August 22, 2023
|
Blog / Insights

3 reasons to start your post-cookie planning today

There’s been a lot written about the coming ID-less world. But we think the industry has already left the cookie behind. Here’s why.

Cookiepocalypse. The ID-less future. The cookieless world. Do a quick online search, and you’ll find an endless list of articles on the topic. And while the industry worries about what will happen and when, we believe the world has turned and is already leaving cookies behind. You'll learn why in this, the first of our series on identity, privacy and governance. You’ll also understand the current state of identity and what’s on the horizon for 2023.   

1. Increasing legislation will dramatically complicate identity, privacy and governance

Identity protection is spreading across the nation, with states leading the action. As of August 2022, five U.S. states had signed comprehensive consumer data privacy laws, with the California Consumer Privacy Act (CCPA) being the first to be signed into law in 2018. On January 1, 2023, the California Privacy Rights Act (CPRA), a major update to CCPA, went into effect, as did the Virginia Consumer Data Protection Act (VCDPA). Additional privacy laws in Utah, Colorado and Connecticut will go into effect later in 2023. In just the first couple weeks of 2023, 18 additional states introduced new privacy bills for consideration, with more expected as the year progresses. This privacy patchwork leads to the big question:

Will the U.S. pass a national data privacy bill?

The American Data Privacy Protection Act (ADPPA) was introduced in the U.S. House of Representatives in June 2022 to “provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.” While the bill did not pass in 2022, we expect Congress to reintroduce the bill in 2023 and make a renewed push for passage later in the year. 

The most important and contested point about the ADPPA is that it could preempt all other state data privacy laws.2 For ad tech players, this could simplify their approach to consumer privacy. However, exceptions could be granted for more specific privacy laws and even some state laws like California’s CPRA, so whether it’ll make it simpler for the ad tech industry is debatable. A national bill protecting consumer privacy would clearly and severely push cookies toward extinction. 

Consumer data protection laws have proliferated worldwide

While the U.S. is making progress on data protection, the European Union is far ahead of us. GDPR may be the most famous consumer privacy law, having gone into effect in 2018. Several countries with data protection on the books are working to make them stronger, including Australia, Canada and India. Globally, as of December 2021, most countries had some form of consumer data protection law, a 12% increase in less than three years. A trend we don’t see diminishing in the coming years.

2. Marketers are keeping their identity options open

With so much legislation in flux, it’s no surprise that marketers are trying to stay nimble. Email-based authentication is king, but contextual is close behind. In a survey of 1,400 advertisers and publishers, Lotame found marketers plan to take multiple approaches to identity resolution.5

First-party data is the bedrock, but partner support is essential to scale

A May 2021 Ad Perceptions study of 100 publishers found reliance on third-party partners is essential to their identity strategy.

3. Consumers have already gone cookieless

Much has been said of Chrome’s decision to phase out third-party cookies. More chatter surrounded their decision to postpone this action until the second half of 2024. But the fact remains, Chrome is late to the deprecation game. Let’s take a quick look at who's been paving the way for an ID-less future.

  • September 2017 – Apple releases Intelligent Tracking Prevention (ITP) to prevent cross-site tracking
  • September 2018 – Apple releases ITP 2.0, removing the 24-hour cookie access window
  • June 2019 – Mozilla starts blocking third-party tracking cookies for new users
  • June 2019 – Microsoft releases tracking protection for Edge
  • September 2019 – Mozilla makes blocking third-party tracking cookies default for all users
  • January 2020 – Google announces plans to phase out all third-party cookies in Chrome within two years
  • June 2021 – Google announces Chrome will stop supporting third-party cookies by the end of 2023
  • July 2022 – Google delays removal of third-party cookies to H2 2024

Consumers are already spending most of their online time in cookieless environments

Do marketers believe chromeaggedon will happen?

Google has delayed phasing out third-party cookies multiple times, leading to skepticism Google will hit its late 2024 deadline. So what if Google never phases out the cookie? Or the fall of 2024 arrives, and Google decides to delay indefinitely because cookie-based traffic has decreased to the point where privacy concerns from other sources have eclipsed cookie-based privacy concerns? As a publisher or advertiser, would you maintain the status quo identity strategy for the foreseeable future? 

The case for post-cookie planning

By the time the cookiepocalypse happens, cookie-based tracking could mostly be a thing of the past, thanks to changes in consumer behavior.

This is where it becomes interesting because how publishers and advertisers decide to tackle the future can vary significantly based on their goals and risk tolerance. Data governance and compliance help establish the rules and frameworks to make better decisions. More to come on this topic soon in part two of this series.

What do you think? Is the cookieless future already here? What trends are you seeing in visitors through the web vs. mobile, CTV, or other cookieless environments? How are you planning for the ID-less world? Let’s connect to discuss what you’re doing to protect consumer privacy and grow. And be sure to follow us on LinkedIn for more insights that help you grow in an ID-less world.

 1 Yahoo, Internal data, Dec. 20, 2022.

2 Davis, Matt. 5 August 2022. "What is the ADPPA?" Osano.com.

3-4 UNCTAD. “Data protection and privacy legislation worldwide.” UNCTAD.org.

5-6 Lotame, October 2021. “Beyond the cookie: Identity solution adoption & testing among marketers & publishers.” Lotame.com. 

7 Advertiser Perceptions, May 2021. “Preparing for a future without third-party cookies & IDFA.” Advertiserperceptions.com

Polli, Sarah, 30 November 2021. “A brief timeline of cookie deprecation.” Hearts-Science.com.

9-11 Lis, Jessica,. 9 June 2022. “U.S.time spent with connected devices 2022.” Insiderintelligence.com.

12 Vidakovic, Ratko, (personal communication, 21 September 2022), AdProfs.com.