Cookies, a delicious snack with a bitter aftertaste?

“Cookies make the world a better place”. Whoever invented this quote was damn right (and most likely very hungry). The same applies for data cookies as during the past decade(s) many companies were very eager to use 3rd party data to reach a certain type of user in the world wide web.

Until a couple of years ago, 3rd party cookies and upon extension all data cookies seemed like a dime a dozen until at one point GDPR saw the light of day. Then, more than ever, cookies became the talk of the town. If it wasn’t already a big thing, nowadays it most definitely is. Last year, some of the highest GDPR fines (to date) were imposed:

  • Google: € 50M for not providing sufficient data transparency.
  • H&M: € 35M for unauthorised recording of their staff’s personal information.

Meanwhile, since GDPR was activated, all the big tech players such as Apple and Facebook have already taken steps to ensure the privacy of their end users. They managed this by going from ITP tracking (a reduced 1st party cookie lifespan and a limited 3rd party cookie tracking) by Apple to Off-platform activity control by Facebook.

Bear with us for the next 5 minutes and we’ll explain what you need to look out for when it comes down to data collection and web cookies... 


Back to the basics

A cookie is a small piece of data stored on the user's computer by the web browser while browsing a website. Cookies were designed to be a reliable mechanism for websites to remember stateful information, or to record the user's browsing activity

They are not programs as they do not perform any functions. These are simple text files that can be opened using an application like Notepad.

Here is a quick recap of how cookies work. When you request information from a website, the web server will respond and send you a cookie. Your computer will then store the cookie on it's hard drive and send it back if you visit the website again. This allows the web server to identify you and record data that can be shared with other online sellers.

Keeping in mind GDPR, the two parts of that last sentence (“A web server identifies you” and “data can be shared with other online sellers'') should make you shiver nowadays. Cookies that are not strictly necessary for the basic function of your website, must only be activated after your end users have given their explicit consent to the specific purpose of their operation and collection of personal data.

Would you rather eat a chocolate or an oatmeal cookie?

Depending on the ingredients that you use, you’ll get a different cookie in the end. The same goes for web cookies, as there are multiple types going from 1st to 3rd party to sessions and persistent. Let’s have a look at 1st party and 3rd party cookies before moving on to the next portion of this blog. 


1st party cookies

3rd party cookies


Used to help websites keep track of your visits and activity. These cookies help with improving the user experience and make your internet browsing more seamless. (e.g. products added to cart, login details, language, …)

Used for ad retargeting and behavioral advertising. By adding tags to a page, advertisers can track a user across the web as they visit different websites. This allows advertisers to build a profile of you based on your search habits, so they can serve more relevant content.


Originates from the main domain opened on users’ web browser.

Doesn’t belong to the main domain opened on users’ web browser.

Set by

Publishers set the cookies to their website using JS code.

Loaded by third-party servers on publishers’ website.


Work on the main domain (publisher’s website).

Accessible on any website that loads 3rd-party cookies code.


One of the major trends, which we didn’t tackle in the table above, is the way that both types of cookies are supported

  • 1st party cookies are supported by all browsers. However, users are always free to block cookies in their browser settings.
  • 3rd party cookies are also supported by all browsers, but some browsers (e.g. Firefox) block them. Also, in case of incognito mode, browsers do not load third-party cookies.

3rd party cookies, the enemy of the state

On January 14, 2020, Google announced its plan to phase out third party cookies within two years in order to make the web more secure and private for users. Doing this, Chrome will join other browsers such as Safari and Firefox in blocking third party cookies.

But why did third party cookies become the enemy of the state?

Third party cookies enable brands and vendors to create user profiles based on their online behaviour and activities. Unfortunately, third party cookies are often set by companies the user hasn’t even heard of or interacted with. This is at odds with everything that GDPR stands for.

These privacy updates and the phasing-out of third party cookies will significantly hurt the ability to programmatically retarget users. If Google’s privacy tools and Apple’s ITP work as well as many fear, it will mean a complete change to the programmatic industry as we know it with audience targeting and DMPs possibly even becoming ‘redundant’. The industry will have to find a way to cope with this major change. 

Publishers will adapt and launch their own ad solutions. Using 1st party cookies they will be able to create rich databases of their end consumers and prospects, in an attempt to survive in this new cookie-free world that we find ourselves in.


Any questions about GDPR, cookie settings or cookieless advertising?

Hit us up!