“Death of the Cookie!” “Will location data increase as cookies crumble?” “How publishers are planning for the end of the third-party cookie?”

Did you spot these headlines already? In the digital ad space cookies got a lot of attention. So, why is that?  The so-called death of the cookie will affect us all digitally. It’s good to dive a bit deeper into the cookie itself. Before doing so, however, it’s good to understand the basics of what a cookie entails and also understand the different types of cookies.

What is a cookie?

A cookie, or to be more precise, a HTTP cookie, is a small amount of data sent from a website and stored on your computer via the browser. Cookies are bad right? They follow us around the internet to get as much data from us as possible. Companies resell our data to various other parties.

Although this is one very common use of cookies, where one could argue whether bad or good obviously,  it is useful to make a distinction between different types of cookies. We have the so called ‘first-party cookies’ – cookies to perform essential functions of the internet, and ‘third-party cookies’, which are the cookies which track us around. They compile longer history in order to resell. So, let’s dive a bit deeper into these two main types of cookies.
 

First-party cookie

In short, a first-party cookie is a text file whereby no data is shared with anyone outside the relationship between you, the site visitor, and the website owner.

How does this work?

Imagine, you want to go to a website. What you will usually do is open a browser first (for instance Chrome, Firefox, Safari, etc.) and type in the address, for instance “www.website.com”. What will happen in the background, is that you send a request to a server that belongs to “www.website.com”. 

Figure 1

The server will send back a little package with files and HTML code. This package includes a small amount of data with a unique ID (in figure 1 represented as ID = 123). This small amount of data is the cookie. Every time you go back to the website ‘www.website.com’ the server knows that the request comes from your computer. Because of this, it recognises the ‘state’ it should send back the website to you in.

For instance, if you add clothing in your shopping cart, with this cookie the website remembers what items you’ve put in. Also it helps the website owner to keep track of unique visitors. If you visit a webpage multiple times a day, this cookie gives the website owner information. Another example for the usage of this cookie is keeping track if you’re logged in, or not. 

Reading the privacy policy?

We call this type of cookie a ‘first-party cookie’. Simply because no data is shared with anyone else except between you and the server of the website you request to see the website from. This doesn’t mean the website owner can do something with this data. If they do, in countries which fall under GDPR for instance, it needs to be explicitly written in the privacy policy. You can find this policy on the website itself (or at least it should be 😉. This first-party cookie is standard practice of how the web works and makes it much easier to interact with the World Wide Web.

Third-party cookie

Also sent to your browser are small amounts of data which can keep track of what you do. Not only on a single website, but throughout multiple websites you visit. By doing so, the party which sets the cookie is able to keep track of what you do across multiple unrelated websites. Since these parties are not the parties you engage with directly when on a website, they are titled “third-party cookies”.

Iframes

We again want to visit the webpage www.website.com. By now, you know how a first-party cookie slots in your browser.  It’s a common misconception to think first- and third-party cookies are different cookies. Cookies are just cookies. So when do we call a cookie a third-party cookie? Usually a website has various elements, for instance a recommended content section, or an area to show ads to you. Also hidden things in a website such as for instance to keep track of site analytics (think of Google Analytics). Often these parts on a website use so called ‘iframe’s’. The iframe belongs to a third-party but fully embedded in the website.

It’s a common misconception to think first- and third-party cookies are different cookies

👉🏽 Cookies are just cookies

How does this work?

Back to the example of www.website.com. A special conduit to www.thirdpartycookie.com is placed (see figure 2) on www.website.com. Usually by adding the <script> tag from wwww.thirdpartycookie.com (or think of Google, Facebook, Outbrain, etc.)  and a unique id for www.website.com.

Figure 2

Now, when you want to visit another page, for instance www.anotherpage.com, this site also embedded the script tag from www.thirdpartycookie.com (but with a unique id for www.anotherpage.com), and therefore www.thirdpartycookie.com is able to collect information on you when you visit either site. In effect, it collects data through a first party cookie, but for each site, it uses the unique id it has assigned to the site to know where it comes from.

Whether we label it a first- or third-party cookie is only to be determined by the runtime and context. By itself, there is no difference between the two. A majority of websites use iframes such as Google Analytics. You can also think of widgets to make it easy for you to post to Facebook and Twitter. A side effect of this is that it allows third parties to keep track of your browser history, of what you have been searching for and/or what you have bought.

Whether we call it a first- or third-party cookie is only to be determined by the runtime and context, by itself there is no difference between the two

Privacy Concern?

For advertisers it’s pretty interesting to follow you around the internet. Lots of data is retrievable, allowing a thriving multi-billion dollar industry to emerge selling ads to you. Have you ever thought about the fact you just provide all this data for free (you’re not charging anyone are you?)?

Of course there are ways to be a bit more anonymous and disable the usage of these third-party cookies. Cookies have an expiration date or you can just delete them. A more elaborate way though, is by disabling them on your browser. In some browsers, for instance on Safari, they’re disabled by default. 

Understandably, third-party cookies form a potential privacy concern and these cookies are under review with the European Union. Next time we will take a look as to what will change with the removal of the third-party cookie and how this will affect us all. Our online experience will change, will this be for the good? Well, read the next blog and decide for yourself…