Google and 3rd-Party Cookies

There has been a lot of discussion in the ecosystem recently about whether Google / Chrome might block 3rd-party cookies and, if so, what that would look like. Whatever the answer is, it will have a fundamental impact on the ecosystem. To that end, we're hosting a panel on May 8 with some great industry participants ( to discuss this very subject. 


The first question is whether Google ends up doing anything to block third party cookies. While no one outside of Google knows for certain, there are quite a few signs that point to the likelihood of them doing at least something. But what exactly they choose to do could very dramatically impact the ecosystem. 


Google lives on both sides of the equation. They operate Chrome and don't want it to be left behind by the other main browsers (both Safari and soon Firefox will block 3rd-party cookies). But Google also runs a massive ad business that depends, at least to a degree, on 3rd-party cookies. The company has been fined several times already for anticompetitive behavior. Anything that fundamentally distorts the balance of power further towards Google, even under the guise of pro-consumer privacy moves, will likely be viewed very negatively by regulators. Thus I believe Google will need to find some middle ground that appears consumer centric, affords some additional privacy for those who want it, and still allows the ad ecosystem to operate.


With all the above said, it's anyone's guess what this will look like. My personal belief is that it's unlikely Google takes the extremely restrictive approach that ITP 2.2 (Safari) has taken as most consumers have no understanding what's going on in ITP (in fact, most in the industry don't as well). Thus this would only serve the extreme privacy zealots, hurt their business, and operate in a way that would be completely discordant w/ their past behavior (e.g. having android send Google users locations all the time, automatically). It's also unlikely that they do nothing. 


One option that makes sense to me is to create something akin to IDFA, but for the browser. This means there would be an anonymous, persistent ID instead of cookies. The net result would be no client-side cookies, meaning all the information would need to be shifted server-side and cookie-syncing would be irrelevant. This would be at parity with Apple's offering in app, which would give Google some moral authority. That said, this would be incredibly disruptive as, while information could likely eventually move to server-side storage, many companies would need to significantly re-architect their systems. This approach could actually result in worse privacy industry-wide, but with the guise of privacy controls. That said, all of this depends on specifics. Would the ID be different for each domain? Would it automatically expire or refresh after some period of time? Could users turn it off altogether? Would anything be allowed on the client? Could first-party domains use cookies? Would there be some contractual restrictions around data usage to access the ID? What would be the notice period before this is deployed?


The other likely outcome is that chrome develops a simple third-party cookie block, but doesn't add the extensive restrictions of ITP 2.2 (see here for a helpful overview of ITP: This would allow ad tech, including Google, to implement the variety of workarounds that they've used historically - albeit with some limitations.


While it's unclear what direction Chrome will go, it is clear that there are a number of unambiguous signs that privacy, through both legislation (GPDR, CCPA, etc) and technology (Safari, Firefox, soon Chrome), will increasingly limit how user-data is leveraged digitally. This is a headwind for ad tech. But it is also, importantly, a significant headwind for the two (or three, if you include Amazon) players in ad tech that have outsized user data advantages. It will be very interesting to see this play out over the next couple years.