First 2023 and now 2024. While Google’s latest rollback on disabling third-party cookies buys itself and marketers around the world more time to get it right, it is certainly not intended to put privacy and the third-party data conversation on the back burner. 


Quite the opposite. 

With the accelerating pace of privacy and preference activity across the world, brands can’t ignore the new reality: privacy-first marketing is the only route to winning long-term customer loyalty. And while Google’s cookie deprecation delay shouldn’t delay your move to a smarter data strategy, it is important to better understand what alternatives are evolving to replace the current model, and how that may impact your data strategy.





What’s Replacing Third-party Cookies?


The rollback of third-party cookies - the tiny piece of code that helps marketers track people’s activities across sites on the internet to target ads to them - may be delayed, but it’s still inevitable. And it’s already in force on Apple, Firefox, and Brave browsers. 


In fact, practitioners and experts recommend that instead of seeing this deadline extension as a reprieve to take our eyes off the cookie, this is the moment to double down on our first-party data strategy, as well as design a more diversified and compliant data portfolio for the long-term.


Rollback or not, it's obvious that third-party cookies are not the future. That is not changing. What is still evolving though, is our understanding of what may replace cookies and what we need to do, as marketers, to prepare ourselves for that future. 


And at the center of that third-party cookie replacement effort, is Google’s Privacy Sandbox


The Privacy Sandbox Initiative consists of a set of tools and API technologies that aim to make current tracking mechanisms such as cross-site tracking identifiers and browser fingerprinting - another hidden method to track and gather data about internet users - obsolete. 

As marketers, we need to better understand the longer-term implications of Google’s Privacy Sandbox - the initiative that will gradually replace third-party cookies for a more privacy-preserving internet.


The Three Lenses for Marketers to View Google’s Privacy Sandbox


To better understand the Privacy Sandbox, let’s view it from the 3 lenses around which it is structured:



Google’s Sandbox timeline buckets the APIs broadly into 3 groups: privacy-preserving ad targeting & ad fraud; measurement & attribution; and data privacy.


1. Ad targeting and fraud 


After abandoning the under-trial FLoC (Federated Learning of Cohorts) because of its inability to provide sufficient user anonymity, Google’s Privacy Sandbox now aims to show more relevant content and ads with these privacy-preserving APIs: 



This API can analyze a user’s browsing history and cluster them into one of 300 manually-curated, publicly visible interest clusters or categories. Unlike with third-party cookies, sites using Topics will only know what topics a browser may be interested in, not their specific and individual browsing history or identity.


They can use that information to serve more relevant ads. Chrome users will have the option to select, change or entirely disable Topics from their settings. 



FLEDGE aims to address the shortcomings of third-party cookies for retargeting use-cases. With Fledge, the user's browser, and not the adtech provider or advertiser, holds information about the user’s online behavior and interests and runs an ‘auction’ each time the user visits a publisher site where ads can be run.


The inventory owner or publisher cannot access any of the data - all they can do is run the winning ad in a fenced frame. No personal data is exchanged with any third parties.


Trust Tokens

Google’s Trust Tokens are designed to help websites distinguish real people from bots or malicious attackers, fight spam and minimize ad fraud instances. Sites will issue ‘Trust Tokens’ to user browsers based on regular and credible behavior and actions. Because they are encrypted, individual identification or any data point connections across sites is difficult.


What it means for marketers

All these initiatives, if they come through, are designed to protect user privacy without overly disturbing the advertiser’s ability to effectively target customers.


That said, with advertisers and ad networks being able to access, layer, connect or store much fewer user data in the future; and more power being handed to the browser (Chrome for 70 percent of users) we will undoubtedly see more first-party data offerings at a premium from Google itself.


Another reason to think about a more diversified data strategy right now. 


2. Measurement and attribution


Previously called Conversion Measurement, this set of APIs is now called Attribution Reporting. It helps identify ad conversions without cross-site identifiers, by measuring two interlinked events - ad views and clicks on the publisher side; and conversions on the advertiser side.


It delivers attribution reports at the event level and aggregated level, but they are encrypted and ‘noised’ to stifle any attempts to identify individual users at the adtech level.

What it means for marketers

With event-level reports, both publishers and advertisers can understand ad and campaign effectiveness and its impact on user behavior; and with summary (aggregate) reports, they get much deeper insights and more flexibility over larger data sets, which help answer questions about ROAS.


In theory, these are great, but by Google’s own admission, the APIs are still very much evolving and can look very different by the time they go to market. 


3. Privacy and safety


The entire raison d’être of phasing-out third-party cookies is to protect user privacy, and in this regard, the Privacy Sandbox has a comprehensive set of tools bucketed into two groups:


APIs that strengthen cross-site privacy boundaries

This group of tools, including first-party sets, shared storage API, and CHIPS (Cookies Having Independent Partitioned State) are focused on inhibiting cross-site tracking while still protecting the interests of multi-site owners who may need to use first-party customer data across their various digital properties. 


APIs that limit covert tracking

With tools that severely inhibit browser fingerprinting, require website owners to be explicit in labeling their cookies in the first-or third-party context, protect user IP addresses, and restrict the amount of identifying information a site can access; these APIs and tools will protect users from being uniquely identifiable across a range of situations and contexts.


What it means for marketers

More than ever, having a clear data policy and being explicit in how the business collects and manages customer data is key for marketers. Without this clarity, it will not be able to make the most of Privacy Sandbox initiatives.


Beyond Cookie Deprecation and Privacy Sandbox - Next Steps for Marketers


None of the initiatives listed above are set in stone, and like FLoC, other initiatives may be abandoned or changed based on how the trials turn out. So while Google irons out its Privacy Sandbox based on stakeholder feedback, marketers continue to operate in an environment of ambiguity. 


This is the time to resist letting our guard down in terms of using still-available third-party data. We also need to resist experimenting with solutions that may further entrench us in covert tracking and targeting methods; or lead us to become further dependent on walled gardens.


The best way to empower ourselves, as marketers, is to invest in a diversified data portfolio. It’s vital to build a richer portfolio of data sources – including zero-, first-, second-, and third-party data - to meet different business goals more effectively. 


Here are some other specific next steps to consider:


1. Continue prioritizing our privacy-by-design first-party data strategy.


The best place to start is to invest in a solid consent management platform and a user-friendly preference center to deliver a truly personalized experience. This approach turns compliance and consent into a strategic advantage that competitors will find hard to beat.

2. Explore more second-party data options that are relevant to your industry. 


For example, consumer facing brands can consider options such as retail media. Brands in specific industries can work on building select partnerships with large players willing to offer second-party data.


3.Explore alternative targeting solutions beyond cookie-based options.


Experiment more to find the right balance between data and performance. For example, options like CTV, smart in-store signage, and opt-in SMS marketing all offer new avenues to reach, target, and engage customers without infringing on their privacy.

4. Move away from ID-based targeting by learning more about contextual advertising options.


For example, the context in which people consume video ads has a huge impact on performance outcomes and doesn't need identifiers. Similarly, avoiding certain contexts that are unsuitable for your brand may also aid advertising efficiency.

Keep abreast of privacy regulations around the world - no marketer can afford to design and execute targeting initiatives and advertising campaigns in isolation from the data privacy regulations and laws that are evolving around the world. Both have to run in parallel, so continually invest the time needed to keep one step ahead of the regulators.


Talk to an Expert