Third-Party Cookies

What Are Third-Party Cookies?

Third-party cookies are pieces of data created by a third party (usually advertisers or analytics services), not the operator of the website that sends them.

Third-party definition

Third-party cookies are tracking codes generated by companies other than the website that a web visitor has navigated to. Advertisers and social media networks typically use them to track users between websites to build a robust user profile for targeted advertising purposes. This data determines what ads to populate and where they will be most effective. Because these cookies track user behavior across websites, they are often treated with special consideration in data privacy regulations. The CCPA/CPRA, for instance, regulates cross-context behavioral advertising; third-party cookies track user behavior across contexts (i.e., websites), causing them to fall under this regulation. Many website browsers are phasing out support for third-party cookies. – Osano

Purpose of Third-Party Cookies

Third-party cookies enable advertisers and analytics companies to track your browsing activity across different websites.

This tracking helps create a detailed profile on you based on your interests, demographics, and browsing habits. This information is used to show you targeted advertisements that align with your perceived preferences.

While third-party cookies help businesses understand and target audiences, they have raised significant privacy concerns among users, leading to increased regulation and a shift towards more privacy-focused alternatives.

Third-Party Cookies vs. First-Party Cookies

The primary difference between third-party and first-party cookies is who creates them and how they’re used.

First-party cookies are created by the site you’re visiting and are generally used to improve your on-site experience.

Third-party cookies are created not by the site you visit but by other sites that want to track your browsing behavior across the web to build your profile for targeted ads and other purposes.

In comparison to first-party cookies, which are typically seen as less invasive, third-party cookies have a bad reputation for intrusive profiling and data sharing, to the point where most browsers block them automatically.

Privacy of Third-Party Cookies

The privacy implications of third-party cookies are a significant concern, particularly in the context of user tracking, data collection, and the sharing of information across different websites.

Key privacy aspects associated with third-party cookies include:

Lack of transparency. Users are often not aware of the extent to which third-party cookies are tracking them. Unlike first-party cookies, where the data collection is directly related to the website being visited, third-party cookies collect data across various websites, making it harder for users to understand who is collecting their data and for what purpose.
Potential for extensive data collection. Third-party cookies are designed to track users across multiple websites. This means companies can build a detailed profile of your browsing habits, interests, and even personal preferences based on the sites you visit. The data gathered through third-party cookies can be quite comprehensive, including information about browsing behavior, purchases, and even indirectly, location, age, gender, and interests. This level of data collection raises significant privacy concerns.
Data sharing and selling. The entities behind third-party cookies may share or sell the collected data to other advertisers, marketers, or data brokers. This further dissemination of personal information can occur without the user’s consent or even knowledge.

Legal Landscape Around Third-Party Cookies

In Europe, the General Data Protection Regulation and the ePrivacy Regulation mean that websites can’t store third-party cookies without first getting a user’s consent. If a user doesn’t give their consent, the website has to block the cookies.

US laws like the California Consumer Privacy Act and the California Privacy Rights Act (CPRA) don’t require websites to get user consent for third-party cookies. However, they do require websites to provide privacy or cookie notices that tell users about third-party cookies and their purpose. Websites must also give users an option to opt out of third-party cookies.

Are Third-Party Cookies Going Away?

In response to privacy concerns, there’s a growing trend of phasing out third-party cookies. Major web browsers like Safari and Firefox block third-party cookies automatically, and Google Chrome plans to phase them out in 2024.

Instead, many users and organizations are seeking more privacy-conscious alternatives, including first-party data strategies and methods like fingerprinting (although fingerprinting can be just as effective in identifying users).

Google, on the other hand, is in the process of rolling out Privacy Sandbox, which it claims will improve people’s privacy online while still allowing publishers and advertisers to operate effectively.

However, while The Privacy Sandbox is supposed to limit what it shares with advertisers to topics users are interested in, it has come under fire from some privacy experts.

Improving Your Privacy When Dealing with First-Party Cookies

Take the following steps to limit third-party cookie impact on your privacy:

Manage cookie consent. Be cautious about consenting to cookies on websites. Take a moment to customize your cookie preferences instead of automatically accepting all cookies.
Use more private browsers. Consider using browsers designed with privacy in mind, such as Brave, Firefox, or Safari, which block third-party cookies automatically.
Adjust browser settings. Most modern browsers let you block third-party cookies through their privacy settings.
Install privacy extensions. Use browser extensions that can block third-party cookies and trackers.
Clear cookies regularly. Regularly delete cookies from your browser. Some browsers also offer settings to clear cookies automatically when you close the browser.