Google Reverses Decision to Phase Out Third-Party Cookies in Chrome

In a surprising move, Google has just announced an important update that will affect digital marketers everywhere. On 22nd July 2024, Google is likely to keep 3rd-party cookies in Google Chrome

“Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time. “ – Anthony Chavez, VP, Privacy Sandbox, Google

Over the years, with pressure from regulations like the GDPR (General Data Protection Regulation) and the CPRA (California Privacy Rights Act), as well as competition from Apple’s Safari browser, Google, which makes over 70% of its total revenue from ads (YouTube Ads, Google Search, and Google Display Network), had planned to get rid of these cookies.

Visit this report to understand how Google makes money.

3rd-party cookies are essential for effective ad targeting. The tendency to keep 3rd-party cookies in browsers might also be the consensus among all stakeholders, including the CMA, publishers, and advertisers. With this new decision, Google can now expand their advertising business by precisely retargeting their audience.

As a digital marketer, you might have the following questions. 

Let me answer them one by one:

How do 3rd-party cookies help Google with more precise advertising retargeting?

Before answering this question, we need to understand what a cookie is and how cookies work with retargeting

Simply speaking:

  • 1st-party cookies mostly help the site remember your preferences within the website, making your browsing experience smoother. 
  • 3rd-party cookies are mainly used for audience retargeting.

Google mostly uses a 3rd-party cookie, named IDE cookie for cross-site tracking. The IDE cookie is set by Google’s DoubleClick service, helps Google track websites you visit and products you browse or purchase, provided those websites use Google’s advertising services. 

By collecting this data, Google can:

  • Display ads related to the websites or products you’ve viewed.
  • Recommend other related products from different brands.

To check it, you can press “Command + Shift + C” to inspect your browser, and go to:

Application > Storage > Cookies > Select the current website page > Filter by “IDE”.

You will find that when a website has activated Google’s advertising services, the IDE cookie will exist, and the cookie value will be the same.

_______

Website A: https://ayudante.jp/

Cookie Value on my Browser: AHWqTUn8y-DvWqaaXQIYhf15xy2FB6rGQ-tYEY1u9VfTZUaDFJukgUiBfslXBh6cDMU 

Website B: https://evsmart.net/

Cookie Value on my Browser would also be the same value: AHWqTUn8y-DvWqaaXQIYhf15xy2FB6rGQ-tYEY1u9VfTZUaDFJukgUiBfslXBh6cDMU 

In this case, Google would understand the websites that this user (AHWqTUn8y-DvWqaaXQIYhf15xy2FB6rGQ-tYEY1u9VfTZUaDFJukgUiBfslXBh6cDMU) has browsed. If the browsed websites have implemented a comprehensive tracking, your browsing and even purchase record would also be shared to Google’s advertising service as well.

_______

Google has tried to launch other alternatives to reduce reliance on 3rd-party cookie tracking, such as FLEDGE and TopicAPI.

  • However, the implementation is very complicated, while those solutions cannot perform the same accuracy as a 3rd-party cookie does. 

Those solutions can only show the defined topics or area that a user is interested in, but it will never pass on information about the exact web pages or product the user has browsed. Even worse, these solutions may make the audience base for Google Advertising less precise than it was before.

Why did Google originally plan to phase out 3rd-party cookies, even though it would affect their precise advertising retargeting?

Now we understand how powerful a 3rd-party cookie is. 

Back to 2019, Mozilla Firefox introduced Enhanced Tracking Protection (ETP) in Firefox 69 in 2019. One year later, Apple Safari has fully blocked all 3rd-party cookies with the release of Safari 13.1

Additionally, increasing regulatory scrutiny from laws such as the General Data Protection Regulation (GDPR) in Europe and the California Privacy Rights Act (CPRA) in the United States necessitated changes in how companies handle user data.

The pressure from the industry and these regulations compelled Google to develop a more privacy-centric solution for their browser, which accounts for over 65% of the market share.

In summary, the combined stress from industry trends and regulatory requirements pushed Google towards phasing out 3rd-party cookies to align with privacy expectations and legal obligations.

Why has Google now reversed this decision?

We understand the pressure from industry standards and regulations places Google in a very difficult position between providing a more precise audience base to their advertiser clients and protecting user privacy and consent.

To answer why Google has now reversed this decision, it may be helpful to explain whether continuing to use 3rd-party cookies violates the General Data Protection Regulation (GDPR) in Europe and the California Privacy Rights Act (CPRA).

First, we need to understand the content of these regulations:

AspectCPRAGDPR
ScopeApplies to businesses collecting personal data of California residents, meeting certain thresholds.Applies to all companies processing personal data of individuals in the EU, regardless of the company’s location.
Definition of Personal InformationInformation that identifies, relates to, describes, or could be linked with a particular consumer or household.Any information relating to an identified or identifiable natural person.
User RightsRight to know, access, delete, correct, and opt-out of the sale of personal information.Right to access, correct, delete, restrict processing, data portability, and object to processing.
ConsentImplicit consent for data collection, explicit opt-out for data sale.Requires explicit consent for data processing activities.
TransparencyRequires clear and accessible privacy policies and notices at or before the point of data collection.Requires clear and transparent information about data collection, processing, and sharing practices.
Data ProtectionBusinesses must implement reasonable security measures to protect personal information.Requires appropriate technical and organisational measures to ensure data security.
Breach NotificationRequires notification to affected consumers and the California Attorney General in case of a data breach.Requires notification to data protection authorities and affected individuals within 72 hours of a data breach.
EnforcementEnforced by the California Privacy Protection Agency (CPPA) and the California Attorney General.Enforced by national Data Protection Authorities (DPAs) in each EU member state.
PenaltiesFines up to $7,500 per intentional violation and $2,500 per unintentional violation.Fines up to €20 million or 4% of annual global turnover, whichever is higher.

From this summary, we understand that neither regulation explicitly states that using third-party cookies would violate the law. However, Google must comply with the following conditions:

  • User Consent: Explicit consent must be obtained from users to collect and process their personal data.
  • Transparency: Privacy policies and cookie notices must clearly explain data collection practices.
  • Data Protection: Proper technical and organisational measures must be in place to secure the data.
  • User Rights: Users must be able to access, correct, delete, and restrict the processing of their data.
  • Notice and Disclosure: Inform users about the types of personal information collected and how it is used.
  • Opt-Out Rights: Provide users with the option to opt-out of the sale of their personal information.
  • Non-Discrimination: Ensure that users who exercise their privacy rights do not receive inferior service or different charges.

To adapt to environmental changes, Google has introduced the CMP Partner Program. This program helps integrate Consent Mode and Google Tag Manager for smooth implementation. It manages cookie consent banners, ensures explicit consent is obtained, and oversees the consent process from the moment a user visits a website.

Additionally, Google’s Privacy Sandbox initiative aims to protect online privacy while providing tools for businesses and developers to thrive. Privacy Sandbox includes technologies designed to safeguard user information while browsing. These tools allow companies to operate effectively while ensuring your data remains protected.

Moreover, Google has updated Google Analytics 4 to include a data-deletion request feature. If users need to delete data from the Analytics servers, they can use this feature to request its removal. The specific text data collected by event parameters will be erased and replaced with “(data deleted)”, but the event will still be counted in the overall metrics.

GDPR and CPRA are important regulations aimed at protecting user data privacy. Neither law explicitly bans third-party cookies but mandates that companies respect users’ choices regarding the use of their data for advertising purposes. Google is launching new programs, such as the Privacy Sandbox, to make browsing safer and more secure. Although Google tends to keep third-party cookies in Chrome, it continues to work towards compliance with both GDPR and CPRA requirements as well as industry standards.

Summary

Google relies heavily on advertising revenue, which has enabled businesses to promote themselves online and achieve higher conversions with a precise audience base. This not only benefits businesses but also helps many content creators (such YouTuber and Digital Writers) by making their effort profitable.

I understand that the way Google employs third-party cookies for tracking through retargeting may cause discomfort. Over the years, Google has strived to make this process more privacy-centric. In 2024, Google Chrome remained the most popular browser, with over 65% market share. With more privacy-focused features in the Privacy Sandbox, it is believed that a balance can be struck between targeted advertising and privacy protection.

Jasper Poon

Solution Consultant, Business Development

Avatar photo

I have solid expertise in digital project management, data collection (by GA), and visualisation. I firmly believe no single platform can tackle all modern challenges in the digital world. Alongside solid knowledge in GMP products, I am also passionate about Google Cloud and other UX analysis tools. In my free time, I find joy in cats, swimming, and football.