Consider third-party (3P) cookies as spies, employed by an international spy network (representing an ad platform), that can track citizens (internet users) across countries (websites). First-party (1P) cookies are like foreign ambassadors, each permanently stationed by a sending country (in this case, also an ad platform) within a single host country (a website). A given ambassador can track the activities and interactions of citizens only within the host country where they are deployed.

Phasing out 3P Cookies

Spy networks (3P cookies) are being phased out. Ambassadors (1P cookies) are not going anywhere. Safari & Firefox, representing 30% of browsers, have been restricting 3P cookies since 2017. As such, a significant portion of digital advertising has already adapted to a model that does not depend on 3P cookies​​.

Note that Google Analytics (GA) sets a 1P cookie, so it will not be impacted. But, some aspects of GA do use 3P storage that will be impacted (Google Signals and ads retargeting for example). 

Ad platforms have supplemented any 3P cookies they depend upon with 1P cookie versions. So they all have 1P ambassadors. But, their 3P spy networks are on the way out, and they need more than 1P cookies to allow for attribution reporting to give advertisers confidence their ad spend is achieving their objectives.

Ad platforms, especially those associated with a robust identity platform like Meta (Facebook + Instagram) where a user must be logged in to use the service, can use 1P data to fill attribution gaps being created by their deteriorating spy network of 3P cookies.

Leaning into 1P data

What makes data 1P is that it is collected directly from users interacting with the business. Some take this a step further and differentiate between 1P data and zero-party (0P) data, where 0P data is provided directly by the customer with clear consent and purpose, and 1P data is collected through various interactions and might require interpretation. To keep things simple, this post will also refer to 0P data as 1P data.

1P data can include website activity (ad click IDs, browser type, IP address, etc.). It also includes personal user data like name, email, phone number, physical address, zip code, etc., that a user submits in a digital property lead form, or with online or offline purchases. That 1P data can be used by an identity platform to determine a related user account. The ad platform tied to that identity platform can report any advertising with which that user interacted as associated with a valuable action (correlation at least, possibly causation if the ad platform is capable – as with Google’s geo testing control groups, and Meta’s similar GeoLift). That attribution gives advertisers confidence in their ad spend (i.e., motivates them to maintain or increase ad budgets).

How to get 1P data to ad platforms

Advertisers usually get 1P data to ad platforms via scripts injected in a user’s browser. The scripts send 1P data from the browser to the ad platform. Sometimes the scripts send more than ad click IDs, browser type, IP address, etc. They can be configured to “hash” personal user data, when available, and send that back too. The more 1P data sent, the more likely the related identity platform will determine the related user account to allow for attribution of those related user actions to advertising. Google’s Enhanced Conversions for Web, and Meta’s Advanced Matching, are examples of ad platform solutions that can deliver hashed personal user data using a browser injected script.

Another method is to send 1P data to ad platforms via an API (server to server). This does not happen in the user’s browser. Instead, the 1P data, collected on a business controlled server from various sources, is sent via API from the server directly to the ad platform. Meta’s Conversions API, and Google’s Enhanced Conversions for Leads, are examples of ad platform products that use this delivery method. This method also allows for sending 1P data related to offline user actions to the ad platforms, allowing for possible attribution of those offline actions to digital advertising.

Data modeling from machine learning

The more observed conversions you can expose to an ad platform that can be attributed to advertising, the higher the quality of data sets to train and validate machine learning (a subset of Artificial Intelligence, or AI) that drives conversion optimization (finding new users that are likely to convert and showing them ads). Machine learning can also fill in gaps for users that were not tracked by modeling conversions and attributing them to advertising (e.g., Google Ads modeled conversions, and Meta modeled conversions). A challenge with modeling is that most ad platforms are not completely transparent when reporting conversion attribution. They do not make it clear what portion of conversions attributed to advertising are observed vs. modeled. You are left to trust their modeling math, and their integrity. However, no reporting solution is going to do a more “complete” job of attribution reporting for an ad platform than the ad platform itself (consideration for modeling aside).

User consent

User consent is becoming a big deal. Google’s consent mode requirement is proof positive. You can’t track users from the United Kingdom (UK) and European Economic Area (EEA) without first getting their explicit consent (or you risk suspension of your Google Ads account), and that approach could very well be headed to other countries / regions sooner than later. Our recommendation is to deploy a consent management platform (CMP) like OneTrust on your digital property regardless of whether your determined legal posture is to track users by default or not. CMPs make tracking intentions transparent, and give the user an explicit means of opting out of tracking. CMPs should be integrated with both browser and server based tracking solutions.

The misunderstood role of server-side GTM

Server-side GTM (sGTM) is not a fix for 3P cookies. If configured correctly, sGTM should set 1P cookies from the server, where those server set cookies are more durable than cookies set via JavaScript in the browser. With sGTM, browser GTM is still injected in a user’s browser. But, instead of browser GTM sending data from the user’s browser directly to an external ad or analytics platform, a single stream of data is sent to a business controlled sGTM container, usually hosted on the Google Cloud Platform and resolved to via a 1P subdomain of the domain used to host the website. From sGTM this data stream gets fanned out to any number of external ad or analytics platforms (via API).

The business totally controls data sent to sGTM, and can decide what data to send from sGTM to other external platforms. The business can remove ad platform JavaScript from firing in the user’s browser (where the vendor script otherwise can send any data it wants directly from the user’s browser to the ad platform), making for cleaner website code and a better user experience. sGTM also allows you to supplement data collected in the browser before sending to external platforms (e.g., lifetime value, or products of interest noted in your CRM, or propensity scoring from cloud-based machine learning to drive ad bids, etc.).

Key takeaways

  1. 3P cookies are like a spy network tracking users from country to country, and they are going away.
  2. 1P cookies are like an ambassador who can only track users in their assigned country, and they are here to stay.
  3. 1P data sent to ad platforms via 1P scripts, or via API, is a must have for ad platform attribution of conversions to advertising.
  4. The more observed conversions you can send to ad platforms:
    • The better they will be able to model conversions where tracking was not possible.
    • The better the performance of conversion optimization algorithms.
  5. Ad platforms are commingling observed and modeled conversion counts in their attribution reporting.
  6. Employ a CMP to make your tracking intentions transparent, and to give users an explicit means of opting out – even when server-side tracking is in the mix.
  7. sGTM is not a fix for 3P cookies being phased out. Regardless, its benefits should make it a serious consideration for every digital marketer.
Third-party cookies, first-party data, and user consent