Google Chrome and The End of Third-Party Cookies

Last week Google announced that it will be shutting down third-party cookies on its popular web browser – Chrome. By 2022, the tech giant’s largest targeted advertising technology will be gone for good. Google’s decision intends to encourage publishers, advertising companies and other browser providers to help Google create a new set of privacy-focused web standards.  This move definitely shook the advertising world and the first step towards the new status quo is already in sight. Google has announced that it will limit cross-site tracking in their browser by default, starting in February 2020 with the release of Chrome 80.

Third-Party cookies Chrome 80

Ready or not, here it Comes – Google Chrome 80

On February, 4, a Chrome update will roll out, loaded with new features developed to make the browser not only faster but also more secure. It will also present new default settings for the SameSite cookies attribute.

So, what is the SameSite attribute? In short, it’s the attribute that browsers use to process how and when to trigger either first- or third-party cookies.

Google’s Chrome 80 will automatically default to first-party on all cookies where the attribute has not been set up. The 4th of February is the deadline for companies to apply the necessary changes, especially if they are relying on third-party cookies. 

What publishers need to know about it

The SameSite update will demand publishers to label third-party cookies that can be used on other sites. Cookies that haven’t been set up properly simply won’t work in the browser. Having in mind that Chrome holds an enormous share of the overall browser market, the ad tech industry would definitely experience the impact. In other words, if you want to make sure you protect your web property from a serious revenue loss, you will need to apply changes to your settings. Publishers will have to set SameSite cookie attributes in Chrome with one of three values: strict, lax or none.

  • “SameSite=strict” – does NOT allow cross-site sharing. That cookie won’t work anywhere else other than on the domain it was dropped on;
  • “SameSite=lax” – less restrictive and will allow a site to share cookies across domains owned by the same publisher;
  • “SameSite=none” – enables full-on third-party cookie sharing, as long as it’s secure;

So, don’t panic just yet, but make sure you take care of the SameSite attribute. Our recommendation is to get ready as soon as possible. While there’s still plenty of time until the 4th of Feb, it’s better to take action sooner rather than later. Make sure to label all cookies with a secure SameSite-None attribute, and in case you haven’t done so already, look into adopting secure connections. All your implementations (e.g. Prebid) should be migrated to HTTPS, ensuring a secure synchronization.

For better or for worse the end of third-party cookies is happening

In a blog post from the 14th of January, Justin Schuh, the engineering director of Google Chrome, provided more detailed information. If you are curious and you want to dig deeper, you can find it here.

So what makes this change necessary? Third-party cookies expose the web users to malicious tracking, data breaches and digital attacks in general. A Google representative recently said:

“In order to move the web ecosystem to a more healthy place, we are changing the default behavior for when SameSite is not specified to automatically default to a more secure option rather than a less secure option” 

The tech giant’s motive is to promote privacy protection for online users while still allowing digital advertisers to serve up targeted ads. What will happen in reality and how all that will affect the ad tech world, only time will tell.