'Third-party cookies are already ineffective': Lessons from Google SameSite delay

The COVID-19 crisis has inadvertently provided a reprieve for developers who have been too slow to adapt to Google’s "SameSite" rules governing how its Chrome browser handles cookies.

Under new SameSite rules, which Google had been rolling out for the past few months, web developers had to explicitly allow their cookies to be read by third-party sites. If they did not, Chrome is meant to prevent third-party sites from accessing those cookies.

However, because of the massive disruption caused by the economic shock and social-distancing measures during the pandemic, Google has now decided to temporarily roll back these changes. This is to ensure that websites that perform essential services during the crisis, such as banking, grocery ecommerce or government services, will not be rendered unusable for Chrome users.

Google’s move has little to do with keeping marketers happy and everything to do with minimising disruption at an uncertain time, according to Richard Lloyd, GroupM's UK chief data officer.

Lloyd told Campaign: "It’s a responsible move… but shouldn’t be confused with the planned timeline to block third-party cookies by 2022. The more immediate concern for marketers should be that third-party cookies are already ineffective and inappropriate in our complicated, privacy-concerned advertising ecosystem.

"Rather than asking how long third-party cookies can last on life support, marketers should be seeking replacement solutions, which are transparent, compliant and effective across the multiple environments, devices and platforms that make up today’s modern marketing mix."

Google Chrome’s engineering director, Justin Schuh, insisted last week that most of the web ecosystem was "prepared" for the SameSite change, and that users and developers should no longer face disruption as Google now rolls back enforcement.

Last week, Google said it has no plans to delay the blocking of third-party cookies, a key digital advertising tool, on Chrome by 2022, in response to concerns from a group of key adtech companies.

Darren Guarnaccia, chief product officer at cloud-based content management system provider Crownpeak, warned that the move buys companies some time while they adapt business-continuity plans to market requirements, even if third-party cookie changes do not appear to be an immediate priority during the crisis.

Guarnaccia added: "This isn’t a green light for marketers to flout regulations or misuse consumers’ digital data. It is the chance to continue establishing a relationship based on trust and seamless experience, when users most need it."

Cookies allow advertisers to follow users around the internet to observe their web-browsing habits in order to personalise digital marketing. Since the European Union's General Data Protection Regulation came into force in 2018, publishers must make efforts to gain proper user consent for enabling cookies for the purposes of tracking.

Apple’s Safari and Mozilla's Firefox have moved first among the major web browsers to block third-party cookies.