What is a Third-Party Cookie? A Practical Explanation for Marketers

Stephanie Russell

Client Development Officer, dentsu

people based marketing

Earlier this year, Google announced its plans to block third-party cookies within its Chrome browser by 2022. If you have been running a remarketing campaign, display ad campaign or any campaign relying on user demographics, this big news will impact your business. Most major online advertising systems use third-party cookies to identify which website visitors should be targeted with display ads. So, it’s important to begin testing alternatives.

Let’s first take a step back to understand the different parties of data:

First-party data is data that a brand owns. Whether it is customer data, information about leads, prior or past customers, or simply data gathered from either signed-in, or anonymous, visitors to your owned website domain. Data collected from people engaging with you directly is called “first party.” 

Second parties refer to your partners. If you make a product that you sell through a retailer for example, that retail partner would be considered a second party.  Generally, in marketing, we talk mostly about first- and third-party data; second-party data is a bit underrated and receives less focus than it arguably should.

Third parties are entities that are completely separate (so not the brand and not the brand's distribution partners). However, brands and publishers often decide to work with ad serving companies and data aggregators to both send data and receive data from them. Because these "third parties" work with thousands of sites, they can combine visitor data into a complete picture of internet behavior and preferences for many users.

But, what exactly is a cookie? 

To start with, let's describe a first-party cookie. People use a browser, like Safari or Chrome, to visit a brand's website. When a user visits a website, technically a URL is sent to the brand's server identifying what page is being requested. During that request for a page, some background information is also sent to the server, including the date and time, the type of computer and, maybe some additional information like sign-in status and previous visits. But, how does the browser know about previous visits? Well, that previous visit information is saved by the browser as a tiny text file on the user's computer. That tiny text file is called a cookie. In fact, this is called a first-party cookie - because the data came from, and is only ever shared back with, the brand's owned web server.

To demystify what it is and view your own cookies in Chrome, go to your settings, then “cookies and other site data” in the privacy section, then click into “see all cookies and site data.”

For example, if you are an ABC Home Décor customer and visit their website, a first party cookie is created, so that the next time you go to ABC Home Décor they know your home store location, and that you’re an existing customer, without you having to tell them again.

On subsequent visits, data about that cookie and corresponding attributes are stored in the brand’s systems to allow for them to understand data about how users behave.  So, if you are managing ABC Home Décor.com, your systems know that cookie ABC123 is an existing customer with a previous purchase tied to the Springfield store.  Perhaps they had a quality site visit, spending several minutes engaging in content across 5 subject areas and made a large purchase.  Alternatively, that same customer may have quickly left your site and not made a purchase or engaged in a meaningful way. As a marketer, this information tied to a cookie (that you might see again) can help make decisions on what experience you serve up on that next site visit.

So, what are these third-party cookies that are going away?

Because first-party cookies are private by design and only share data with a site's owners, website creators have found a way to learn more about visitors by sharing cookie data across the web. The website owner works out a deal with either an advertising or data provider that will allow a tiny graphic (called a pixel) to be requested from a different web server, as well as placing some javascript on their own site (called a tag). Hence, the introduction of a third-party which can then set and read "third-party cookies" during a visitor's session. The agreement benefits the site owner by allowing them to better target ads or display content based on data gathered by the third-party as the visitor has spent time on other sites. It likewise benefits the third-party by enriching the data associated with that visitor. 

Third-party cookies are therefore cookies that are set by a website other than the one the site visitors are currently on. Data collected by third party cookies typically go to advertisers and platforms that utilize them to serve up targeted ads to users when they visit this site and others, based on the content those users viewed previously.

These are usually created without the users’ full acknowledgement of the existence of those cookies or how their data is collected and utilized. This could violate the users’ privacy, therefore major regulations such as GDPR and CCPA are cracking down the usage of third-party cookies that share user data .

Ok, now what? What are marketers' options to communicate with consumers online in a meaningful way in the post-cookie-apocalypse world?