As targeted advertising grew in importance, third-party cookies have been the main mechanism to identify website visitors. Cookies are a key enabling technology for the web, but many Ad Tech use cases came to be perceived as invasions of privacy. Regulation such as the ePrivacy Directive and the GDPR has attempted to limit this issue, and major browsers such as Safari and Firefox already block third-party cookies by default.
These measures are already measurably hurting publisher revenues and advertiser addressibility, but it was Google's announcement that Chrome — the most popular web browser — would do the same by 2022 that got the industry in a twist. Several alternatives have been proposed (see Google's Privacy Sandbox and alternatives for more information) to put some of the forgone functionality under the browser's control, in order to re-enable it in a more privacy-friendly way.
A cookie is a small text file that websites can ask web browsers to store. They're a common mechanism to keep track of user sessions — are they logged in? — and preferences — such as language selection. Since they are stored by web browsers, they don't carry across different browsers or devices.
Cookies are said to be third-party when they're set by a different party than the one running the website. For this to happen, the website needs to allow it — and they do in order to support myriad use cases from behavioural targeting to frequency capping, or because they're forced into it e.g. when using tools such as Google Analytics.
In the early days of Ad Tech, targeting was limited to the context of the website and little else. Over time, the industry ramped up their use to identify users across websites and display ads to them based on their interests and behaviour. There's nothing evil about the technology per se, but its misuse over years has been a growing source of concern for privacy advocates.
Google's Privacy Sandbox is seen by many as an attempt to retain control over large swathes of the Ad Tech market. By phasing out third-party cookies in Chrome, Google can show a privacy-positive posture, and moving tracking and data collection to Chrome only cements their position in the industry. Much like Google benefits from the GDPR in the sense that it's less affected than its smaller competitors, this move allows them to eliminate competition in the name of privacy. After all, they still control several properties with huge user bases, from Search to Docs.
This is similar to Apple's recent privacy disinformation campaign and their deprecation of the IDFA, seen by most as a way to bolster their own ad network, less affected than their competitor's.
Industry consortia such as Rearc and PRAM have been formed in order to bring the industry together to find a solution to keep funding the Web. Within the W3C, Google and others have been bickering about the best way to move functionality to the browser.
Others, like The Trade Desk and Kochava, are proposing new identity solutions that don't rely on browser cooperation — but on a user-provided-and-consented identifier such as an email address. For its part, Google has stated it does not intend to adopt or support such solutions.
Further out in the field, we see upstarts like Crumbs scrambling to figure out how to stay relevant in middle of all of this, and PolyPoly and Swash coming in with a "put the data in the user's hands" alternative.
Advertisers and publishers are concerned and feel cornered, and most of the industry is in a scramble. This pressure could lower the threshold for business development and make it easier for alternative solutions we build to get adopted.