Optimizing paid ad campaigns with cookieless tracking in a post-third-party cookie world
Quick update: Google announced recently that they are delaying the phasing out of third-party cookies. This is an effort to buy time to balance out the advertising industry’s needs and that of privacy advocates. This buys advertisers some time, but the phase-out (in whatever shape it comes) is still around the corner. It’s useful to prepare for this eventuality. Let’s see how, below.
Advertising has evolved from mass broadcasts to individualized targeting. Earlier, advertising success used to come easier with limited media channels like early TV and radio, because of their sheer novelty and lower competition rates.
As newer digital mediums came, they also brought an overload of choices –– for both consumers and advertisers. Eventually, the mediums became more sophisticated and more fragmented, transitioning our behaviors from being more mass-oriented to more individualized.
Meanwhile, advertising became more accessible to all kinds of businesses, and demanded a more targeted way of being circulated. This would also promise better ROIs for advertisers. We are at a point when segmentation and personalization allow advertisers to not only target specific customer bases, but pinpoint a user to show them the right ad at the right time.
This is made possible with a vast structure of digital surveillance, where widespread digital enablers, like the Google ecosystem, use tech to track what their users are doing across websites and devices –– without the user’s explicit knowledge.
Such digital surveillance essentially builds very sophisticated and individualized user profiles, learning everything about our lives and behavior patterns –– our favorite color, our preferences, or on which day we talk about buying socks.
On the other hand, audiences are far more knowledgeable and demand better standards that resonate with their values and preferences. This tug of war between Google Chrome and privacy advocates has led to a time where privacy-consciousness is at an all-time high, and rightfully so.
Naturally, internet-users and governments are unhappy and this made Chrome take down their abundant usage of third-party cookies –– a key element of the tech that makes digital surveillance our daily reality. The “pinpointed advertising” culture has now taken a massive hit.
Let’s explore what we can do as digital advertisers to stay relevant, while respecting user-privacy and staying compliant with privacy-preserving regulatory bodies.
- What’s this babel about third-party cookies affecting advertisers?
- Replacements of third-party cookies
- How can digital advertisers adapt?
- From Mad-vertising to Advertising
- Parting words
What’s this babel about third-party cookies affecting advertisers?
A third-party cookie is a tracking code that is set up on a visitor’s browser and device by a foreign party other than the website that’s being visited. These cookies track individual user behavior across multiple sites and devices, and unlock comprehensive insights into their online activities and interests.
This data is utilized to create valuable individual user profiles, and understand their behavior patterns and, in turn, behavior predictions. Such insights empower the ad tech to be able to predict clickthrough rates, and help advertisers optimize their ads and targeting reach.
A big use case of that is remarketing campaigns that show “reminder” ads to an audience who have engaged with a brand once but haven’t taken a desired action such as signup or purchase. This won’t be possible without third-party cookies, which provide advertisers with the intelligence to locate previous web visitors and show them their ads.
In the offline world, it’d have been like putting an undercover tracker on a customer that came to your grocery store and left. This tracker is engineered by a company that specializes in monitoring people’s behaviors and creating detailed profiles.
Once a customer leaves the store, even if they didn’t buy anything, the tracking company (which also works in advertising technology) helps the store’s advertising manager. They can follow the customer’s journey beyond the store, continually showing them personalized ads for the store, enticing them to return and make a purchase.
That undercover tracker is a third-party cookie in a nutshell. Mostly, advertisers don’t employ them directly. This happens automatically, behind the scenes, 24x7, through Google’s services. To put into perspective, websites employ such third-party cookies on a user’s browser through a code snippet from Google Analytics, or an embed from a YouTube video –– whether explicitly disclosed or not.
Since Google also operates a vast network of Android apps, search engine, and other services to gather loads of first-party and third-party data on individuals, it helps it make its advertising reach and effectiveness very targeted and robust –– something advertisers bear the fruit of.
For this privacy-intrusive nature of third-party cookies, they have been actively criticized by digital privacy advocates. This led to the formation of regulatory bodies like the GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), that made the collection and usage of personal data of online users much stricter.
We explain more in depth about third-party cookies, the role of Google in surveillance capitalism, why Chrome is having to phase them out, and what it means for digital marketers in this article.
All in all, if you use Google’s advertising services — such as on Google Search, YouTube, Google Display Network, Google Shopping, Google Play, and Local Services — and especially rely on remarketing ads to convert sign-ups or other actions, you may need to revisit your advertising strategy because Google Chrome has slowly started phasing out third-party cookies and plans to complete the process in early 2025.
Replacements of third-party cookies
As third-party cookies saw a looming demise, many tools and services –– some by Google itself, and some by other organizations –– jumped to save the day. The solutions aim to replace the third-party cookies by doing the same job as they did, by being more compliant-friendly.
Many of these alternatives are not truly privacy-friendly but are more compliance-friendly due to the strict nature of the aforementioned regulatory bodies. Let’s explore:
Privacy Sandbox
The Privacy Sandbox is Google’s initiative to build a more private web. It has certain APIs to help advertisers, while staying compliant with regulatory bodies.
In short, the approach followed by them prioritizes concealing personal data points of the Chrome-users, but still tracks our cross-site behavior. So whether they are truly privacy-preserving or not is debatable. Let’s explore the four main advertising APIs that replace the traditional third-party cookies:
Google’s Privacy Sandbox APIs for private advertising
Topics API
This proposal talks about tracking a Chrome user’s cross-site behavior but promises to only note the “topics” of the kind of websites they visit, and not “identify” a user. For eg. If I browse websites related to travel in Europe, Chrome would note that as a topic. This information would be used to show me relevant and “safer” ads.
Protected Audience API
This proposal essentially shifts the power to see ads into the hands of the end user’s browser.
Here’s how it works: When a Chrome-user visits a website that sells products, like an online chocolate store, a piece of JavaScript code on the site notes your interests based on what you look at — for example, milk-based chocolates.
This preference is “securely” stored in your browser, not on any external server. Then, when you visit another website that displays ads, the system uses the preferences stored in your browser to show you ads that match your interests, like those for milk-based chocolates.
Private aggregated API
This API collects data about what pages you visit and what items you are interested in, when you visit different websites on Chrome.
Instead of keeping specific notes that could identify you personally, it mixes your activities with data from lots of other people. This way, the participating websites get a big picture of what’s popular or not –– the “aggregated data” –– without knowing specifically who likes what.
Attribution Reporting API
This API supports conversion measurement for Google Ads. Advertisers would need to embed specific tracking information within their ads.
When these ads are displayed on publisher sites, any engagements (clicks or views) would be logged by the user’s browser. If the user ends up performing a conversion action on the advertiser’s site, the browser matches this activity with the ad interaction to attribute the conversion accurately.
Concerns with these APIs
Keeps the user in gray
Once the advertiser activates the APIs, they are implemented automatically in a visitor’s Chrome browser. The technical jargon and complexities involved can make it difficult for Chrome-users to understand, or even discover, they are being tracked behind the scenes and if they can control it.
Lack of transparency
There is a lack of transparency about how Google servers really process, mine, and store this data behind the scenes. This makes it uneasy to trust Chrome with personal data.
Miss the mark
These proposals still don’t meet the ask of Chrome users to not be covertly tracked anyway, and raise concerns on tracking browsing habits, including exposure of sensitive information that a user might be browsing about.
Too volatile for advertisers
Even for advertisers, the APIs don’t present very lucrative alternatives to third-party cookies because of their inability to meaningfully understand an end user’s nuanced interests and rightfully balance effective advertising with user privacy.
Moreover, if the new APIs aren’t widely adopted by advertisers, or if adoption rates vary significantly, it could lead to a fragmented market where different parts of the internet measure and value ads differently.
IMHO, if these proposals were to be implemented with privacy-by-design principles, the functionality in Chrome to automatically track its users’ browsing habits would have been turned off by default. This’d give users the choice to opt-in to being tracked and shown relevant ads, rather than requiring them to discover these practices themselves and opt-out later.
Such an approach could have truly empowered users, providing them with more control over their personal information and aligning better with the intent of privacy-friendliness –– the nucleus of the ongoing ruckus.
Publisher-side tracking
Ad publishers or sellers are the websites that display ads of an ad buyer, to the end user. They usually have access to their visitors’ logged in data and site usage patterns. Some examples include site registrations, subscription forms, user interactions, and other first-party data.
Such data can prove to be valuable for helping with audience segmentation and targeting features in Google Ads. Any personally identifiable information, like names, emails, addresses, needs to be hashed. Here are a couple of examples of such features from Google Ads:
- Publisher Provided Identifiers, to provide unique identifiers collected by the publishers.
- Publisher Provided Signals, to provide user insights collected by publishers, such as user behavior or preferences.
Server-Side Tracking
Server-side tracking bypasses the need for cookies by moving the tracking from the client-side (a user’s Chrome browser) to the server-side (an advertiser or an ad-tech provider). The server tracks user behaviors like clicks, form submissions, or page visits –– making it all first-party to the platform.
After collecting this data, the advertiser’s server can then communicate directly with other platforms (such as Google Ads) via APIs. Sensitive information is supposed to be handled within the server’s controlled environment and can be hashed to protect identities.
You can utilize Google Tag Manager’s server side tags to make use of this functionality, directly upload first-party data to Google Ads, or utilize other services that are known to help with this functionality.
If you decide to do this, be sure to:
- Disclose how you collect, process and use your customers’ data to them. Put user consent forms into place.
- Be extremely careful with handling sensitive data and make sure that it is properly hashed before being sent to any third party.
- Put security measures in place for protecting the data from breaches and leaks.
- Carefully check for any other compliance-requirements with regulatory bodies like the GDPR, CCPA. Get a lawyer’s word, if it helps.
- Lastly, don’t rely on hyper targeting your users and being creepy on them. Show your commitment to providing a secure and nice customer experience.
Fingerprinting
Cookies store information on a user’s browser and device. Whereas, “Fingerprinting” services work by collecting various details about a user’s device and browser settings, such as screen resolution, operating system, browser version, installed fonts, etc. These data points are combined to create a unique identifier or “fingerprint” for each user without needing to store any information on their devices.
With this method, you can continue ID’ing users for targeted and retargeted advertising. However, fingerprinting raises even deeper privacy concerns because it is harder for users to detect and control them as compared to cookies. Even Google’s Privacy Sandbox blocks fingerprinting services.
Universal IDs
Universal IDs essentially do what third-party cookies do, but in a supposedly more privacy-compliant way. For eg. The Trade Desk’s Unified ID 2.0, ID5, and similar services allow various parties in the advertising ecosystem to use a common, anonymized ID to follow a user around on the web, much like third-party cookies. Such user IDs are hashed or anonymized to guarantee identity protection.
However, these solutions miss the intent of privacy advocates to protect users from being creeped upon, or shown intrusive ads. While some solutions are open-sourced, other solutions are not and raise questions on how they really process the personal data of users.
Identity Graphs
Identity graphs are comprehensive profiles of individual users, created by connecting various pieces of data collected across multiple sources. They gather various identifiers such as email addresses, device IDs, social media profiles, and online behavioral data. This information is linked to a single user profile, allowing advertisers to understand a person’s interactions across different channels and platforms.
ID graphs compile detailed and sensitive information without explicit consent from the users, leading to potential misuse or unauthorized access. Doing this in a privacy-first way is a challenge.
How can digital advertisers adapt?
Firstly, conduct a thorough audit of your current usage of third-party cookies, whether direct or indirect, and remove them.
Then, adapt newer ways as explained in this section. Since a lot of this directly affects Google Advertising, we’ll explore that first. Then, we will move on to more advertising solutions.
Google Advertising
First-party data meets Google Ads
Google Ads has plenty of AI and ML-based features that can leverage first-party data from advertisers to improve the effectiveness of results. Businesses collect a lot of direct (first-party) data from their customers, such as email addresses, phone numbers, purchase history, and user behavior on websites. You can directly upload these lists to Google Ads where they are typically hashed to protect privacy.
Typically, Google Analytics doesn’t play a direct role in this strategy and you can use these functions while using a privacy-friendly web analytics tool as well. These lists are then used to train AI models and/or to directly enhance features like bidding and targeting strategies:
Smart Bidding
Smart Bidding in Google Ads uses machine learning to optimize for conversions in each auction — a feature known as “auction-time bidding.” Some Smart Bidding strategies include Target CPA (Cost Per Acquisition), Target ROAS (Return On Ad Spend), Maximize Conversions, and Enhanced CPC (Cost Per Click).
By providing your first-party data, you can help Smart Bidding algorithms understand which types of customers are more likely to convert for you. These customer lists provide rich insights to the AI system about customer behaviors and preferences, which in turn uses more accurate and automated bidding strategies.
Optimized Targeting
This feature uses the provided first-party data to show ads to those people whose interests and attributes match those of your existing customers. Unlike this, traditional targeting relies solely on an advertiser’s chosen criteria.
This ensures that you can find newer customers who are more likely to convert because they match attributes with your existing customers.
Performance Max (PMax)
PMax optimizes campaigns across all of Google’s channels, like YouTube, Display, Search, Discover, Gmail, etc. It utilizes first-party data for Customer Matching and therefore targets or excludes specific customers or finds new customers similar to the ones in the data –– for showing ads.
Enhanced Conversions
The Enhanced Conversions feature is used to measure your ad conversions more accurately by using first-party data, such as email addresses, names, home addresses, and phone numbers, provided by your customers.
When a customer completes a purchase or signs up on your website, this personal information is collected, securely hashed using the SHA256 algorithm, and then sent to Google Ads. This helps you map conversions to ads better, and optimize them better.
P.S.
Google matches your business’ first-party data with their databases and behavioral surplus data, exposing your customers more towards surveillance capitalism. Our suggestion: Handle your customers’ first-party data very securely and be sure to ask for consent in simple, plain language.
Google ads remarketing using server-side tracking
To control the access of your customers’ data while being able to retarget them with ads, you can use server-side tagging. This will prevent Google Ads (a third party to your business’ data) from accessing your customers’ raw PII, and keep the privacy and security controls with you.
Privacy Sandbox APIs
To effectively adopt Privacy Sandbox APIs (as explained above) into your advertising strategy, start by learning their intricacies to understand how they can really help your strategy.
You can also participate in Google’s origin trials to get first-hand information and experience with using these APIs and other privacy-compliant advertising solutions that Google continues experimenting with.
You would need to implement these Privacy Sandbox APIs actively; they are not automatically integrated by Google Chrome, Google Analytics 4 (GA4), or Google Ads. It’s up to you to incorporate these APIs into your systems and strategies according to your specific needs.
Other advertising solutions worth exploring
Social media advertising
Social media platforms remain potent for targeted campaigns due to their vast first-party user data.
While many platforms like Meta and Amazon also come under scrutiny for digital surveillance and behavior modification, as long as you navigate these platforms with a clear understanding of their data use policies and maintain transparency with your audience, social media could be an effective place to advertise.
Contextual Advertising
This one is inherently privacy-first because it places your ad in a relevant environment, rather than chasing an individual to show them the ad. Ads are typically matched with the content of a web page, rather than the user’s personal data, ensuring both relevance and respect for privacy.
You can find multiple platforms that help run ads based on keywords, website themes, and the type of content users are currently viewing.
Newsletter advertising
You can advertise your product or brand in popular industry newsletters. This is a very effective and problem-free alternative because it doesn’t depend on tracking your own users or Chrome users at all.
Generally, popular industry newsletters have a highly active and interested subscriber base that can not only get you some high-intent traffic and leads, but also improve your product’s popularity.
Private Marketplace Deals (PMP)
With PMPs, you can buy ad spaces that are not available on open exchanges. These are highly relevant and contextual, closed market spaces that happen to be highly reputable sites.
If you have something valuable to advertise yourself, you can probably get a piece of this cake. You can also select where your ads would be placed, get a priority over competition, and create a premium brand.
Other browsers based advertising
Alternatives like Apple Ads and Opera Ads are much better in terms of proactively and inherently protecting users’ privacy. For eg. You can display your ads on Apple’s App Store, Apple News, or the Stocks app. Apple collects minimal data on users and only uses data necessary to deliver relevant ads, while not selling this data to any third-parties and participating in surveillance capitalism.
Similarly, you can explore other private-by-design browsers and tools that may be relevant for your industry and use cases, for advertising where you do not have to worry about putting complex privacy measures in place or putting consent forms up.
Retail Media Networks
Platforms like Amazon Advertising can also offer vast amounts of first-party data from shopper interactions to target ads effectively within their own ecosystem. If this is relevant to your product, you can check these spaces out.
Enhanced identity based ad tech tools
Other ad tech tools such as TradeDesk use technologies like the Unified ID 2.0, that mask the PII of a user but follow them across the web and device regardless. These solutions are privacy-compliant for now, but are not privacy-friendly for the user and hence not sustainable.
Exploring newer tech
As explained in the section about replacements of third-party cookies, there are several methods that continue to track users for hyper-targeted or retargeted advertising. You can integrate such technologies like fingerprinting, Universal IDs, ID graphs, etc. for your tracking and targeting needs.
Although we don’t support any tools and tech that intrude on an individual’s privacy, the end decision is yours to make. Having said that, explore open-source and privacy-first analytics tools to start replacing your Marketing stack.
Incorporate privacy-first analytics tools
There are many open-source, private-by-design, alternatives to Google Analytics. They are good enough to track essential web metrics like pageviews, bounce rates, traffic sources, exit pages, etc. that do not ever covertly track a user beyond your website.
These tools are good with providing metrics that are sufficient to optimize your web and brand experience, and also offer a cleaner UI. And they would never need you to be worried about compliances, degrading your web experience with [consent banners] (https://plausible.io/blog/cookie-consent-banners), and putting user trust at risk.
Other important things to keep in mind
- For user-consent management and other ways to optimize your GA4 account for privacy-compliance, check out their documentation.
- Update your Privacy Policies and User Agreements to reflect any changes you make in how you collect and process user data.
- Closely monitor the performance of your campaigns to adjust strategies based on the new kinds of data and reporting available.
- Keep active with the latest developments, since all the newer tech and tools are constantly evolving themselves. Stay flexible.
- Stick to the basics. Even with evolving technologies and strategies, the fundamentals of advertising remain the same. Like, with search engine advertising, your ad position continues to be determined by a combination of quality score and CPC bids.
- Stick to UTM tracking to track and attribute conversions to specific campaigns, channels, or ads. This is a transparent way to precisely monitor the performance of your paid campaigns.
Spread your assets
It’s crucial to consider other forms of marketing and eventually steer away from advertising, especially the intrusive kind. The costs of paid advertising have constantly risen, and average ROAS constantly fallen.
On top of it, people are annoyed and have ad blockers in place, while attention spans continue to be too scarce –– which ironically happened because of behavior modification from surveillance capitalism itself.
It just doesn’t make it sustainable to build a business on advertising itself. Advertising can be good for spreading the word for a newer business, or for an e-commerce business, for example. But it’s equally important to gradually utilize other forms of marketing and branding in the longer run.
The same insights that you collect about your customers could also be used to improve your brand narratives, product marketing, and personalized email marketing, content recommendations, or tailored promotions.
While you are at it, maximize the use of owned distribution channels like a community, to engage directly with your audience and lower the dependency on third-parties as much as possible.
From Mad-vertising to Advertising
We have been shown ads left right and center, and it’s gotten under the people’s skin now. The level of intrusion and at this scale, has been unparalleled. As a result, normalized advertising practices are coming under scrutiny.
Now is the time to assimilate, adjust, upgrade. While we plan for technical adjustments, it’s a good opportunity to revisit the evergreens of advertising.
Connecting > Snooping
One of the most fundamental lessons in marketing is market research. But we stop at getting a few high level data points, and compensate for the rest with employing covert tracking. We do market research or tracking, but don’t do a great job in understanding customers.
If a business can meaningfully connect with customers (through customer service or sales calls) and understand them and their needs better, then it opens doors to making emotional relationships as a brand. This encourages repeat purchases, which is proved to be based on subconscious decisions more than on rationalizations.
So if modern ads can leverage insights unlocked through such meaningful connections (not covert tracking) and appeal emotionally, then they have better odds of success.
Value-based Ads > Product Comparisons
A generic ad can bring in a good ROI, get some quick leads and even customers, and still be forgotten in a matter of seconds. The problem with that approach is having limited budgets on ad spend. Once the budget finishes, ads stop running and you are suddenly off the grid.
As opposed to this, think about an ad campaign that you effortlessly remember. Such ads are timeless (infinite ROI?) and memorable because they provide something valuable –– it could be a social message, entertainment, or knowledge. The ad may or may not have even mentioned the product –– it doesn’t matter because the ad was optimized to provide value and not sell something.
Such ads are great at building a brand recall value and at getting those leads and customers, even years after the brand stops circulating the ad. Takeaway: Good advertising offers customers something of value in exchange for their attention.
Mottos > forgettable stuff
An effective tagline is capable of kickstarting an exponential, self-sustaining loop. A catchy motto enables imitative behaviors or social copying, while being very authentic to the brand. A great motto resonates with the subconscious mind, and requires a mad mix of carefully understood insights and creativity.
So take time to understand your customers’ needs, understand the very values your product provides, and the brand values that make it all possible. And then let your ad be a careful extension of that brand, that mission your business stands for. Good communication is at the heart of good advertising.
Parting words
There was a time when we saw a transition from Madison Avenue–style advertising to digital advertising breakthroughs. We are now receding back to more traditional styles of advertising, but within a digital environment. That is both an opportunity and a challenge for modern digital advertisers.
By combining the strengths of traditional advertising, like storytelling and emotional connections, with the capabilities of the digital ecosystem, we can create huge impacts.