In 2024, a big change is coming– the start of Google’s third-party cookies phase-out which marks a major shift in digital advertising and website tracking. Google has already testing this since January 4th, so the time without cookies is getting closer. What does this bring to the online advertising world? What can publishers and advertisers expect, and how can they prepare for Google’s total shutdown of third-party cookies?

Podcast Transcription

What are Third-Party Cookies?

Berns San Juan: What do you guys think marketers and Sesame Street have in common? And the answer is they both have cookies. So what are cookies? In a nutshell, these are tokens that websites use that help them remember who you are as a visitor. Take note that the purpose of cookies originally was to enhance your experience as a user of a specific webpage.

So in real-world terms, think when you’re trying to book a flight and the forms are pretty filled out with your information so you don’t have to fill out, I don’t know, seven fields and so you’re spared that because the website remembers who you are. Think of pre-filled shopping cart information. Like, for example, if you check anything out on Lazada, or Shopee, if you’re not from the Philippines, Amazon, right? And it already knows your address, it already knows your payment details, those are remembered by cookies. Think of going to Nike.com. In my case, I love how they feature running shoes whenever I’m browsing the website. And I love the fact that they don’t feature basketball shoes for me because I don’t play basketball.

So those are what cookies were originally meant to do. Over the years, it has been used for other use cases. So one might argue use cases that are more self-serving than user-serving. And they can track more than you think. Take for example, they can track your device ID, your location, course or precise, the site where you were from, the site you’re going to, your phone number, your search history, your browsing history, the common keywords that you put in into either site searches or Google searches, your purchases, and so on. And don’t worry, I’ll have a few more practical, accurate examples of this. So take this as an extreme example.

There is a private messaging service, it’s called Signal, if you guys still remember, and Signal as a messaging app only utilizes your phone number. That’s it. The only piece of data about you that Signal captures is your phone number. Now, use another tool like let’s say Facebook Messenger. And what you’ll discover is that while you’re messaging with your friends, your relatives, your loved ones, Facebook is also extracting your physical address, your email address, your name, your phone number, your user ID, your device ID, your purchase history, your financial data, your precise location, your photos, your videos, your course location, your contact data, photos and videos, your gameplay content, your search history, your browsing history, product interactions, crash data, ad data, and device performance data.

Think about that. Why would Facebook need these pieces of information and why would you permit them if your only intent was to message friends, relatives, and loved ones? So over the years, I think like me, users have started to mine. And we’ve started to mine being commoditized and we’ve started to get sick of our data being sold. Now think about it for a second, this hasn’t been a big issue in the Philippines, right? We don’t get a lot of robocalls, we don’t get a lot of spam. Yes, scams are like there are online scams in the Philippines but they’re not that prevalent until recently.

So in a report in September of 2023, last year relatively fresh, Rappler published a report that said that Filipinos lost more than 155 million pesos due to online scams, due to identity theft. My personal opinion is that this figure is probably largely underestimated and underreported because note that the Philippine economy turned over 400 billion dollars at the dawn of 2023. It’s going to be larger in 2024. And the digital economy of the country is about 10% of our GDP, less, about 9%, so about 34-35 billion US dollars. If the damage caused by online scams is 155 million pesos, you’re talking about 0.07% of GDP or 0.8% of the digital economy, which I believe is optimistically small.

So these are due to phishing, account theft, fake sellers, and I could go on and on. And if you think about it for a second here, if you guys use WhatsApp, have you guys gotten an anonymous WhatsApp call offering you some air quotes digital job, right? Have you guys gotten other weird job offers? Have you guys been getting SMS messages that say your parcel could not be delivered? Click here to complete the delivery. All of these are phishing, scams, and whatnot. How do they get your number? And in the case of the WhatsApp example, they don’t just message you, they tell you, hey is this Mr. ABC? How do they tie your name to your phone number?

So that’s because these guys are… your A, you’re probably leaving your trail all over the place, that’s one. But two is that there are people that collect the snippets of the data, you leave around the internet and sell it, you know, and they sell the info and these become the mailing list, the texting lists. Now, not to say that we haven’t made progress. After all, Facebook’s latest features were air quotes, and privacy, right?

As an exercise for this episode, I did an exercise where I used a cookie tracker on my browser and so I did a Google search. As soon as I did a Google search, I got six cookies, not bad. That’s not a lot, but that’s not bad. And all of these cookies were Google cookies. I followed the search results. I think I clicked the third result of the search and I followed the results to go to a data statistics website and bam, I got 23 more Google cookies, 11 Facebook cookies, 18 LinkedIn cookies, 9 YouTube cookies, 4 double-click cookies, 9 Hot Jar cookies, and 10 MailChimp cookies, all deposited into my browser.

I’m not on LinkedIn, I’m on a data statistics website. I’m not on YouTube. What is a YouTube cookie doing on a non-YouTube website, right? And these are what we call third-party cookies. They’re the cookies that don’t belong to the brand or to the company that you thought you were interacting with. It’s like grabbing a packaging of Chips Ahoy and then realizing that it’s not just Chips Ahoy cookies in there, you also have other branded cookies, cereals, Frosties, Gummies, and whatnot, all in the same packaging, and none of which you expected.

So with that very long intro… Hi guys and welcome to another episode of the Truelogic DX Podcast. And today we’re talking about cookies and privacy. So let’s talk some more about privacy and how much progress we’ve made with it.

Our Progress in Privacy

the @ sign as a padlock with a key inserted

Let’s face it, the privacy issue on the internet, that’s not a new thing. After all, DuckDuckGo’s mission was to provide private search experiences and DuckDuckGo was built in 2008. Before all of these scandals about privacy, privacy was already a major issue on the internet.

The first major mainstream progress on privacy though was delivered to us courtesy of the EU and this was the GDPR regulation. And if I’m not mistaken, I think that happened in about 2018. I remember having a lot of US clients and a lot of EU clients asking me to make their websites GDPR-compliant. I must have done over 50 projects related to GDPR and GDPR compliance of websites.

Now as if on cue, the Firefox web browser the following year, so remember GDPR was 2018, the Firefox web browser by default prevented third-party cookies or automatically blocked third-party cookies and that was 2019. Google also started making statements about privacy as early as 2019. But take note that the keyword here is announcement. So they didn’t deploy it, they announced it. Apple, I would say, is the other major development when it comes to the progress of privacy when Apple deployed the auto opt-out of IDFA on iOS 14.

So, it was pretty controversial and I’m sure I ran an episode on it. We, like, I think it’s the Facebook versus Apple episode where Facebook ran a full-page ad saying that they were standing up to Apple for all small businesses around the world. And the IDFA opt-out sort of started a war between Apple and Facebook and then Google announced the AAID deployment with the deployment of Android 12.

So again, not to say that we haven’t made progress, I think we’ve made some pretty good progress when it comes to privacy.

Why Google Is Phasing Out Third-Party Cookies

Now this is coming up again because Google’s privacy sandbox is supposed to be deployed in 2014. To a degree, part of it is in compliance with some laws in the UK, but Google is supposed to phase out third-party cookies. I’m saying it’s because they were supposed to do it on January 8th 2024.

A lot of websites still have not managed to comply with these. But Google says it has officially started phasing out the use of third-party cookies. And, you know, this will include the Chrome browser. The ramp-up to 100% of users is estimated to happen sometime around Q3. And if websites that are not compliant with Google’s privacy sandbox are still not compliant. Google is telling them they need to submit a notice requesting to extend it to December 2024.

Now, the interesting thing is this, right? Victor Wong, who is a senior director of product management at Google, said, quote, “We’re aiming to make it possible to show relevant ads without showing who the user is. And so the user hopefully will see relevant ads still after we make this change fully.” And this is where I love Google to bits, right?

To me, this is reminiscent of the Panda algorithm that they deployed, I think, between February to March 2011, where what the Panda algorithm did was it essentially kill low-quality websites. It removed them from the index, it rated them as low-quality, and search results became so good that Google actually lost revenue because there was no point in clicking the ads since the organic results were so good. Google actually paid a price to roll out the Panda algorithm. And this reminds me of that, right?

Google is saying, okay, we get it. We might take a hit in terms of ad revenue, and ad spend, but we’re making a bet that this is an improvement in a user’s online search behavior. And to me, that’s terrific, right? Now, according to HubSpot, 41% of marketers believe their biggest challenge after this rollout is going to be their inability to track the right data. And I think it’s most probably because a third party, they’ve relied on third-party cookies, they’ve also relied on third party data by and large to enable cross-site tracking, to enable, I would say, better targeting. And to that what I’ll say is, well, boohoo, right?

I’ve always been an advocate for captive data. I’ve always been an advocate for using your own proprietary data. Don’t rely on third-party data. In fact, with most of the clients that we help, we don’t sell them, offer them, install them, or build a marketing plan around third-party data. All of the audiences we target are audiences that were built organically by their website or their other assets.

So, in the worst cases, third-party cookies are used to track users around the web. John Oliver had a great episode about this with data brokers, where supposedly your data is anonymized and then aggregated. But in reality, when people wanted to find Hispanic people in financial dire straits and therefore payday loans in a certain zip code, they found a list. Pregnant women in a specific zip code, and they found a list. Senior citizens with cancer and they found a list. So being able to buy lists that have your most private intimate information is not very difficult right?

This is actually what the privacy act of the Philippines prevents and you know which is why I like it. Like the fact that we forbid companies from collecting our information and distributing it or making a profit out of it. That practice is illegal in this country, right? And so to me, I think that is terrific. So as privacy improves, how does this phase-out impact you, the business owner, the entrepreneur, the brand leader, right?

How Does the Phase-Out Impact Brands

1. Less Precise Targeting

If you have been relying on third-party data and third-party cookies, be ready to see less precise targeting. So that means your ROI is probably going to go down a bit. You will lose the ability to track individuals across websites. So let’s say you’re Nike and you realize that when people exit your website, they go to Adidas, right? And you’re not doing that, your website’s not doing that. That’s being done by a third-party cookie on your website, which informs you. Or you’re Nike and you know that when a user logs into your website, they also have three other sneaker brands that are open and they’re actively comparing your users.

And so what you do is you try to design your website to prevent that behavior or discourage that behavior. So you wouldn’t be able to do that anymore. You would not be able to know which users log into your website for price comparisons with competitors or people who compare your website to aftermarket websites. And so you would be able to target people that say, look for the GoFly Ease or people that look for the Nike Zoom 5. You know they were on your website and they looked at that product, but the moment they exit, they’re gone.

So you’re not able to do hyper-targeted advertising to audience types. You can do hyper-targeted marketing to your visitors who executed a specific behavior but not necessarily to users who have a specific behavior outside your site.

2. Shift to contextual targeting

Next, the way you distribute your content might have to be more contextual than audience optimization. So when we do paid ads, what I try to remind people is the biggest difference when you do social media ads and when you do paid ads is that you’re not just optimizing the ad and you’re not just optimizing the budget. You are also optimizing the audience. In this case, you would limit your ability to optimize for audiences.

So you can no longer tell Google, or let’s say you can no longer have the ability to tell Facebook, I want to advertise these products to moms between the ages of 25 to 30 living in NCR. It would not be that precise it can be a bit more precise than that, but you wouldn’t be able to make that specific audience definition anymore. Instead, what you’d have to do is I would like these ads to appear on mom and mom-related websites, neonatal websites, pregnancy websites, on baby name websites, and I would like to spend X.

You’re not making a selection of who sees the ads, you’re making a selection of the placement of the ads. And so that’s what contextual targeting will mean. What this also means is, again, as I’ve been harping on for like four or five years now, first-party data, proprietary data, and captive data become crucial. I’ve always been a fan of my own data. If you are Metrobank and you want to market, let’s say, your titanium world card to your travel card users, that’s perfectly fine, right? Because it’s your list. It’s your travel card list.

And it’s the businesses that have good databases, good information about their customers and their users that will come out winners from this change.

3. More Spammy Ads. Competition for attention.

We might have to put up with more spammy ads though, right? YouTube is currently bad enough. And I wish I could turn it off, right? It’s nothing like $4.50 a month is nothing to be spared from all of these spammy ads. But as a marketer, I need to see the Google ads.

But it will increase the competition for attention. Now, unfortunately, it is the bigger brands, the guys with very deep pockets that can throw money at a problem that will benefit from this. Because with less personalized ads, with less targeting, brands will inevitably flood the market with budget just so that they can get more eyeballs and play marketing like a numbers game.

4. Measurement and attribution difficulties

The other thing that it might do is for companies like us, it might make measurement and attribution more difficult, right? As certain cookies are disallowed, as let’s say HubSpot cookies are disallowed, which means the CRM is not able to do such a good job as it does today, we might have more difficulty when it comes to gauging the success of marketing efforts with doing post-mortems on marketing campaigns and so on and so forth.

So, what should you do?

Starting in Q3 of 2024, Google plans to expand third-party cookie removal to 100% of Chrome users. And then, of course, this has to be reviewed by regulatory authorities. So if I were you, I would start reviewing your marketing campaigns and trying to discover which tools require the use of third-party cookies, and what campaigns rely on the use of third-party cookies so that you can anticipate what kind of handicaps you might encounter by Q3 of 2024. That’s one.

Two, if you media buy and you don’t understand how your media providers acquire your audiences to target, this will affect you. And so if you don’t have a significant amount of captive data, begin developing the volume of your captive data now. And then three, how do you prevent this from impacting you? Simple, and I said it already, and I’ll say it again. Captive data.

All of these privacy updates, for example, when Google rolled out iOS 14, guess how much of our marketing campaigns got affected? Like nada because we’re not reliant on the data that’s captured by the IDFA, right? All of the audiences we target are audiences that behave in a certain way on our assets or our website. So all of these privacy updates don’t prevent you from collecting data about your users as they are on your website, it does discourage you from buying or selling user data.

It discourages you from buying, I strongly discourage you from selling because it’s not legal in the Philippines. So if your digital efforts are built around your customer data and not third-party data, you’re probably going to be fine.

So with that being said, thank you for joining me for another episode of the Truelogic DX podcast. If you want to continue the conversation about privacy and cookies, or if you have comments regarding what we talked about or what you want us to talk about, feel free to reach out to us. We do look at your comments. Subscribe to our Spotify, Google, and Apple accounts so that you can get alerts whenever we publish a new one. It’s available wherever you listen to your podcasts. Send a shout-out to our marketing team and Pod Machine for continuing to produce this. I’ll see you in the next episode.