Google has announced its decision to block third-party cookies from Chrome in two years. In June 2021 Google announced that it is delaying its plans to phase out third-party cookies in the Chrome browser until 2023, a year or so later than originally planned. In practice, this will mean a big change in user data collection and advertising targeting, as Chrome controls nearly 70% of the desktop browser market.
After Google's announcement speculation started immediately - how it will affect programmatic buying of advertising and third-party data audiences, which mainly are based on cookies currently. Google's announcement was not surprising in itself, as it has been rumored for a long time. The positive thing is that there is a time limit now and the future can be prepared with time. The need for targeted advertising is not going away, so we believe that in the future new ways will replace the need for third-party cookies in building audiences.
We believe that the news will turn the focus more on marketers own data sources, so-called first party data, which is easier to scale and utilize. However, Google has promised that cookies will not be deleted until there are other ways to target advertising and measure performance. This is where advertisers and technology producers come together to think, and cooperation will certainly be needed. So far, the world has not changed yet, and everything still continues the same until further notice.
In the future, only secure cookies will be forwarded between sites
Attention should now be turned to more urgent matters first. Indeed, already 4th February Google has announced that Chrome will support the sharing of cookies between sites only when cookies are protected. In practice, the site must have a valid https protocol and the correct definition of the samesite-attribute in order for cookies to be passed from one site to another. Google has said that it will primarily implement the change as a security to prevent spoofing of cross-site requests. However, in the light of the previous announcement, it is clear that this is the first step in disabling third-party cookies.
The SameSite attribute gives Google an easy way to identify third-party cookies and their purpose. Marking cookies as "SameSite = strict" restricts cookies to the same site they are created on. Also, the attribute "Same Site = lax" in the same way to restrict sharing between sites, but allows certain exceptional cases, the sites sharing a third-party cookies. The "Samesite = none" attribute, on the other hand, is most permissive. It allows third party cookies to be freely transmitted between sites as long as they are secure. Starting February 4th, the “lax” setting will become the default setting for Chrome for all third-party cookies that do not have the SameSite attribute. With the promise of a change in two years' time, it is anticipated that Google would block cookies transmitted with the None attribute. Thus, the changes that come into effect with the 80's browser version of Chrome are now considered a deliberate move towards a future plan.
SameSite update deadline is around the corner and cannot be ignored. It is wise for everyone in the supply chain to check the cookies that they themselves read and write. Of course, it is not enough to be awake yourself to the need for change, but all partners must be. Otherwise, the effectiveness of cookie synchronization in the operating chain will be significantly reduced. Also remember that the “Samesite = none” attribute will not work unless the cookie is marked secure (HTTPS). There will be no error messages that will warn you if the cookies do not pass, so you have to make sure everything is fine.
For the future, keep your eyes and ears open. It is likely that cookie-related updates to Chrome may take place before the 2023 deadline. Because Chrome has such a large user base, each change to the browser will usually have an impact on advertising, media business and website monetization.