Why Google Banning 3rd Party Cookies Will Change Advertising Forever

April 12th, 2021

In January 2020, Google made a huge announcement that it’s banning third-party cookies in its Chrome browser. And that’s set to happen in 2021. 

The search engine giant joins other big names in tech, including Apple and its browser Safari, to move away from the infamous tracking technology.

Online privacy is an increasing concern for users, tech businesses, and governments. With pressure on Google to increase user privacy, third-party cookies will soon disappear. 

And while this ban does mean a new era for advertising, it doesn’t mean advertisers will have no user tracking options. 

How so? In this guide, we explain what’s in store with the upcoming changes to Chrome, how you can adapt to them, and what’ll replace invasive cookies.  

Why Is Google Banning Third-Party Cookies?

cookie banned

Google’s ban on third-party cookies is primarily down to privacy concerns (or so Google says), as cookies track users online by monitoring their browsing history.

Other browsers, such as Safari, Firefox, and Brave, already block third-party cookies. Google is now playing catch up. 

Although to clarify, it’s Chromium that’ll drop support for third-party cookies. Chrome is built on Chromium, as is the Microsoft Edge browser. So, it’ll also have the same issues. 

But what are cookies? They’re text files made up of strings of text, usually containing a website name and a unique user ID. 

And how do cookies work? Well, when an online user visits a website it downloads a cookie to their device. 

If the person visits the same site a few days later, their device does a quick check to see if there’s a relevant cookie stored. If it’s there, it’ll send the data in that cookie to the site. Why? So the website understands the user has visited before.

There are two types of cookies: 

  1. First-party: This cookie is set by a domain you visit. For example, when you visit Amazon.com, Amazon will set a cookie to remember your login details. 
  2. Third-party: This cookie is set by an external domain through the site you visit. For example, Amazon runs Facebook cookies to promote products you search for in your Facebook feed. 

Advertisers use third-party cookies on their sites from adtech businesses such as DSPs, SSPs, attribution platforms, and various others. 

While this is great for advertisers looking for granular data, the adtech industry has also turned it into an easy opportunity to harvest data.

And it does this on a massive international scale, without regard for user privacy or personal information. This means those adtech and martech platforms end up with huge amounts of sensitive data that, really, they shouldn’t have access to.

So, third-party cookies are a problem as they provide businesses with personal information on many millions of users, without the explicit consent of the end user. In cases where consent is given, it’s often so confusing users don’t know what they’re agreeing to.

And the use of third-party cookies creates online ads that compromise billions of data points.

Adtech businesses can trade personal data to advertisers and essentially sell your profile to the highest bidder. The type of sensitive information they can gather includes:

  • Browser history
  • Search engine usage
  • Private details (such as health, sexuality, political belief, religion, etc.)

The reality is, most online users don’t want their names adding to marketing lists. And they also don’t want big businesses knowing about personal life details. Neither do regulators, as it turns out.

Google is under pressure to act on growing international laws, such as EU directives like the General Data Protection Regulation (GDPR). 

Along with GDPR in Europe, there are equivalents all across the world. Including Brazil’s LGDP, Thailand’s PDPA, Singapore’s PDPA, and South Africa’s POPIA. 

There’s also the Data Protection Law Enforcement Directive. It says:

“The EU Charter of Fundamental Rights stipulates that EU citizens have the right to protection of their personal data. The data protection package adopted in May 2016 aims at making Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU and regardless of where their data is processed.”

In the digital advertising era, the erosion of trust between online users and businesses has led to Google’s third-party cookie ban. Put simply, advertisers have abused the data provided by cookies for too long. They’ve had their fun, now it’s time to stop it.

To tackle the issue, it’s created an initiative called Google Privacy Sandbox. It includes innovative concepts that’ll bring about a new era of online privacy and advertising. 

What’ll Replace Third-Party Cookies?

Google will phase out third-party cookies in the Chrome browser with privacy-preserving APIs (application programming interfaces). 

It’s already started rolling out new privacy features. Google Consent Mode launched in September 2020 and lets websites gather non-identifying data. You can pick these options in Google Tag Manager. 

But that’s only one small step in Google’s plans to improve online privacy. The search engine giant’s privacy-preserving browser APIs are central to its long-term goals. 

And so the Google Privacy Sandbox initiative will focus on delivering ads to large groups of users, all without collecting identifying data from Chrome. 

The task on Google’s hands is to do this while still providing advertisers with crucial conversion metrics. But it also has to provide user anonymity on an individual level, all while websites collect user data.

The search giant has a lot of ground to cover over the next 12 months. Is it on the right track?

Are Privacy-Preserving APIs The Way Forward?

Google clearly thinks so. The technology removes many privacy concerns and will allow advertisers to continue doing their jobs. With, more or less, the same results. 

Google said in the January 2021 post building a privacy-first future for web advertising:

“Technology advancements such as FLoC, along with similar promising efforts in areas like measurement, fraud protection, and anti-fingerprinting, are the future of web advertising and the Privacy Sandbox will power our web products in a post-third-party cookie world.”

Google’s plan is to prevent individual tracking. So, it’s come up with sophisticated techniques to get around the third-party cookie issue. Here’s the lowdown. 

Google’s Privacy Sandbox

google privacy sandbox

The Sandbox is Google’s set of initiatives to end third-party cookies by introducing privacy-preserving browser APIs. The search giant is looking to overhaul:

Sandbox will set new industry standards, with third-party cookies banned for good. 

In their place? Several new APIs, from which advertisers will receive aggregated data about how well their ads are doing and who’s buying from them. 

However, there won’t be individual identifiers. Users will instead come across as an “entity”, with key data grouping relevant users together for advertisers to target. 

In other words, Google will use anonymized signals in a user’s Chrome browser to make its advertising platforms work. 

It’s something the search engine giant already does in Google Analytics, where it doesn’t display any identifiable information about users. 

And this is definitely the end of third-party cookies. But what can we make of the APIs set to replace them?

Well, Google has a habit of naming its technological innovations after birds. 

From Penguin to Hummingbird in the world of SEO, now we have privacy-preserving APIs all named after birds as well. Let’s take a look at the first one.  


Federated Learning of Cohorts (FLoC) will work by gathering data on a user’s browsing history.

This will help advertisers to reach target audiences with relevant content and ads, minus any privacy concerns. Google said in a January 2021 post building a privacy-first future

“Our tests of FLoC to reach in-market and affinity Google Audiences show that advertisers can expect to see at least 95% of the conversions per dollar spent when compared to cookie-based advertising. The specific result depends on the strength of the clustering algorithm that FLoC uses and the type of audience being reached.”

The idea is to group users into “flocks”, which will be giant groups of users with similar interests. Advertisers can then target these flocks for marketing purposes. 

User accounts are: 

  • Anonymous
  • Grouped by interest
  • Processed on-device (that’s instead of broadcast over the internet)

With individuals hidden in a huge crowd and on-device processing, this should keep a user’s web history and identity private. 

Although Google believes this is one solution to third-party cookies, there is some criticism. 

Digital rights organization Electronic Frontier Foundation suggests it’s the equivalent of a “behavioral credit score”, comparing it to a tattoo on a user’s head with specific information that isn’t good for privacy. 

These concerns are echoed by many in advertising, as it’s unclear if FLoC will add users into sensitive groups. Such as protected classes including age, sexuality, gender identity, religion, disability, and pregnancy.

It’s this uncertainty that means Google currently can’t test FLoC in the EU, as its technology isn’t GDPR compliant.

So, is FLoC as privacy-preserving as Google claims? While advertisers will only have access to anonymized cohort data, the search engine giant can still access user history and the data stored in a browser’s cache. 

This means users will have greater privacy from advertisers, but not from Google. 

As it stands right now, FLoC is set to provide a system for advertisers that’s similar to real-time bidding. But it remains a controversial API.


Google’s proposal for ways in which advertisers can create, and then deploy, ads to their audiences. Minus third-party cookies.

FLEDGE is the First Locally-Executed Decision over Groups Experiment. 

It’s Google’s retargeting solution and it’ll deliver behaviorally targeted ads through on-device auctions. It works in five steps:

  1. Chrome records an interest group
  2. The seller runs the on-device auction
  3. Buyers provide ads and bidding
  4. Chrome picks and renders the winning ad
  5. Reporting is delivered on seller and buyer event

Google is still receiving feedback on this idea. There’s currently no indication when FLEDGE will be available in Chrome, but expect early forms of the API later in 2021. 

Conversion Measuring With Google’s New APIs

How advertisers will measure campaign performance is another essential consideration for Google. 

Its upcoming APIs will use privacy-preserving techniques such as:

  • Aggregating information
  • Adding noise
  • Limiting the amount of data sent from a device

The search giant is still in the process of determining which conversion measurement APIs are most suitable. 

Currently, it recommends Google customers use site-wide tagging or Google Tag Manager to minimize any disruptions. 


Google is aiming to protect uses from hidden data sharing techniques, such as using an IP address from a device to identify someone. 

Gnatcatcher is Chrome’s effort to stop that. It’ll help to mask someone’s IP address to protect their identity. This is an ongoing project and isn’t finalized.

When Will The New APIs Arrive? 

The first iteration of new user controls could begin from April 2021. 

However, there’s no fixed date for any of its APIs. Other than to ensure third-party cookies are gone for good before, or during, 2022. 

But it isn’t the complete cookie apocalypse, as first-party cookies will remain. Google’s goal is to remove individual identifiers. 

For advertising, it still means a major overhaul to the old way of things. And the browser APIs will shape your campaigns as soon as 2021.

Are Google’s Changes Really About Privacy? 

google privacy changes

Is the third-party cookie ban a privacy play by Google? Or is the search giant cementing its market share by locking out key players? 

Google has announced it won’t support other ID models, such as those created by Criteo or the Trade Desk. 

Criteo is backing the third-party cookie-free tracking technology Unified ID 2.0. It’ll identify users based on their email addresses. 

Of this, Google has stated in charting a course to a more privacy-first web

“Other providers may offer a level of user identity for ad tracking across the web that we will not—like PII [personally identifiable information] graphs based on people’s email addresses. We don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long-term investment.”

Meanwhile, the Competition and Markets Authority (CMA) in the UK is already looking into Google for anti-competitive practices. 

From the January 2021 press release CMA to investigate Privacy Sandbox

“The project is already under way, but Google’s final proposals have not yet been decided or implemented. In its recent market study into online platforms digital advertising, the CMA highlighted a number of concerns about [Google Privacy Sandbox’s] potential impact, including that it could undermine the ability of publishers to generate revenue and undermine competition in digital advertising, entrenching Google’s market power.”

The investigation began after marketers from Open Web Limited, newspaper publishers, and technology companies argued to the CMA that Google is “abusing its dominant position”. 

The CMA added the investigation is ongoing and there are no conclusions over whether Google has infringed on competition law.

How The Advertising Industry Will Change

The ban on third-party cookies will inevitably lead to a major upheaval in the way online advertisers work. 

The advertising industry will have to adapt to different attribution models, based on where campaigns are running. 

You’ll have to become heavily reliant on large publishers like Google to reach potential customers. So, the third-party cookie ban should place Google in a position of more power. 

But you can view this as a new lease of creative life. Instead of obsessing over the short-term benefits of third-party cookies, it’s a chance to set long-term goals.

Users are often followed around online by unwanted ads. Other campaigns send irrelevant traffic to landing pages. 

With the ban on its way, you’ll need to work smarter as an advertiser. 

Focusing on context-based ads will be one way forward. That’ll let you use insights from first-party cookies to communicate with users in a more realistic way. 

The industry will have to adapt towards inventive branding. Brands will need content that engages like never before, relying on creativity over personal data mining. 

However, we can’t rule out a possible transition away from digital back to more traditional advertising, such as with billboards, radio spots, print ads, or direct mailings. 

There’s also the further possibility advertisers will take digital’s attribution models and apply them to these older advertising techniques. 

For example, targeting billboard ads in relevant areas where there are likely to be relevant customers. Or developing out an email list to target with relevant, personalized direct mail. 

But what is clear as third-party cookies reach the end of their road? 

User consent is here to stay. Users will say yes or no to advertisers looking to collect personal details. And the sooner you adapt, the better your campaigns will become.  

What Should Advertisers Do For Now?

Now’s the time for you to consider new data solutions that’ll survive the demise of third-party cookies.

What you should do is prepare for the future. Here are a few steps to follow to make the transition easier: 

  • Collect data: Create first-party data by yourself. This way you can capture important information, such as with email lists. 
  • Follow the news: Google is updating the world with progress all the time, so follow the news to keep up to date on Google Ads & Commerce
  • Update your clients: The new APIs could well affect your workflows, so if you have clients now is the time to prepare an overview of the ban and how it may affect their paid search, display, and video campaigns. 

We can expect the APIs to start rolling out in 2021, with Google’s set date of no later than 2022.

Ultimately, you’ll be able to target relevant audiences. But you’ll be going about the process in a different way.

Just remember there’s still a great deal of uncertainty about how the third-party cookie ban will play out. Even Google isn’t 100% on delivery dates and timelines. 

But more will become clear in the not too distant future. 

In the meantime, keep an eye on the latest developments. We’ll cover them all on the Lunio blog, so you won’t miss anything ahead of the new era of advertising.

Stop All Advertising Fraud in Seconds