third-party cookies phase-out future of cookie consent banner

Third-Party Cookies Phase-Out: Future of Cookie Consent Banner

Last updated on July 30, 2021|Published on April 6, 2021

A 2019 study by Pew Research Center revealed that about 72% of people in the US feel that they are being tracked online by advertisers and other firms (that use third-party cookies). 81% of Americans think the risks of data collection by these companies about them outweigh the rewards of data collection.

third-party cookies tracking statistics
Image credit: Pew Research Center

This is pivotal statistics, that even Google referenced while announcing its landmark decision. In 2020, Google decided to ban third-party cookies from its browser Chrome. This announcement has caused some panic in the adtech industry while some feel it is a welcome step towards a safer internet. 

We will walk through Google’s third-party cookie phase-out and answer the question if a website will still need a cookie consent banner post the complete ban by 2022.

Blog summary

In 2020, Google decided to ban third-party cookies from Chrome, the cross-platform web browser. The decision was met with mixed reactions from marketers and the users.

One of the burning questions that remain is: what’s next with cookie consent banners if there are no third-party cookies. The answer depends on whether third-party cookies are the only type of cookies that collect the personal data of users.

What are third-party cookies?

To understand what are third-party cookies, we must first get to know the difference between first-party and third-party cookies. 

First-party cookies are usually generated and placed on the user’s device by the website that the user is visiting. Such cookies are often used for facilitating user experience and some core functionalities of the site. For e.g. first-party cookies can identify a returning visitor so that they do not have to use the username and password to log in on successive visits. They are usually harmless since they do not “spy” on the users. Some analytics tools use first-party cookies to gather analytics data. These, however, may sometimes require deliberation.

Third-party cookies are generated and placed on the user’s device by a different website other than the one the user is visiting. Most third-party cookies are used for analytical or marketing purposes. For e.g. the cookies placed by an e-commerce site will display ads on another website about a product that you looked up for moments ago. These cookies track the user’s online activity and search history on the website and follow them around on other websites for personalized advertisements. Another example of third-party cookies is the ones placed by social media plugins on other websites to log in or share content.

Third-party cookies are often seen as privacy intruders. The absence of third-party cookies does not usually affect the core functionality of the website. And for this reason, they are subject to privacy regulations.

CookieYes blocks third-party cookies before cookie consent

So, it is quite clear that a third-party cookie or tracking cookie is a marketer’s friend. 

Data privacy laws and third-party cookies

Data privacy legislation like the General Data Protection Regulation (GDPR), ePrivacy Directive, California Consumer’s Protection Act (CCPA), and many more, have regulations that affect the usage of third-party cookies.

While laws like GDPR and CCPA do not specifically mention third-party cookies, they have certain standards that will apply to websites that use them. If a website needs to collect and use personal data, such as information that can be used to identify a person, require to inform the users about it and get their consent. A website can collect user data via cookie identifiers. Hence, cookies, especially of third-party category, are subject to data privacy regulations. 

ePrivacy Directive (or the recently announced ePrivacy Regulation) has dedicated guidelines and standards for cookies. That is why they are also knwn as the EU Cookie Law. The ePrivacy Directive makes it mandatory for a website to obtain informed consent from the users for using third-party or tracking cookies. Without consent, the website cannot place the cookies on the user’s device. 

Many other data privacy laws make consent mandatory for using tracking cookies. 

Recap of third-party cookie phase-out

In January 2020, Google announced that it will be phasing out support for third-party cookies in Chrome by 2022. They stated, “Users are demanding greater privacy–including transparency, choice and control over how their data is used–and it’s clear the web ecosystem needs to evolve to meet these increasing demands.”

Google Chrome is not the first internet browser to do this. Earlier, Apple’ Safari and Mozilla Firefox also phased out support for third-party cookies. The third-party cookie ban is part of Google’s larger scheme to enhance privacy as it followed after the launch of its new initiative known as Privacy Sandbox on August 22, 2019. Privacy Sandbox sets new standards for privacy on the web and introduces five browser APIs to protect user privacy and make content open and accessible at the same time, without the use of third-party cookies. These APIs will help the websites for ad selection (without cross-site tracking), conversion measurement and fraud prevention, while still maintaining the anonymity of the users. Privacy Sandbox proposes tracking a group of people rather than an individual. This mechanism is called Federated Federated Learning of Cohorts

Google’s announcement is undoubtedly a result of enforcement of the EU’s General Data Protection Regulation (GDPR).

Google’s decision to eliminate third-party cookies received a mixed reaction. While this was a welcome step to protect user privacy, it will adversely affect the ad tech companies, especially the smaller ones. According to Statcounter, the global market share of Chrome is about 67% in March 2021. 

Source: StatCounter Global Stats – Browser Market Share

While this may affect other ad tech firms, Google will continue to track users using its advanced technologies.

Update: Recently Google announced that it is delaying phasing out third-party cookies until 2023. They have pinned the reason behind this decision to allow time for “public discussion on the right solutions, continued engagement with regulators, and for publishers and the advertising industry to migrate their services.”

This should not be a surprise since the UK’s  Competition and Markets Authority (CMA) opened an investigation into the Privacy Sandbox in January. So, to comply with the regulators and explore more privacy approaches, Chrome will phase out third-party cookies from mid-2023 till late 2023. 

What will happen to cookie consent banners?

To answer simply – nothing. 

The future of the cookie consent banner remains intact even if the third-party cookies are out of the picture. It is crucial to note that Google is not phasing out all cookies. Chrome will support cookies that fall outside the third-party category. It is only going to eliminate cookies that are generated by a different domain than the one the user is visiting. That means if your website generates cookies that will collect personal data, you still have to get informed user consent.  Like mentioned earlier, some websites may use their own analytics system that uses first-party cookies to collect user data. Unless it’s statistical aggregate data, you need the users’ consent to place them on their device. 

Unless the cookie is “strictly necessary,” you may still need consent to use it.

The fact remains that whatever cookies your website generates or uses, you need to inform users about it.  A cookie banner is perfect for it. Moreover, you still have a year before Google Chrome completely phases out third-party cookies. That is, one more year to use those cookies with care and per the data privacy regulations. Also, one more year to look for alternatives that ensure safe and best privacy practices. 

Cookie consent banners are here to stay for a long time. 

CookieYes cookie consent solution

CookieYes is a cookie consent management solution for websites that need to comply with data privacy laws like GDPR, ePrivacy Directive, CCPA and CNIL. It provides cookie consent banner templates and other features that make sure your website stays compliant with the privacy laws. 

Some of its main features are:

  • Full control over the behavior, content and look of the consent banner.
  • Supports all major CMS and custom-coded websites.
  • Allows granular cookie consent option for users.
  • Auto-blocks third-party cookies before user consent and lets you add cookies to block as well.
  • Auto-scans websites for cookies.
  • Auto-translation of the banner into 26 languages. 
  • Logs user consent for cookies.
  • Privacy policy generator that quickly generates privacy policy page.
  • Geo-targeted display of the consent banner.

More than 1 million websites trust and use our solutions, and it is a testament to our commitment and user-friendly solution. 

To make your website cookie-compliant, sign up for a free 15-day trial. 

Start a 14-day free trial

Trials start with all our features enabled. Cancel anytime. No credit card required.