postal addresses
  • Email addresses
  • Phone numbers
  • Mobile ad IDs (MAIDs)
  • Onsite user behavior
  • In-app user behavior

It’s important, however, to make sure you’re collecting user consent (hello, cookie notice!) before implementing any first-party data strategy.

2. Resolve first-party data with an identity graph

Data on its own won’t do much to restore your ability to target ads, reach consumers, or measure your marketing. This is where a strong, interoperable identity graph comes in. An identity graph allows you to onboard your first-party data, resolve it to a real person, and reach those people in other places.

Perhaps the most beneficial aspect of a strong identity graph is identifying and reaching anonymous browsers (or unauthenticated web traffic). Sans cookies, and without an ID graph, you’re marketing to these browsers with less data and less precision. The result is poorer marketing performance and less-detailed insights about your own active customers and prospects.

Capitalizing on authenticated site traffic is still the gold standard for targeting accuracy. However, as you might expect, this is typically a tiny portion of your overall traffic.

The best identity graphs allow you to identify and advertise to both authenticated and unauthenticated traffic — which solves the problem of cross-site tracking.Q2 2024: Google announced an unspecified delay migrating 100% of Chrome users to the Privacy Sandbox and disabling all third-party cookies to accommodate ongoing industry challenges and to give the UK’s CMA sufficient time for testing.

Graph of how cookieless advertising works with an identity graph

“This has historically been a cookie process — we cookie the browser and then we take that cookie ID, and we can go find you later because we can translate that to PII,” explains Jordan Seaton, Product Manager at Zeta. “In the cookieless version, we take a cookieless ID and do the same thing. So, the value of the graph is high because we’re able to just substitute cookieless identifiers for cookies.”

3. Consider the server-side cookie

To solve the challenge of identifier persistency, martech and adtech platforms need to collect the most persistent browser-level identifiers possible. A native first-party cookie typically lasts for seven days. This is good enough for some attribution and may be sufficient for some use cases.

But the gold standard is the server-side cookie, which generally lasts a full year (365 days), even on iOS 17 (the strictest browser environment). Adopting server-side cookies will greatly improve the quality of your customer profiles and give you the richest possible resolution on your users — across platforms.

Cookieless future solutions from Zeta

Thankfully, some companies have been building cookieless marketing technology since the early days of deprecation — and Zeta is one of those companies. As third-party cookies are phased out, Zeta is positioned to help you achieve your campaign goals.

Built to be identifier-agnostic

For the past 12 years, we have invested in building a leading identity resolution solution that was purpose-built to handle any identity space — with or without third-party cookies.

Our identity graph consists of 235M+ US-based profiles, consolidated from more than 1.9B email addresses. This makes our ID graph one of the largest non-third-party cookie-based, deterministic data sets in the industry. This deterministic foundation allows you to reach audiences at scale and personalize 1:1 messaging at the record level.

Zeta’s identity graph is also compatible with leading cookie alternatives, allowing for a seamless transition between identity types.

Powered by first-party cookies

To enhance addressability, Zeta is transitioning to the new Zeta Global Tag, built on a first-party foundation (including both server-side cookies and native first-party cookies). By shifting our tagging strategy to first-party cookies, we can increase signal quality and enable consistent user tracking.

Identify anonymous visitors

We’re integrating with the best cookieless networks to accurately identify unauthenticated users and maximize campaign performance. These new partners will be rolling out throughout 2024 and will undergo continuous testing and optimization.

Capitalize on authenticated traffic

Regardless of cookie availability, investing in your authenticated traffic pipeline still represents the best use of resources. By passing this data through our java script tags or files, we can leverage our extensive dataset to transition these users into multiple identity types, giving you the best chance to reach your highest value prospects.

Target, optimize and measure with intelligence

Zeta’s AI combines and interprets a wide range of proprietary signals on each person in our ID graph in near real-time. This allows you to build behavioral profiles to accurately predict actions, intent and brand propensity — without third-party cookies. Zeta’s AI automatically optimizes campaigns for performance against KPIs, including frequency capping, look-alike modeling and retargeting.

Get started with cookieless advertising today

Cookie deprecation just may be THE marketing challenge of 2024. But “going cookieless” isn’t a one-time project. It’s a continuous process. We’re committed to doing the work to create the most performant, full-featured solution in the market — regardless of identifiers.

John Sculley, Former Apple CEO & Pepsi President and Co-Founder of Zeta, explains:

“Those companies that can take advantage of technology to show meaningful outcomes from a business standpoint are going to be the ones that are going to stand out for their success.”

Zeta clients across industries are already delivering meaningful outcomes via cookieless advertising.

Will you be next?

Want to see Zeta in action?

The Zeta Marketing Platform empowers businesses to offer highly tailored experiences driven by AI.
Zeta Marketing Platform


Thanks for your interest in Zeta. To see a demo please complete the form.

Thank you!

Your request has been sent. We will be in touch with you shortly.