6 minute read 19 Jul. 2021
Young women ordering christmas gifts online with credit card

How marketers can be ready for a cookie-less world

By Joel Wright

Senior Manager, Technology Consulting, Ernst & Young LLP

Experienced digital leader. Customer advocate. Creative problem solver. Passionate about providing results. Proud father of three. Avid supporter of Wolverhampton Wanderers FC. Breakfast enthusiast.

6 minute read 19 Jul. 2021

For better results in a changing landscape, you need customers’ data directly from them, linked to durable IDs and privacy compliance.

In brief
  • In 2023, the top internet browser globally intends to stop supporting third-party tracking cookies. Privacy regulations around the world are also evolving.
  • Creating a new system within these constraints requires careful planning — but marketing functions will then be equipped to deliver better results.

Although mostly an irritation for web users, third-party tracking cookies have long been a useful but imperfect way to target online ads and enable other marketing strategies. But in 2023, marketing functions must build out their toolkits to be prepared for a totally different environment.

That’s when the most popular internet browser globally will no longer support these cookies — while ever-evolving regulations, such as the European Union’s General Data Protection Regulation, also place hurdles on how companies must handle and protect personal data. These changes will undercut marketers who rely on traditional methods, with data architectures that make compliance a challenge.

But this is also an opportunity to build out newer and more powerful approaches to understand audiences better as individuals — not just the devices they use — and drive more specific targeting and greater personalization. Marketers know change is coming, yet delivering results will require companies to truly collect their own data about customers, with privacy compliance in mind, and develop authenticated, durable IDs for them. 

With the clock ticking, marketing leaders may have clearly defined goals but only an abstract notion of how to get there. Using the EY readiness model below, we will show you how, in a seven-part strategy.

The future

1. Leverage first-party data

First-party data, which you collect from consumers directly, is the most reliable and relevant for identifying your audience, how they engage with your brand, their path to purchase and the best way to reach them. This data is made up of customer interactions and touchpoints across your marketing, website and apps. When third-party cookies are phased out, emails addresses and other people-based, durable identifiers will need to be used — which is more suited for your needs than device-based tracking. (Data from second and third parties will continue to have a role to play, but not as prevalent.)

With first-party data, you’re better equipped for predictive modeling, in which artificial intelligence scrutinizes a consumer’s information to predict their next steps — for instance, by understanding how they use your organization’s app and what they’ve purchased in the past. They will see advertising and marketing that appears more personalized and relevant specifically for them.

2. Operate in a single online domain name

With one domain, it’s easier to track your customers authenticated and persistent IDs across their website experience, with unified first-party data management and availability. As your customers are logged in, you can recognize them, without duplication, across web and mobile to see their connected journey. You gain a holistic view of your customers as they interact with your brand, as well as a deeper understanding of potential cross-sell/up-sell opportunities that would have been obscured in a siloed, multi-domain environment.

Larger organizations tend to build multi-domains — based on geography or business diversity, for example — which create complexity, particularly when marketers can no longer use cookies to track activity across websites. Enabling the use of a durable ID to be used across these multiple domains and loading it from a website to another website is one of a few solutions that address how data can be collected in a cookie-less world. Data collection can also be used on the back end to help solve for this multi-domain use case and ID customers.

3. Capture people-based durable identifiers

People-based durable identifiers are like authenticated IDs, but they link marketers and advertisers, while addressing privacy concerns. Durable identifiers exist at the level of the individual — such as email address, phone numbers or even something new that will eventually be developed — to efficiently target them across platforms and reach audiences more effectively.

For example, hashed emails allow you to access valuable data on your customers and their online habits where they leverage the same email. This type of email has its own unique hexadecimal string that remains consistent across the web, tracing a customer’s logged-in activity across devices.

People-based identifiers are necessary for continuing to enrich consumer data from second and third parties, with different data sets linked together by neutral parties. Direct relationships with publishers and partners will become increasingly important to reach prospects, as the next steps show.

4. Develop second-party partnerships

Second-party data is another company’s first-party data that is shared with a partner, through a mutual/contractual agreement, either by dropping a container on the partner’s website or by exchanging files.

Such partnerships are particularly useful among companies with businesses that overlap in some way or have similar customer bases — for example, in how credit card companies and airlines can collaborate on branded cards with frequent flyer miles. Transparency with consumers is a must: they should be asked to affirm that this sharing is acceptable.

5. Use contextual and publisher targeting

In contextual targeting (a traditional tactic for marketers), an advertisement is placed beside relevant content — for instance, a hotel in Hawaii buying an ad to load in articles that are about traveling to Hawaii. This is similar to targeting with keywords through search engine marketing, rather than targeting consumers by their browsing history.

Separately, in publisher targeting, a business reaches out to a certain publisher to leverage their audience data (rather than through a demand-side platform), such as when a restaurant buys an online ad directly from the local newspaper, specifying readers within a certain city or area.

6. Follow privacy regulations

First-party private identifiable information, such as names and phone numbers, requires careful governance to manage data in accordance with local, regional and international regulations that continue to grow stricter. Such regulations cover what data can be captured and how, as well as how it is stored, shared and handled.

The process of managing customer data across marketing and advertising tech can be daunting and manual for companies that haven’t adequately prepared. Streamlined and integrated back-end systems are therefore a must, with the ability to label data for policy enforcement to restrict activation and reduce risk.

7. Enable a better platform for consumer control of their data

To comply with privacy laws, managing consumer consent in a centralized location is pivotal, especially as most privacy regulations cover data access requests and the right to be forgotten, which add complexity. Audiences are also becoming increasingly cognizant of privacy protections while still expecting a personalized experience.

When a consent management platform is integrated into your operations, customers’ data access requests about how their personal data is being collected and used, and by whom, can be automated to help ensure compliance. Without this setup, collating and distributing consent and preferences from various sources are challenges that expose you to risk.

Outside agencies obviously still have a role to play as the landscape shifts. But organizations that work with them should ensure that they own the data from the advertising/marketing campaigns, which is not always the case. Transparency remains crucial, especially if the data is being used by others for third-party targeting.

Some marketers no doubt feel trepidation about leaving cookies behind and entering a world with greater privacy regulatory risk. But when approached thoughtfully, this risk can be mitigated — and the opportunities for more effective data-driven marketing can be maximized. 


Those who prepare today to evolve their in-house function to quickly pivot can seize the upside while worrying less about the downside.

About this article

By Joel Wright

Senior Manager, Technology Consulting, Ernst & Young LLP

Experienced digital leader. Customer advocate. Creative problem solver. Passionate about providing results. Proud father of three. Avid supporter of Wolverhampton Wanderers FC. Breakfast enthusiast.