Why All the Cookie Noise?

It’s about Google’s decision…

and what professional marketers will do in a cookieless marketing and advertising future.

Over the last three or four months, there has been a resurgence of interest or maybe even concern over a “cookieless” future. I’ve been getting invited to dozens of webinars (I’ve attended quite a few since COVID-19 lockdown) focused on how we’ll all survive a marketing and advertising profession without cookies. A quick observation about these webinar invites is that they’re coming mostly from programmatic media platforms/agencies. More on this observation later.

I find it quite interesting that this topic is so hot right now because this discussion goes back 10 plus years.

Of course, it makes sense since Google made it clear earlier this year that it will end supporting third-party cookies in the next two years. This is candidly a pretty big deal since Google owns the majority of search traffic, and we, as professional marketers, rely heavily on search for our marketing strategies.

What does iab say a cookie is?

Just to be clear, let’s make sure we all understand what I’m referring to concerning “cookies.” According to iab’s whitepaper  Post-Cookie World published in 2014:

“The cookie is the state management mechanism most commonly used today to support the many functions of digital personalization, reporting, and advertising. It is not owned or licensed by one party—rather, it is part of Internet Standards, and as such, the Internet industry as a whole has innovated on top of it.”

Food for thought, while some first-party cookie data is on the chopping block too, the significant issue is third-party cookies, as you see stated above with respect to Google’s plans. When the internet was first invented, a first-party cookie was used in our browsers from the actual domain we visited – the owner of that web domain knew about our visit and did not necessarily share or sell any of the information gathered during our visit. With this limited collection of data, cookies issued were minimal and uncomplicated.

Fast forward to today’s web experience. We see that virtually every website we visit probably has complex third party vendors and systems integrated into their sites. These third parties deliver personalized, relevant content, services, ads, and functions. Depending on the size of the brand we’re interacting with, hundreds of third parties issue cookies. That’s a whole lot of cookies y’all.

Personal Data Privacy!

But what’s the big deal – right? Well, the bottom line is we have a data privacy issue. This issue takes me back to the days of outraged consumers demanding that their personal information NOT be up for sale to the highest bidder just as email marketing was becoming “a thing.” Yup, I’ve been around that long.

Since Social Media’s arrival and all the recent controversies surrounding the sale of user preferences and behavioral targeting data, we’ve seen severe legislation take hold to protect personal privacy.


The serious push for personal data ownership begins with the General Data Protection Regulation (GDPR) in 2018 – Europe’s Data Privacy and Security Law took effect two years ago with the most stringent privacy and security law in the world. 

Europe is not ambiguous on protecting personal data privacy and security – this commitment goes back to the 1950’s European Convention on Human Rights.

I’ve provided the link above for you if you want a full history lesson or a more in-depth dive into the law’s idiosyncrasies. 

So, since this was Europe’s stand – did we in the U.S. need to be concerned? Well, of course, simply because many U.S. based companies have international operations, selling or doing business around the globe, and we have websites here in the U.S. that will be impacted.

The most noticeable GDPR driven changes were; updates to website privacy policies, tracking cookie permission pop-ups upon initial or return visit to a site, GDPR notices in marketing emails, and the intense push to double-opt-in for email marketing lists – even more so than just with the good old CAN-SPAM regs.


After getting everything aligned for GDPR, here came the California Consumer Privacy Act, CCPA. In reality, this legislation passed in California is just the beginning of sweeping changes in the laws for the Wild Wild West of U.S. data privacy.

The basics that surround this legislation according to the official CCPA web page are: 

  •  The right to know about the personal information a business collects about them and how it is used and shared;
  • The right to delete personal information collected from them (with some exceptions);

These four bullets above are the hot topics my colleagues and I have been discussing since 2011. What if consumers (targeted audiences) want to control all that data we’ve been collecting on them since the mid-90s? We’ve had it pretty good for quite some time, being a bit vague about all we know, controlling their abilities to delete or opt-out. That treasure trove of data focused on buying and web behavior is rather tasty.

What’s Google’s Take?

Now some say (I’ve even said it) that Google’s motives are not on the up and up. But just for transparency’s sake, here’s a quick soundbite from them on their take on all these concerns. They have quite a bit to say on this, and I’m only sharing a “snippet,” so buckle up; it’s worth it to read the entirety of the quote below and then click over to read the rest at your leisure. 

“As we previously announced, Chrome will limit insecure cross-site tracking starting in February, by treating cookies that don’t include a SameSite label as first-party only and require cookies labeled for third-party use to be accessed over HTTPS. This will make third-party cookies more secure and give users more precise browser cookie controls. At the same time, we’re developing techniques to detect and mitigate covert tracking and workarounds by launching new anti-fingerprinting measures to discourage these kinds of deceptive and intrusive techniques, and we hope to launch these measures later this year. 

We are working actively across the ecosystem so that browsers, publishers, developers, and advertisers have the opportunity to experiment with these new mechanisms, test whether they work well in various situations, and develop supporting implementations, including ad selection and measurement, denial of service (DoS) prevention, anti-spam/fraud, and federated authentication.” Chromium Blog, January 14, 2020

There are concerns that the size of Google could mean some degree of control over audience targeting that leaves room for more anti-trust headaches for them. I don’t think so – we’ve known the cookie has been living on borrowed time. A better way to deliver the right message to the right audience is on its way, and we can rest easy knowing Google will be part of the solution – not the only one.

More to Come!

Whew…that’s a lot to digest. But what are we saying here? As digital marketers/advertisers, we have become too dependent on these humble little pieces of code and, in some cases, built revenue models around selling the data we capture from them. Remember, I said, “more on the fact” that many webinar invites come from programmatic media platforms/agencies? 

Well, most programmatic media buys depend on third-party cookies to deliver highly targeted messages. Remember that little something Google stated above about insecure cross-site tracking, making third party cookies more secure. They also said they’re developing techniques to detect and mitigate covert tracking workarounds? I’m going to dive deeper into this in my next post. Keep an eye out for this in the coming days.

Author: Christina Tierney

I’m a passionate cross-channel marketer that excels at developing high-performing integrated strategies that result in increased revenue for both my clients and agency. The views expressed here are mine alone and do not necessarily reflect the views of my clients or employer.