They sound like an American biscuit, but anyone who’s spent some time browsing the internet will know that cookies also features of web browsers. Cookies have hit the headlines a few times over the past few years as news stories on consumer privacy and new legislation is introduced – but what does this actually mean and what will be used as an alternative? Most of the explanations online are very technical, so let Skein map it out simply…

What are Cookies?

Cookies may be better thought of in British English as breadcrumbs; tiny pieces of code leaving a trail of where users have been and what they’ve done online. Considered a very useful tracking tool for marketers looking to sculpt and tailor an online experience to best result in a conversion to a desired action, there is usually a warning upon a user’s first visit to a website asking them whether or not they accept the usage of cookies in order to provide them with a positive experience. 

A cookie is a small piece of plain text passed from a website to a user’s browser, and stored by them. When a new page is requested, the text is passed back to the server and providers developers with an array of opportunities and tasks.

How are Cookies used?

Most commonly, cookies are used to remember data that benefits the user; for example, to ‘remember me’ and store login details to avoid a sign-in process upon every visit to a website, to keep items in a shopping cart and to maintain a comprehensive browsing history for latter reference.

There are several types of cookies that can be installed and used to track consumer behaviour throughout their online journey. These are:

  • Sessions cookies (also known as temporary cookies) – cookies that retain only information on a user’s activities for the duration of their visit to the website. Session cookies are deleted once the web browser is closed and are most commonly found on e-commerce websites
  • Persistent cookies (also known as permanent cookies) – cookies that remain in operation even once a web browser has been closed. These are commonly used to store login details to require sign-in areas of websites. Despite their nickname, they’re not entirely permanent and are usually wiped (depending on local law) every 12 months
  • First-party cookies – cookies installed directly by a domain. These allow for the owners of websites to collect analytics data and remember language preferences 
  • Third-party cookies – cookies installed by third parties to collect data for research and targeting purposes. Most commonly used by marketers to ensure their content is being presented to the right audience, third-party cookies record demographic information and behavioural tracking – no matter where on the web is being visited in relation to where the cookie was first installed
  • Flash cookies (also known as super cookies) – cookies to be permanently stored on a computer and operate independently of web browser. These remain even after all other cookies have been removed from a user’s web browser
  • Zombie cookies – cookies that are automatically replicated after direct user deletion. Difficult to detect or to manage, these are commonly used by online games software to prevent cheating; but can also be installed onto a computer maliciously.

Cookies are used in a variety of ways but it can be tricky for users to understand what cookies they have installed on their computer and how it is that they are being tracked.

How Marketers can use Cookies

Cookies are used primarily for two reasons: to deliver a good user experience across a website and to provide targeting information for marketers to ensure their ads and contents are able to reach the correct audience.

The tracking information provided by cookies provides essential intelligence for marketers in order to facilitate the personalisation of content and ads. Despite not being able to know a user’s name or personal contact details, the unique identifier in a cookie allows those analysing them to associate patterns of interest based on the behavioural habits of the user online. Third-party cookies are the most used tracking tool for marketing purposes as they load scripts from ad networks such as Facebook, Google and Amazon – which of course are used by hundreds of millions sites worldwide and so frequented often. For example, many websites load the scripts to embed Facebook’s ‘like’ button which also feeds Facebook with information on the site the user is then visiting; which is onwardly passed to the Facebook Ad Network, aiding their hyper-personalisation and targeting further.

GDPR and Privacy Concerns around Cookies

Cookies being installed onto a consumer’s device or browser are not inherently abusive or negative; and in particular, first-party cookie data can be hugely beneficial to providing a smooth user experience on a given website. In this instance, cookies can be considered functional. However, other types of cookies – primarily third-party cookies – are placed specifically for data gathering and tracking, and so many users have concerns around their privacy online with these tools.

There has been some confusion on how data protection laws work with cookies since the introduction of GDPR and then the UK’s departure from the EU, which was the body responsible for this guidance. However, the UK GDPR (the now relevant piece of slightly-amended legislation, independent of the EU) now sits alongside the PECR (Privacy and Electronics Communications Regulations) and the DPA (Data Protection Act). The PECR rules take precedence over the GDPR and the DPA, and so it is these regulations that need the consideration of marketers and developers in the setting of cookies. The simplest way to approach the PECR and adhere to data privacy standards is to:

  • Ensure that consent is required and relevant information is provided for users where information is to be stored or accessed. This is most commonly seen through with pop-up text boxes upon a user’s first visit to a website to obtain consent from them to install cookies;
  • Ensure that UK GDPR standards are used in the processing of any personal data outside of the aforementioned storage or access;
  • Use a specialist marketing agency to ensure that all legal requirements are met in the installation of, use of and analysis of cookies and the data they provide.

Dropping Support from Browsers and Devices

A renewed consumer interest and blossoming consumer awareness of data privacy online due to scandals such as that with Cambridge Analytica has meant that attitudes have changed toward the use of cookies. Combined with the EU’s push to allow people the choice and ability to control what tracking websites were able to install on their devices, the use of cookies is declining.

In February 2020, Google announced they would be phasing out the use of third-party cookies – and then announced later that they wouldn’t be building any alternative identifiers to track users as they browsed, nor that they would be using any alternatives in Google products. This, of course, was a massive announcement with huge repercussions for marketers.

Google Chrome, Apple Safari, Microsoft Edge and Mozilla Firefox are all imposing restrictions on third-party cookies and allowing developers some time to update their code to meet new requirements, in order so as not to break site’s functionality entirely. Currently, third-party cookies are very difficult to block entirely without the use of a specific ad blocker but these gradual phasing out of them will see more power handed to internet users as increasing protection from them.

What’s more, Apple’s iOS 15 update severely limited the ability of user tracking across web browsing, app usage and email inbox behaviour. Overnight, this blocked marketers from tracking millions of users.

There is currently no set date for the entire phase out of third-party cookies by the most commonly used browsers (not least because so much of the Google ad tracking network relies on them!) but one thing is for sure: marketers need to take action to move away from their use – and fast. 

Alternatives to Cookies

Third-party cookies are on the brink of death and so marketers reliant on them need to shift their strategy in order to continue to connect with customers (both potential and existing) in an appropriate targeted manner. Historically there have been few alternatives to cookies; purely because they are so comprehensive in their function that there’s been little need for anything else. However, there are alternative methods to targeting advertising, and these include (but are by no means limited to):

  • Facebook and Messenger Ads – consumer behaviour through Facebook is tracked through their use of the site and so counts as a first-party cookie. Placing ads through the Meta network allows the usage of this data without the marketer having to store or process it and provides the opportunity for accurate targeting. As the Metaverse grows, it is likely that further advertising opportunities can be gleaned across the expanding network;
  • Other In-network Advertising – similarly, in-network ads can be placed across various other platforms using only the tracking data from within as their targeting intel;
  • Email Marketing – a well-built email list can be hugely beneficial for marketers in providing warm leads. Real connections can be built and nurtured without the need for the ‘read reports’ banned by Apple’s latest updates. To build an email list, a variety of approaches can be taken without the need for tracking or analysis qualification.

As cookies are phased out marketers must turn to different marketing approaches in order to target audiences and approach them with relevant content; but exactly what can replace their functionality sufficiently is different for every business. Exactly what may work and how it can benefit the organisation is best determined by specialist marketers who can judge previous activity alongside complementary future strategy.

Does this signify a return to more Traditional Marketing Methods?

Of course, exactly what comes next for firms who are currently reliant on cookies for their consumer tracking and targeting is yet to be seen – but many believe such tools ending could see a revival in traditional marketing methods.

Content marketing, email lists, more traditional online lead generation and social media advertising will all undoubtedly be utilised in marketer’s efforts to plug the gap and should not be far from the skillset of many of those already working within the marketing industry. However, a channel often underestimated that can be hugely beneficial is online engagement with consumers. Positive customer interaction within social media and other online channels can bolster public brand perception, strategically communicate desired messaging and help provide required product and services information. Provided that those interacting with consumers online are consistent in their tone and messaging, consumers will feel engaged with and enthusiastic about the brand.

The demise of cookies will prove a challenge for marketers in businesses of all shapes, sizes and types and so is not just a threat to those without specific marketing resource in-house. The worst thing an organisation could do right now is ignore the pending changes – preparation is key. If a business is unsure of if, what and how cookies are used by their online presence, this should be investigated into urgently to allow for remedial and replacement action to be taken in their future absence. 

Skein are an expert team of marketers who understand the complex online processing behind cookies as well as the legal obligations and standards for businesses. What’s more, they also understand how best to replace the insights gathered from cookies and instead work with a less invasive but by no means less intelligent approach moving forward. The future may not lie with cookies but it does lie with choice and with commerce – and facilitating (or continuing to) this will empower consumers and enhance businesses for many years to come.