Skip to Main Content

How to Build a Cookieless Data Strategy

A roadmap for a first-party data strategy.

Companies need a strategy for the end of third-party cookies.

For over two decades, third-party cookies have served as a cornerstone of digital advertising. Advertisers have used them to track users’ online behaviors, enabling the targeted advertising and personalized content delivery that underpin most digital advertising strategies today.

However, cookies, and many of the standard practices that rely on them, are on the verge of a transformation. On January 4, 2024, Google initiated trials of its new privacy features, discontinuing the use of third-party cookies in Google Chrome browser for 1% of users—roughly 30 million individuals. Google plans to eliminate third party tracking cookies for all Chrome users sometime in 2025. In conjunction with significant new regulations on internet privacy and Apple’s pushes for increased data privacy, it’s likely that 2024 will be the last full year that third-party cookies are widely used in digital advertising.

But the end of third-party cookies doesn’t mean the end of tracking altogether—it just means organizations need a different strategy to achieve genuine end-user consent to process personal data. Marketers confronting a cookieless environment should prioritize two key strategies: harnessing first-party data and embracing new cookieless attribution techniques like device fingerprinting and server-side tracking. In this article, we’ll cover the rationale behind Google’s decision to terminate the use of third-party cookies, explore the prospective alternatives, and provide some options that marketers can use to navigate the new paradigm.

How do third-party cookies work?

Before we get into the recommended strategies for marketers, let’s go over the basics of the change that’s happening now. If you’re a digital marketing expert, some of this will be old news to you, but to summarize: Cookies are tiny text files, deposited into a user’s browser while visiting a website. These cookies fall into two categories:

  • First-party cookies originate from the website being visited to recognize the user’s device and store information to enhance their browsing experience. This is how websites “remember” things about a user, like the items they had in their shopping cart or their login status.
  • Third-party cookies are implanted into a user’s browser by a website other than the one currently being visited. These cookies track users’ browsing, collecting data regarding their internet habits, preferences, and interests to deliver tailored advertising experiences. These cookies are why users see ads across the internet for products they’ve researched.

Third-party cookies are one of several tracking technologies available for website optimization, analytics solutions, marketing platforms, social media integrations, and online advertising—but they’re one of the most popular.

Why should advertisers care about the end of third-party cookies?

The shift away from third-party cookies is the result of years of scrutiny, stemming from growing privacy concerns. Third party cookies serve both the website where they’re placed and the cookies’ providers, ad tech companies who heavily rely on these cookies for mass data collection, profiling, and real-time bidding. In exchange for optimization services on a website, third-party cookies give advertisers vast amounts of personal data from end users—often without their explicit consent or awareness. This data is then circulated, traded, and sold within digital advertising ecosystems.

The data harvested by third-party cookies encompasses everything from individual IP addresses to browsing history to device details. Through tracking users’ online activity, advertisers and data brokers can build shockingly complete profiles of users that include intimate details like health, sexuality, family, political affiliations, and religious beliefs. Advertisers leverage these detailed profiles to target their ads with microscopic precision, tailoring campaigns to individual preferences and personalities.

Though websites commonly seek permission to attach first-party cookies to your browser, third-party cookies are often deployed without user consent—hence all the digital privacy concerns. While browsers like Firefox have already removed third-party cookies, Chrome, which commands around 65% of browser usage, is the most influential player in this transition.

From the beginning of 2024 through Q3, Google will be gradually phasing out the use of third-party cookies for all Chrome users. It’s expected that many of the remaining supporters of third-party cookies will ultimately follow their lead—and as a result, advertisers will need new options. So far, no single replacement option has emerged to fill the cookie gap. Instead, advertisers are turning to multiple systems and data sources.

If third-party data is harder to come by, the most obvious solution is to make the most of the data you have. Having a robust first-party data set (in other words, a data set that you own) gives you ownership of the data and increases your ability to use it. This can be especially beneficial for remarketing initiatives, but it’s applicable in many different contexts.

So how do you do that? As a first step, we recommend building a customer data platform (CDP). A CDP has two basic functions: to pull data from multiple locations within your data stack, to allow you to conduct analytics on it. What kind of data you pull in will vary depending on your data strategy, but your data set should be built around an identity profile, similar to how it’s organized in your CRM. From there, you can pull in data on customer behaviors, preferences, and interactions and from there, build a full profile of each customer.

Put your CDP to work.

The CDP will be your basis for everything else, starting with analytics. You can identify high-propensity individuals or market segments, assess what tactics are working, or spot trends that help you tailor your marketing campaigns. With a high-quality data set like this, you can also begin leveraging AI to model smart segments, allowing you to target your marketing efforts on specific media platforms.

For some companies, however, working with customer directly will present legal and compliance challenges. As interest in data privacy grows, and as regulations on data usage tighten, companies affected should turn to data clean rooms. These data systems allow analysts to pull queries from customer data without access to the data itself. The data clean room can provide additional modeling capabilities without compromising security or integrity.

Cookieless attribution techniques can keep you in the know.

While building a first-party data strategy is an important step to take, it doesn’t address the other major challenge—pulling customer activity data that used to rely on third-party cookies. Alternative sources of attribution can help you pull in some of the data third-party cookies used to provide.

Even without third-party cookies, every user on the internet shares some information with web clients. Organizations can look at these data points, such as screen resolution, browser preferences, ISP, installed fonts, operating system, and more, and by tracking these, assign unique user IDs to website visitors. From there, you can use these IDs to track users like traditional cookie-based methods used to provide, all while maintaining compliance with privacy regulations. As you move forward, you should also be able to tie known users to these profiles through observing their behavior—such as when a known user makes a purchase right after a profile navigates from the corresponding product to the check-out page—and from there, you can follow their data even when they’re not logged in. Custom order tracking pages can be especially useful here in letting you identify a household’s entire set of devices. Depending on your business model, you’ll likely have other places where anonymous users will identify themselves, allowing you to tie their anonymous activity to their CDP profile.

API-based tracking can also help. Through advertising and marketing data sourced directly from web servers or CRMs, you can get a better sense of who your anonymous and known users are.

The end of third-party cookies is not the end of the world.

Although challenges persist in marketing without cookies, particularly in effectively tracking users across devices and attributing conversions, this scenario presents an opportunity. First-party data, since it’s willingly provided by users, is often more accurate, and as a result, better at driving conversions.

As a partner to enterprise businesses globally, Spaulding Ridge has developed strategies to keep organizations’ marketing intelligence functions running smoothly. We’d love to hear about how you’re approaching the cookieless world—reach out to us if you’d like to talk!