The importance of first-party data in a world of changing cookies

We summarise the cookie changes and give some insight into what companies should be doing next.  

What changes are coming and how might they impact you?


Third- party cookies are being phased out with Google announcing it would be phasing these out in 2024.  

The phasing out of cookies could have a significant impact on organisations as they are used to tracking how people interact with websites, which allows analysis of user behaviour and to target, and retarget, prospective and current audiences more effectively.  

Without cookies all organisations will have less data to inform their marketing and outreach strategies. 

This could lead to a decrease in site visits and revenue as companies struggle to reach the right people with their message. 

What are Cookies?

As small pieces of data stored in a web browser, cookies allow websites to remember certain information about a user; such as the site visited, login information and pages the user viewed on the site. 

What are first party cookies? These are NOT being phased out: 

First-party cookies are directly stored by the website (or domain) you visit. These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions that provide a good user experience. 

What are third party cookies? These ARE being phased out: 

A third-party cookie is placed on a website by someone other than the owner (a third party) and collects user data for the third party to then use.  Typically, providers such as an advertising networks, or social media websites place third party cookies receive a ‘notification of visitation’ confirmation. 

Google uses first-party data for user preferences and authentication and third-party cookies for advertising.  

The first-party cookie only gets data from the site the user accessed. Whereas third-party cookies let other sites access data.  

Why is this change happening? 

Primarily this is a response to user privacy concerns around how third-party cookies collect user data and pass it to third parties. The change also complies with new regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). More on them below. 

Users want choice and control over their personal data, and industries are having to listen. Tech companies are phasing out third-party cookies from their respective browsers in order to provide users a deeper sense of security. Regulation now means that website visitors now must opt-in to enable third-party cookies. 

Impact of regulation 

In 2017, economists began referring to data as being “more valuable than oil.” Today, 87% of consumers are concerned about how their personal information is being used. Governments have stepped in to enforce regulations that give individuals more rights over their data. A few of the notable laws impacting the way third-party data is collected and used include: 



The ePrivacy Directive, also known as the Cookie Directive, was the impetus behind cookie consent pop-ups’ proliferation. Under the ePrivacy Directive, websites that target individuals in the EU must: 

  • Obtain users’ consent before using any cookies (except strictly necessary cookies). 
  • Tell users about each piece of data the cookies track and their purpose – in plain language. 
  • Document and store user consent. 
  • Give users the option to access content and services even if they refuse to allow certain cookies. 
  • Enable the users to withdraw their consent at any time. 




The GDPR is the most comprehensive data protection legislation to date.  Recital 30 of the regulation states: 

 “Natural persons may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, cookie identifiers, or other identifiers such as radio frequency identification tags. This may leave traces that, particularly when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.” 


Cookies qualify as personal data and are subject to GDPR. This means companies can process user data as long as they’ve received consent or have a legitimate interest. 




The CCPA classifies cookies as personal information. While the CCPA doesn’t make businesses obtain opt-in consent for cookies, it does require them to disclose what information they collect and the purposes of collection. It also says businesses that sell the personal information collected by cookies must inform users of such sales and allow them to opt-out of the sale of their personal information.

What will the main impact be? 

The elimination of third-party cookies will significantly affect an organisation’s ability for retargeting by making it more difficult for advertisers to monitor the web activity of potential customers or use that data to inform their wider marketing strategies.   

In addition, the loss of cookies will make it harder for publishers to monetise their websites, as they will no longer be able to sell targeted advertising. 

Safari and Firefox already allow their users to refuse all third-party cookies but with Google Chrome having almost 70% (desktop & mobile) browser market share the main impact has yet to be felt. 

Adform’s latest study shows, despite 75% of companies globally acknowledging that the deprecation of third-party cookies will impact their business, over 78% of marketers don’t have a tested solution in place. 


What are the main alternatives to third party cookies? 

Most companies have started experimenting with alternatives to third-party cookies to ensure they can market effectively and minimise disruption.  The main alternatives currently being tested include the following as follows: 

  • First-party data 
  • Identity solutions 
  • Publisher Provided Identifiers (PPIDs) 
  • Contextual advertising 
  • Data Pools or Data Clean Rooms 
  • User Identity Graphs 
  • Digital Fingerprinting

Many of the alternatives that companies will migrate to rely on a firm data strategy and technical ability for the collection, retention and analysis of first party data.  

A solid first-party data strategy is something that every organisation should have in place, or be looking to adopt immediately. 


What is first-party data? 

First-party data is information a company collects directly from its own sources such as its customers.  In other words, information about customers from both online and offline sources, such as the organisations website, app, CRM, social media, customer helplines or surveys, all this data collected directly from the customer is classed as first-party data. 

Why should organisations focus on first-party data? 

Marketers and publishers value first-party data the most, here are the five main reasons this is the case; 

Increased relevance 

First-party data takes the guesswork out of determining who your audience is since it’s collected directly from their behaviours and preferences. 


With first-party data, you eliminate the middleman. Data that comes straight from the source is more likely to be accurate. It’s also easier to manage privacy-related issues because you know exactly where the data originated.  


Organisations have access to first-party data right now. It’s stored in their CRM and across other operational areas of the business. 


Because it’s your data, there’s no cost associated with first-party data. The only cost is the advertising you use to draw users to your website and the tools you use to measure the insights, which you were probably paying for anyway. 

Create a better experience

First-party data allows you to gauge customer intent and position in the buying journey. By seeing what your audiences are interested in, you can personalise their experiences by suggesting products and content your customers want to see.

Organisations can collect first-party data from a number of sources throughout their day-to-day operations.


Problems faced: 

However, collecting the data is not the primary issue. Many companies struggle with:

  • Collecting customer and prospect data in a compliant manner 
  • Aggregation of data from all available sources 
  • Giving data subjects the right tools that build trust 
  • Using first party data to generate insight and deliver on organisational needs 

Next steps 

To understand more about this topic and develop a strategy to mitigate the upcoming cookie changes whilst delivering a privacy first organisation, please contact one of the team. 


Related Posts