The decision to kill off third-party cookies is widely regarded as a necessary evil, but who gets to determine their replacement? 

The uncertainty has prompted some companies to develop turnkey solutions that are privacy compliant. Google—whose decision to eliminate third-party cookies from Chrome by 2022 created the vacuum—also has a solution, as does ad retargeting kingpin Criteo.

Whichever technology emerges, it will address critical advertiser capabilities including ad targeting, frequency capping, user privacy and attribution. And it will enable an enormous advertising market; last year, third-party cookies helped fuel nearly 30 percent, or $38 billion, of all U.S. digital ad spend.

“There are a lot of complicated storylines and a lot of different vendors who are trying to help advertisers and publishers bridge the gap that’s been forced upon them with the removal of the cookie,” says Devon DeBlasio, Devon DeBlasio, product marketing director of identity and privacy at Neustar, which is offering its own solution. 

One storyline is unfolding in a subcommittee of a normally low-profile industry nonprofit, the World Wide Web Consortium (W3C), whose mission is to identify areas where standards and changes in the Web itself can improve the ecosystem and experience for users. 

High-stakes debate

The subcommittee, called the “Improving Web Advertising Business Group”—which recently debated how sound should function on videos that play automatically—now finds itself at the center of the high-stakes debate about replacing cookies. 

And it’s getting crowded. Subcommittee membership has surged from 24 people in 2019 to 217 this year. The new members are from powerhouse companies including Apple, Google, Facebook, Verizon, Neustar and Adobe. Some smaller subcommittee players are crying foul.

Google has grown its subcommittee membership from about 5 last year to more than 20 today, says John Sabella, chief technology officer at PubMatic, a company that provides publishers with tools to sell ads. The more members a company has, the more voting power it gets.

“There’s an application and a fee of $10,000 for membership,” says Sabella. “I don’t know how you can get consensus when Google gets more than 20 votes and I get one.” 

The imbalance now threatens the subcommittee’s process, according to an open letter sent to the W3C earlier this month that was signed by nearly two dozen members, including Sabella.

“Member organizations with the capacity to field larger numbers of people with the time and mandate to navigate the complexity of multiple groups, processes, history, and documents are advantaged,” the letter said. “In contrast, smaller organizations are unable to participate across the same breadth of groups and their concerns and interests are thus often underrepresented.”

Protection for Chrome?

“Google is inherently not bad, however, when a company has such a large share of public resources like the internet, generally speaking, good things don't happen,” Jascha Kaykas-Wolff, previously Firefox’s chief marketing officer and now president at Lytics, a consumer data company. “So, it is very important that the community is incredibly vocal.” 

Members told Ad Age they believe Google has turned to an international standards body like the W3C to protect its Chrome browser’s global market share of 66 percent (Safari, the second largest, has 17 percent). By working with the W3C, any solution Chrome adopts in replacing the third-party cookie will carry a seal of “industry-wide collaboration,” shielding it from any potential antitrust accusations, according to several members—who asked not to be identified to protect industry relationships.

Google vigorously denies those claims. “Chrome is fundamentally following the open standards process, as it has over the last decade,” Chetna Bindra, senior product manager of user trust and privacy at Google, told Ad Age. Replacing third-party cookies “is a massive, complicated endeavor, which is why it wasn’t done with a two-months’ notice.” 

Bindra also correctly points to previous efforts, such as its decision to remove the Flash player from Chrome, for which it sought industry collaboration through the W3C. “Chrome is thinking about the future of privacy,” says Bindra. “It can be done.”

The trouble with cookies

Third-party cookies—bits of text placed by websites on the hard drives of visitors—have allowed marketers to track consumers’ browsing history and behavior, and have long been the basis of programmatic advertising, marketing and ad targeting. Now seen by many as an invasion of privacy, third-party cookies have also been used to build behavioral profiles on web users—a practice that came under fire in the aftermath of the 2016 presidential election.

Third-party cookies have been used by both marketers and publishers for decades because they’re a neutral currency that nobody owns, says Kaykas-Wolff.

“The advent of the cookie was not made to help create an environment for advertising to be effective or not effective,” says Kaykas-Wolff. “Cookies were made for websites to create preferences for users and create customization, but over time they have been adapted to support advertising use cases.”

Because third-party cookies weren’t designed for digital advertising, they significantly lack the sort of privacy controls now required in regulation such as California’s Consumer Privacy Protection Act (CCPA) and the European Union’s Global Data Privacy Regulation (GDPR).

In searching for a replacement, publishers, platforms and brands seek one rooted in transparency and trust.

The contenders

Neustar has entered the fray with Fabrick. The product serves to unify data across disparate identity ecosystems such as the open web, the so-called walled gardens of Google and Facebook, Apple IDFA and Amazon to name a few. The company says brands can fine-tune Fabrick so it caters to their specific needs.

“We’re a translation layer, but we’re not just building this for the death of the third-party cookie,” says Neustar’s DeBlasio.” We want to redefine what the relationship between the publisher and consumer looks like.”

Among other proposals are Google’s Turtledove and a solution pitched by ad retargeting kingpin Criteo, called Sparrow. Details are so far extremely limited.

Third-party cookies play a large role when digital ads are bought and sold through auctions that occur prior to a page loading. Both the data and auction often take place in the cloud. With Turtledove, however, everything, including the auction, would happen within the browser—the user’s data would never leave, a key element in meeting privacy compliance. 

Although Turtledove has been welcomed by some privacy enthusiasts, others have taken issue that everything is taking place on the Google-owned Chrome browser. 

Joanna O’Connell, an analyst at market research intelligence company Forrester, echoed a similar sentiment. “If the browser is playing the role of intermediary it puts it in a position where it’s indicating what segments users end up in,” says O’Connell. “That I find troubling.”

Sparrow’s solution is similar to Google’s in every aspect save one: Data would exist on a neutral, third-party server—although who the third party is, and whether they can protect consumer data from bad actors, isn’t known.