What third-party cookie solutions is GAFA working on?

In many countries, the large GAFA corporations (Google, Apple, Facebook, Amazon) have already received large penalties for data protection violations. Google and Facebook, for example, faced fines in France as recently as December last year. The stricter rules and a certain desire to further expand market power have prompted the corporations to use their own rules for tracking.

While the browsers Safari and Firefox have long since rejected third-party cookies and Apple has introduced app tracking, Google is now following suit and has announced an end to third-party cookies by 2023. That should probably mean the global end for the technology. 

All corporations are already working on alternative solutions and other providers will also come onto the market with their data in the future.



Google has announced that it will purchase its third-party cookies on Chrome by 2023. Meanwhile, the company is working on its own solutions. Considering that almost 90% of Google's revenue is generated from advertising, it's also clear that a good alternative is needed soon. The latest variant is called Topics and is intended to replace the FloC model, which can probably be described as a failure.

In the near future, certain countries within the EU, Switzerland and Great Britain are planning a “Deny all” button and the successor to third-party cookies, the AdID. In addition, Google is currently working on a “Privacy Sandbox” and the FloC model (“Federated Learning of Cohorts”). 

With the “Privacy Sandbox”, users act in a protected area. With the FloC model, users are tracked as a joint cohort of at least 1,000 people who share the same interests. Advertising measures can still be targeted.

However, one criticism of this model is that it is still possible to identify individual users as soon as they are assigned additional characteristics. Companies like Microsoft, Apple and Amazon could hinder or block the system due to their concerns and their own systems.



Apple has long had a great interest in the privacy of its users and declared war on tracking as early as 2017. With the Intelligent Tracking Prevention, which was constantly being improved and refined, it was only possible to read cookies over a certain period of time. Since Safari 13.1, macOS 10.15.4 and iOS/iPadOS 13.4 the setting and reading of third-party cookies are now completely forbidden.

It is possible that Apple aims to use and sell the data itself, for example from the App Store and Apple Pay universe. 



Facebook is already facing a number of difficulties today: the more difficult app tracking, the GDPR-compliant use of Facebook pixels and the restrictions on tracking by the browser. For this, Facebook uses server-to-server tracking or (server-side tracking or, S2S). Cookies are no longer necessary here since tracking takes place directly via the web server. When a page is called up, a unique identifier is stored on the server and used for recognition. In this way, it can be identified how successful an advertising measure was. Bidding integration is also planned for Facebook S2S. 

Despite S2S, the data protection problems mentioned in connection with cookies still exist, because the user's consent must always be obtained.

Amazon uses its own and thus first-party cookies, of which at least the advertising cookies can also be selected/deselected by the user in their own account. However, Amazon currently also allows so-called approved third-party cookies to be used for limited advertising purposes. 



However, there are also indications that Amazon is developing its own identification of users that does not require cookies and can still display advertising. However, such a solution should only be used within the Amazon cosmos. Publishers would then have access to APS (Amazon Publisher Services) and on the buy-side, it would be Amazon DSP (Demand-Side Platform). 

Another solution that Facebook, Google and Amazon rely on is permanent login. Several million users are permanently logged in and permanently supply user data that can be used for advertising measures.



We know that we know nothing. In conclusion, one could say so. In Germany, there are still considerations that are referred to as log-in solutions, such as those of the Net-ID Foundation. At the last Horizon Congress in Frankfurt in June 2022, one problem in particular emerged. There will be too many different solutions that will force advertisers to invest even more marketing dollars in technology and consultants to help them use that technology. So what to do? Marketers need to keep a close eye on the ongoing developments and plan as reasonably in advance as possible. Likely things might change or alter slightly as 2022 progresses so it is imperative that advertisers stay close to this topic and be as prepared as possible.