Cookieless Tracking And Analytics: Have The Rules Changed Again?
Key Contributors: Nilangan Ray, Madhurima Chatterjee, Paras Kuhad
Marketers have long relied on third-party cookies to collect data from customer interactions and browsing patterns across their websites. These tracking tools have helped website owners and managers in several ways, including personalizing advertisements, retargeting prospects, measuring campaign success, and delivering a more seamless web browsing experience overall.
However, growing privacy concerns have led many browsers like Safari and Firefox to announce the discontinuation of third-party cookies. Google’s decision to phase them out in early 2024 was the final nail in the coffin (as it may have seemed!).
But things seem to have taken a turn yet again! Despite Google’s earlier calls to kill third-party cookies, the company has halted its execution due to huge resistance from the ad tech industry. Does that mean focusing on cookieless tracking now is useless?
No! A cookieless setup is still a great tracking option for marketers that can help them comply more fully with global regulations, such as the European Union’s GDPR, and prepare for further steps that browser vendors as well as other lawmakers may take to reduce the effectiveness of third-party cookies.
In this blog, we will explore cookieless data collection, including its benefits, drawbacks, and how it functions. We’ll also cover the role of cookie consent banners and whether they are necessary when using cookieless tracking. Finally, our guide will provide you with practical steps for implementation.
Third-party cookies are tracking devices set by a domain other than the one the user is currently visiting. Marketing and analytics companies use them to track user behavior across different websites, collect data on browsing habits, and target website visitors with relevant ads.
Third-party cookies can be accessed on any site that loads the third-party server’s code, and they remain on your device until you actively remove them or until their expiration date. This makes it more difficult to defend them in respect to customer privacy since they allow advertisers to “cross-site track” or follow users around the internet. Even Google uses this strategy to gather behavioral and personal data for its “own purposes”—selling ads.
Now, most of this article is simplified so our fellow marketers can understand things without going into a technical rabbit hole. However, this part needs to be addressed with technical nuance as eliminating information for the sake of simplicity would be a disservice to the readers. So, for more accurate insights, we have invited our product experts to contribute in this section.
A website is defined by its domain. For example, let’s say your website is yourwebsite.com. Simple, right? Initially, when browsers were developed—or more accurately, when the internet was designed—there was no concept of a ‘state.’ This means that every time you made an HTTP request, each request was treated as if it were brand new (ah, the good old days!). Everything was anonymous.
However, websites soon needed a way to remember you, such as keeping you logged in. They needed to store something like your session ID. This led to the creation of cookies. A cookie is essentially a small piece of data stored in your browser, consisting of a key and a value.
The answer depends on the scope, which is determined by the entity that sets the cookies. If the cookies can only be accessed by the website that sets them, they are known as first-party cookies. However, if a cookie is set by a script loaded from an external source and the scope is defined for an external domain, it means that wherever you go, if another website has that same external script, it can read those cookies. This means you can be tracked across websites, and these are known as third-party cookies.
The job of a marketer is to deliver personalized messages to their target audience. To do this, they need to know two things:
- Do you have intent or are you aware enough? This can be determined by whether you are a returning visitor or not.
- What exactly are you interested in?
The first part can be easily managed with first-party cookies, while the second part can be achieved with third-party cookies.
Let’s add some more detail to the story:
First-party cookies can be set by frontend JavaScript code or by the website server as part of the HTTP response headers. The server can send a Set-Cookie command to the browser to accomplish this. It’s important to note that if a cookie is set via the HTTP response header, it’s considered more legitimate or, in other words, authoritative. Browsers generally prefer cookies set from the server response header, as this practice is seen as integral to the service provider’s business model.
However, more and more browsers are starting to crack down on even first-party cookies if they are set by frontend JavaScript code (we will discuss Safari’s Intelligent Tracking Prevention, or ITP, later in this article).
As for third-party cookies, our earlier introduction gave you a hint of their somewhat negative reputation. While they aren’t inherently bad, as long as businesses use them responsibly, it’s fair to say that they have a tarnished reputation in the current ecosystem.
By now, it’s clear that we might want to focus less on cookies and explore alternatives. For first-party tracking, the workarounds are straightforward: you can use local storage or other identifiers managed within the website’s logic (such as visitor or device fingerprinting, which we will discuss later). However, when it comes to bypassing third-party cookies, you also need to consider ecosystem support. Remember, these cookies are often managed by universal advertising pixel providers like LinkedIn and Facebook. Fortunately, there are now protocols that allow us to send tracking activity information directly in a more compliant manner through server-to-server communication. This means the information first goes to our website server and is then passed on to these third-party vendors. Whether this workaround is good or bad is beyond the scope of this article.
However, we do want to emphasize that this ‘cookieless’ tracking method doesn’t mean you can bypass user consent. You will always need the visitor’s consent if you are setting up an identifier that can uniquely recognize them on their next visit (across sessions) or across a network, especially if this information will be used for personalized marketing. Therefore, you must not forget your responsibility.
Cookieless tracking can be a better, more futuristic, and robust way to track your visitors. This introduction sets the stage for the article, where we will delve into the details of cookieless tracking, current trends, and popular methods of cookieless tracking.
Image Source: TMS Outsource
If the technical dive-down is not your cup of tea, we have tried to simplify the pros and cons. Let’s have a look:
Pros
- Targeted Advertising: Enables you to create and display personalized and relevant ads, improving user experience and advertising effectiveness.
- Seamless Browsing: This feature allows you to store data such as website visitors’ login credentials, language preferences, and items added to their shopping carts, thus ensuring a consistent user experience.
- Analytics and Tracking: Provides you with valuable insights into user behavior across different websites, helping businesses optimize marketing strategies.
Cons
- Privacy Concerns: Tracking users across multiple sites without their explicit consent raises significant privacy concerns.
- Data Security: Storing sensitive information, such as login credentials and financial data, can pose significant potential security and misuse risks, as the information is easily accessible by third-party servers.
- Browser Restrictions: Browsers like Safari, Firefox, and Chrome are increasingly restricting third-party cookie access or plan to do so, reducing their effectiveness.
.
What is the Current Stance of Browser Vendors Like Google and Apple on Third-Party Cookies?
Third-party cookies have helped marketers and advertising agencies build a solid foundation of user data for years now. But no one wants to be caught violating data privacy rules.
Moreover, a recent eTracker consent study involving experts analyzing current websites using data from June 2023 revealed that the average user consent rate for sharing information via third-party cookies decreased from 46% to 35%. This indicates that more users are reticent about sharing their personal data, making it extremely difficult for browser vendors to create a detailed customer profile and provide website visitors with a personalized experience.
Source: Etracker
This is why browser vendors like Apple and Firefox have stopped using third-party cookies altogether. Apple’s Safari introduced Intelligent Tracking Prevention (ITP) to limit third-party cookies, while Firefox implemented Enhanced Tracking Protection (ETP) to block them by default.
Coming to Google, while it may have paused its initiatives to completely eliminate third-party cookies, Google is taking steps to replace them with the Privacy Sandbox initiative, which aims to balance user privacy with targeted advertising through new technologies like Federated Learning of Cohorts (FLoC) and Topics API. These changes reflect a broader industry shift towards enhancing user privacy and data protection.
It is clear that third-party cookies sail on murky grounds. So, what’s the alternative? You came here for this: Cookieless Tracking
Cookieless tracking is a marketing analytics and measurement approach that eliminates the use of cookies altogether. Instead, this strategy utilizes other tracking methods such as server-side tracking, machine learning, statistical modeling, or the use of unique identifiers.
Seems complicated with increased chances of limited data and inaccuracies? Here are some benefits of going cookieless:
- Enhanced Privacy and Regulatory Compliance: One of the most significant advantages of cookieless tracking is its ability to reduce reliance on third-party cookies. This shift helps address growing privacy concerns among users, who are increasingly aware of how their data is being collected and used. By adopting cookieless tracking, businesses can more easily comply with stricter data protection regulations, such as GDPR and CCPA, thereby avoiding legal pitfalls and enhancing their reputation for respecting user privacy.
- Improved User Trust: Transparent data collection methods are key to building trust with your audience. When users are aware that their data is being collected in a privacy-conscious manner, without invasive third-party tracking, they are more likely to feel secure and respected. Cookieless tracking avoids using the privacy-invasive practices associated with third-party cookies and instead strictly limits data collection to first-party scope or essential business purposes only.
- Resilience to Browser Changes: With the ongoing tightening of restrictions on third-party cookies by major browsers like Chrome, Firefox, and Safari, businesses relying on traditional tracking methods face significant challenges. Cookieless tracking is not impacted by these browser changes, ensuring that your data collection efforts remain consistent and reliable. This resilience allows businesses to maintain continuity in their analytics and marketing efforts, even as the digital landscape evolves.
It is clear that adopting cookieless tracking not only ensures compliance and accuracy but also makes your tracking strategy future-proof.
Cookieless tracking involves using local storage or other identifiers managed within the website’s logic, such as visitor or device fingerprinting. Additionally, server-to-server communication protocols now allow tracking activity information to be sent directly to third-party vendors in a more compliant manner.
There are several methods you can use for cookieless tracking. These include —
- Server-Side Tracking: Server-side tracking operates in the background using code that is not displayed in your browser. Your actions on a website cause events that are first transmitted to the website’s server when you visit it. Once the data is processed, this server sends it to analytics platforms. By serving as an intermediary, server-side tracking allows websites greater control over the information they gather and how it is used.
- Server-Side Behavioral Tracking: While user behavior data is usually gathered with first-party cookies, using server-side tracking methods can help you collect information like page visits, duration of visit, and other interactions within that specific website.
- Browser Fingerprinting: This method gathers various seemingly insignificant information about your browser and device, including fonts, screen resolution, and even time zone. When these facts are merged, a distinct customer profile can be created to follow the user and their activities online.
- Device Fingerprinting: Device fingerprinting creates a unique identifier based on the features of the user’s device, such as browser type, operating system, screen resolution, etc., similar to browser fingerprinting. This approach provides detailed insights into user activities across various devices, from hardware specs to software customizations.
- Statistical Modeling and Probabilistic Tracking: Statistical modeling involves using advanced mathematical frameworks to interpret and predict user behaviors based on aggregated data. This technique analyzes historical data and external factors to gather insights, which are then fed into machine learning programs for probabilistic tracking. Probabilistic tracking makes educated guesses about user identities and behaviors based on indirect data points, such as device characteristics or browsing patterns.
Cookie consent banners are unavoidable with third-party cookie tracking. Data privacy laws, like the EU’s GDPR, are extremely strict about the processing of personal data, and the use of third-party cookies can likely compromise an individual’s online identity.
However, announcing to a website visitor that you are tracking them might make them feel iffy. Your website traffic may actually suffer because of cookie consent banners especially if you are made to use them even when you don’t need them.
Source: CDN-Website
Now, the question is, if you are using cookieless tracking in place of third-party cookies, do you still need cookie consent banners? Mostly yes, but in some cases you might not need to!
Generally, cookie consent banners are required to inform users when cookies are being used to collect personal data or track behavior across websites. However, if you do not collect any personal data, use the data for only analytical purposes, let users easily opt-out, and more importantly do not share data with others, you might not need consent banners. And, if you are not able to connect this personal data to a unique identifier, regardless of whether you are using a cookie or cookieless method, you will need consent popup.
In the European Union, regulations such as the GDPR (General Data Protection Regulation) mandate that any form of personal data collection requires user consent, even if cookies are not used. Using other strategies to collect PIIs or pseudonymizing the data would still require you to get consent from your visitors.
It’s important to thoroughly assess the nature of the data your tracking solution collects and consult with legal experts to ensure compliance with local data protection laws. This will help you determine whether a cookie consent banner is required for your specific situation.
To be honest, the answer is—it really depends. Cookieless tracking removes cookies from the scenario, but not the ‘tracking’ itself. However, from a privacy point of view, there is one important factor that makes it more privacy-friendly: it doesn’t rely on the existing ecosystem of third-party cookies. When businesses use cookieless techniques for tracking, they mostly deal with first-party data (their own data) and server-side processing, which, by definition, keeps the tracking data within the first-party domain.
On one hand, you can implement a cookieless solution where data is fully anonymized, no personally identifiable information is collected, and the data is used solely for anonymized analytics. This approach is much more privacy-friendly than using cookies.
However, on the flip side, some companies attempt to implement a cookieless setup that circumvents the need for cookies while still collecting the same data, just without the cookies. Techniques like fingerprinting are used for this purpose. These implementations are not necessarily more privacy-friendly; they are simply workarounds to bypass current restrictions.
Ultimately, the method used in cookieless implementation is up to businesses and their specific operational requirements. Therefore, we cannot provide a single playbook or legal advice that suits all scenarios, as that’s not possible and is beyond the scope of this article.
While GA4 is not cookieless by default. Google Analytics has a history of having issues with privacy and GDPR. If you want to dig deep into the rabbit hole and learn more, read this Salespanel article. This one is so in-depth that Google decided not to rank it. (Kidding!)
Its latest iteration, Google Analytics 4 is much better with regulatory compliance. The tool uses an event-driven model rather than relying on third-party cookies. While GA4 is often labeled as “cookieless,” it actually uses first-party cookies instead, aligning with evolving privacy standards.
That said, you can set up Google Analytics 4 to be cookieless primarily using server-side tracking. Here’s your guide to its setup.
To summarize, here’s how you use Google Analytics 4 in a cookie-free environment:
- Event Tracking: GA4 prioritizes event tracking over cookie reliance.
- FLOC and Privacy Sandbox: With Floc and Privacy Sandbox, Google simulates user data by placing them in large cohorts and anonymizing the data.
- Server-Side Tagging: Consider server-side tagging for better control and privacy compliance.
- Modeling to Fill Gaps: GA4 uses statistical and probabilistic modeling to fill gaps in missing data.
- User ID Tracking: Track user ID instead of cookies.
Tracking B2B customer journeys is particularly challenging because it involves accurately linking interactions across multiple devices and sessions. The sales process in B2B environments is complex, with multiple buyer roles and long decision-making cycles, making it difficult to track touchpoints and interactions effectively.
Without cookies, capturing these intricate, multi-step journeys and attributing actions to specific users or roles becomes problematic, potentially leading to incomplete data and less effective personalization. To overcome these challenges, Salespanel has introduced a solution called ‘Deep Tracking.’
Deep Tracking is designed to address modern challenges in customer journey tracking within a privacy-focused framework. It’s a cookieless solution that ensures accurate and compliant tracking across multiple domains.
Advantages of Deep Tracking:
- First-Party Data Focus: Deep Tracking uses first-party cookies and unique IDs, collecting data directly from your website with user consent, thus maintaining privacy and compliance.
- Cross-Domain Tracking: Unlike standard first-party cookies, Deep Tracking can monitor user behavior across your domains, providing a comprehensive view of the customer journey.
- Resilience to Browser Changes: Since it doesn’t rely solely on cookies, Deep Tracking remains effective even as browsers phase out cookies.
- Enhanced Accuracy: By assigning unique IDs, Deep Tracking provides precise tracking of individual user behavior, enabling more targeted and effective marketing strategies.
Salespanel offers two primary options for Deep Tracking:
- Deep Tracking with Cookies: This option combines the robustness of traditional cookie-based tracking with the advanced capabilities of Deep Tracking. It’s ideal for those looking to enhance their existing cookie-based systems without fully moving away from them.
- Cookieless Deep Tracking: This option ensures tracking without relying on any browser cookies, making it perfect for scenarios where maximum privacy compliance is required or where users are likely to block cookies.
In addition to Deep Tracking, Salespanel allows you to create a server-side tracking setup, with the option to begin tracking only when users from specific regions have provided consent. Unlike some other platforms, Salespanel does not sell your customer data or use it for advertising purposes.
Take your B2B tracking capabilities to the next level with Salespanel. Check out our 14-day free trial now!
Sell more, understand your customers’ journey for free!
Sales and Marketing teams spend millions of dollars to bring visitors to your website. But do you track your customer’s journey? Do you know who buys and why?
Around 8% of your website traffic will sign up on your lead forms. What happens to the other 92% of your traffic? Can you identify your visiting accounts? Can you engage and retarget your qualified visitors even if they are not identified?
