Thousands of words and myriad think pieces over the last two months have been devoted to Google's decision to keep cookies around, dramatically changing the future of the industry. In this series, we're going to look at cookies, talk about what they are, the value they bring, and what Google's decision means for our industry. Today we're going to start at the ground level.
What Are Cookies?
In the most basic terms, cookies are files created by web servers and used by web browsers for a variety of tasks. These files are stored locally on your computer or other device - you can go find them in your Windows directory if you like - and "clearing" your cookies generally just means you're deleting those files off your computer. Each browser and device has its own cookies - if you're a Chrome user, there's literally a file named "Cookies" used by the browser for storing this information, and you can access it via developer tools if you're so inclined.
What Are Cookies Used For?
Cookies generally have three major uses:
Sessions: Cookies are used to associate a specific user with their site activity. The most common ways you'd see this used are either to keep you logged into a site, and to track things like items put in a cart while you're on the site. When you log into the site, the site's web server creates a session cookie for your browser so every time you load a new page it will recognize you, keeping you logged in and remembering any items you wanted to purchase in your cart.
Customization: Sites can store information about your preferences or past actions in your cookies and use that to tailor or customize your experience - things like whether you prefer to browse in darkmode can be stored in your cookie, so each time you log in or return to the site, you're seeing the same mode.
Ad Serving: Ad servers use cookies to keep track of how many ads you've been served, and for which campaigns. This makes things like frequency capping possible, and also makes it easy to connect an ad exposure (and click action) to something like a purchase or conversion action on a site. These two things basically drive the entire digital advertising ecosystem - frequency capping and conversion tracking are huge, important parts of digital advertising.
Tracking: Cookies can be used to track which sites you visit and information your provide about yourself to those sites, such as your age and gender. This information about your interests (based on what sites you've been to) and demographics is valuable to advertisers looking to decide who to target with digital advertising. This information is often referred to as data in the digital ad space, and there's an entire ecosystem dedicated to its collection, processing, and trade.
Cookies and Devices
Every cookie is specific to a device and a browser on that device. So while it's the same you who's using your phone, your laptop, and your connected TV, each of those devices looks like a completely different person to the same website or ad server. You can mitigate this using shared browsers - logging into Chrome on your phone and your laptop will ensure that it manages your session cookies across devices - but for devices which do not allow third-party cookies like your connected TV, you're a different person. This is a complicated problem to solve, and lots of time and money have been spent building cross-device identity resolution tools to do just that.
First and Third-Party Cookies
Something you'll often see with regard to cookies are the use of "first-party" and "third-party" as descriptors. Simply put, first-party cookies come from the site you're visiting - so you go to ESPN.com and log in, the cookie that ESPN uses to track your session and manage your preferences is a first-party cookie. At the same time, ESPN works with NextRoll, a marketing platform which uses cookies to track who sees ads and how they interact with the site.
It's worth mentioning here that Google's original plans were to deprecate third-party cookies in Chrome. First-party cookies are generally seen as necessary for the internet to function, while third-party cookies are seen more as the means by which your privacy is invaded, used to track where you've been and serve you ads.
Wait, What Privacy Problem?
For years, internet advertisers have deflected concerns around cookies by talking about how they aren't collecting PII. PII stands for Personally Identifiable Information, and generally refers to things like your name, address, phone number, and other information which can be linked directly to who you are as a person. Things like your interests and sites visited typically don't fall into this category - if I tell you someone looked at buying a boat, that doesn't tell you much about who they are.
This... didn't work all that well. It turns out that people have gotten used to having their names and addresses used for marketing - junk mail has been around since the 1880s - and people are very much used to seeing their names and addresses on marketing materials. Meanwhile ask someone if they're cool knowing what sites they've visited and they will become privacy advocates very fast.
Admittedly, some of this was a problem of the ad industry's own making: By going hard on the marketing for big data, on the idea that everyone, everywhere was creating mountains of data which could be used to know and understand them, to the point of predicting their purchases and activities, the industry unwittingly sowed the seeds for some of that fear. And the thing is, build a big enough profile of someone's geography, browsing history, and online activity, and you can probably get pretty close to predicting who they are.
This all led to third-party cookies becoming the focus of consumer ire, the rise of privacy watchdog groups, and a complete shift in policy from two of the largest companies in the world. But we'll talk more about that next week.
Next week: Cookies, Privacy, and a clash of titans
Comentários