Update: As of July 2024, Google has abandoned plans to phase out third-party cookies.
Cookies and the impending cookiepocalypse have been in the news for years. But do you know what a cookie is and why so many digital marketers and data privacy advocates care about them? Let’s dive in and share our “controversial” take on the matter.
What is a Cookie?
Besides being a sweet treat, a cookie in the digital world is a small piece of data with unique information stored in your device’s browser. Technically speaking, a cookie is a text file created by a website and saved by your browser. It contains pairs of key-value data, which can include identifiers, session information, and user preferences.
When you visit a website, it sends a cookie to your browser. This cookie stores information like your user ID, session ID, or preferences. For instance, when you log into a site and check “Remember me,” a cookie stores your login information. The next time you visit, the site reads the cookie to recognize you and keep you logged in.
What Are Cookies Used For?
Cookies help companies optimize website content based on your browsing history, recommend products using algorithms and data analysis, and understand your interaction with the website. For example, if you frequently visit a website for running shoes, cookies enable the site to remember your preferences and suggest similar products, enhancing your shopping experience.
Types of Cookies
There are a few ways to categorize cookies, starting with how long they “live” in your browser:
- Persistent Cookies: These cookies store data for convenient website experiences, like login credentials and preferences, and expire after a set time. For example, when you check “Remember me” on a login form, a persistent cookie saves your email address so the website can recognize you on your next visit, even after closing the browser.
- Non-Persistent/Session Cookies: These cookies are active only while your browser tab is open for the site you’re visiting. They are deleted once the browser tab is closed, making them ideal for temporary information, such as website authentication status.
How Persistent Cookies Work
When you select “Remember me” on a website, the site creates a persistent cookie with your login details. This cookie is stored on your browser with an expiration date set by the website. When you return to the site, your browser sends the cookie back to the server, allowing the site to recognize you and autofill your login information. This persistence is what keeps your email address stored in the browser for future visits.
First Party vs. Third Party Cookies
Understanding first party vs. third party cookies is crucial:
- First Party Cookies: Connected to a single website, they store login credentials and enhance navigation by keeping a shopping cart full of items as you move from page to page. First party cookies are created directly by the website you are visiting. When you enter a website, it sends the cookie to your browser, which then stores the data associated with your activity on that site. This helps improve user experience by remembering login details, language preferences, and other settings.
- Third Party Cookies: These track your activity across multiple websites, which is why you might see ads for products you viewed on other sites. Third party cookies are created by domains other than the one you are visiting. These cookies are usually embedded in website elements like ads, social media buttons, or tracking pixels. When you visit a website with a third party element, the third party server sends a cookie to your browser, allowing it to track your activity across different sites.
The Shift Away from Third Party Cookies
Many browsers are discontinuing support for third party cookies, increasing dependence on first party cookies. This shift underscores why we at Sentinel Insights prioritize data quality.
Why Don’t Cookies Matter?
Cookies sound pretty important in digital marketing. So why is this article dismissive of them?
Simply put, cookies are meaningless if no one collects, aggregates, or examines the data they contain. The real concern, especially regarding consumer data privacy, is the technologies—tags and pixels—that access and use cookie data.
A cookie can store all the information in the world, but it poses no concern if it remains isolated in your browser. The problem arises when an analytics tag or a marketing pixel captures that data and sends it somewhere else. Organizations often claim they don’t collect personally identifiable information (PII), but this policy can be easily violated when marketing technologies unintentionally access PII from a cookie and dispatch it into an analytics database.
The Real Issue: Consent Management
Imagine you manage data privacy for a major retailer. You ensure digital analytics are collected properly for various MarTech vendors across your web properties. You work with your legal team and consent management platform (CMP) administrator to map out a cookie and tag categorization schema that assigns consent preference settings to each marketing technology on your site. Your CMP is deployed on every page, and users see the cookie consent banner and can change their preferences. All seems well.
However, like most companies, you cannot easily verify if user consent preferences are honored. Cookies themselves aren’t the issue – managing consent effectively is crucial. Technologies deployed on the site must respect user preferences. Rules on how technologies should behave based on consent preferences are typically set in the tag management system (TMS), aligning each pixel and tag to the categories configured in your CMP.
Challenges in Consent Management
Like most of the inner workings of MarTech, this process is fragile. Issues arise if a tag categorization is missed in the TMS, if a web development team deploys a tag or pixel directly in the page source code rather than through the TMS, if a new developer isn’t aware of the consent configuration process, or if rules are set only on some pages. Additionally, governing page view tracking but not event tracking can result in unintentional data exposure. It happens all the time.
It is very possible that your marketing tags could be inadvertently sending PII from your users’ cookies to analytics databases without the user’s consent. Once discovered, this can be an extraordinarily costly exercise to remove . Depending on the vendor, this could mean a six-figure professional services bill or the deletion of an entire report suite of data, just to clear out the PII. You’ll also have to make changes to your tagging setup to prevent consent issues like this from happening again.
How Sentinel Insights Can Help
While these situations are common, Sentinel Insights technology can provide the monitoring required to ensure cookie data isn’t making its way to places it shouldn’t. Our platform provides you with peace of mind that your users’ consent preferences are honored and helps you better understand and leverage first party data. Reach out any time to learn more.
Disclaimer: This blog post is not legal advice. We’re technologists, not lawyers.