The End of The Third-Party Cookie | All You Need To Know

2024 is a decisive year for digital marketers, largely due to Chrome phasing out the third-party cookie. But what does this mean, technically and strategically?
Table of Contents

It’s been a long time coming.

Google’s decision to phase out the third-party cookie in Chrome was announced in 2020 and has been postponed a couple of times. But as of May 2023, Google declared that they had reached a point of no return and would begin the process in January 2024.

First, the support for third-party cookies in Chrome would be turned off for 1% of its users worldwide, which is approximately 30 million people.

And by the end of 2024 – 100% of its users will be affected.

Google phasing out the third-party cookie in Chrome is a big deal because Chrome has a global market share of approximately 60%.

So, what does this mean for you as a digital marketer?

A lot.

Let’s break things down.

What is a cookie?

In the early 1990s, when the World Wide Web was new, and people weren’t sure if it would be “a fad,” there was a popular web browser called Netscape.

Surfing the web back then was a bit primitive. Browsers could not remember if you, for example, had put something in your shopping cart. So it was quite an “unmemorable” experience, one might say (pun intended).

So, a young engineer at Netscape, Lou Montulli, developed the cookie, or what we today call the “session cookie,” to address this lack-of-memory issue.

And Netscape shared his invention with other browsers. 

The people at Netscape were internet pioneers. They cared for the success of the World Wide Web and for privacy, and were keen on not creating a solution with a “too good of a memory.” Because they feared the implications for the web as a marketplace and community if browsers got technologies that could track people in a surveillance-like manner across sites. They believed that the session cookie was the least harmful solution.

But then the cookie was “hacked”.

What is a third-party cookie?

Two years after the Netscape cookie was introduced, a more invasive cookie came into force—the third-party cookie.

This cookie made it possible to track visitors’ activities from one site to another. It was a feature the “advertisers” (or stakeholders who wanted to offer advertisers a new way of reaching potential clients and customers) desired.

This technology made it possible to target a specific person with ads for products he or she had seemed interested in a few sites back in their browsing journey—a.k.a. remarketing.

Montulli said he was caught off guard. And realized that he, and Netscape, now had three choices:

  1. Do nothing.
  2. Block third-party cookies on Netscape.
  3. A compromise where each Netscape user would get the option to control which cookies were allowed to tag along on their device.


The choice fell on no. 3. 

As much as they feared the implications, they also wanted the web to take off and recognized that it needed a financially sustainable business model. And micropayments weren’t a thing back then.

Regulating the third-party cookie

The discourse about the third-party cookie has thus been with us almost since the birth of the HTTP protocol. Lou Montulli has expressed that there will never be an absolute technical solution to safeguard website visitors’ integrity forever; for every restriction, ad blocker, etcetera, there would be a counter solution—a workaround. He said he understood the need for regulations and thought lawmakers had to keep phase and regulate the web accordingly.

With the ePrivacy directive in 2002, the GDPR in 2018, and subsequent privacy regulations in other parts of the world and on the state level in the US, we have, in some ways, gone full circle.

Today, consumers and their legislators have demanded/are requesting a sustainable business model for the web that respects users’ right to privacy and delivers more safe, transparent, and trustworthy reporting for where ads are displayed.

So, we have reached a point where the largest ad-tech stakeholder—Google—has decided to promote a more privacy-friendly browsing experience by deprecating the third-party cookie.

However, Chrome is not deprecating the third-party cookie in the same manner as, for example, Safari and Firefox.

But before we clarify what this means, let’s first address why first-party cookies are not going anywhere and why you will still need to collect consent in a post-third-party cookie world.

A third-party cookie is not a first-party cookie

First-party cookies are enabled, come from, or are placed on a visitor’s browser through a JavaScript code that you, as a website owner, have inserted on your site.

This happens when you, for example, enable services like Google Analytics, Hojtar, or Facebook on your website by placing a small script into the HTML code of your site. This script can then place cookies on your visitor’s web browser. How many cookies a certain script places, and each of their purpose, depends on who the service provider or vendor is. For example, cookies placed by Hubspot do their “thing,” as do cookies set by Meta/Facebook, etc.

These cookies are (most often) defined as first-party because they are set by your website domain and, hence, the site the visitor is directly interacting with, thanks to the script you chose to activate. This makes you, the website owner, and your domain “the first party.” 

However, even though these cookies originate from your site, you must still obtain consent from each visitor before these scripts are allowed to place cookies on their browsers, especially for cookies not essential to the website’s functionality.

Third-party cookies, on the other hand, gain access to your visitors’ browsers through external services embedded in your site, such as:

  • An embedded YouTube video,
  • A social media widget,
  • Google Maps,
  • An ad widget from an ad display network.


These external elements place cookies on your visitor’s browser for their own purposes, such as tracking across multiple sites for targeted advertising, which you might not have been aware of when you decided to include such services.


While the distinction between first- and third-party cookies primarily lies in what domain places the cookie and for what purpose, it’s also worth noting that those scripts you intentionally placed can sometimes set what can be defined as third-party cookies—meaning they are set from a different domain than yours—with the ability to do that kind of cross-site tracking which has rendered them obsolete.

A proper Consent Management Platform (CMP) automatically separates third-party cookies from first-party cookies and classifies them according to more variables*.

Getting a CMP is a good way for you to get a map of what services you have activated on your website so you can consider what you would like to keep and what you need to adjust. When placing a service on a website, like, for example, the Facebook pixel, it is essential that you calibrate that service so it does not set cookies that you do not want it to—regardless of whether they can be defined as first-party or third-party.

*Note that cookies can be classified in more ways than which domain sets them, for example lifespan and purpose.

Ok, so with this clarified. Let’s get back to the deprecation of the third-party cookie and what is intended to “take its place.”

What will replace the third-party cookie in Chrome?

As mentioned, Firefox blocked the third-party cookie by default in 2019 while implementing its Enhanced Tracking Protection (ETP) feature.

Apple’s Safari followed in 2020 through its Intelligent Tracking Prevention (ITP) feature. These features do not outright disable the possibility of retargeting but make it very challenging to show targeted ads for individuals based on their browsing history. And in addition to that, they include other privacy-enhancing features. (More on this further down this blog post.)

Other smaller browsers have done something similar.

Google has not wanted Chrome to follow suit in the same way because Google is a major ad-tech stakeholder and has, therefore, been invested in finding a new web standard that does not “kill off” this revenue stream entirely. So they have, one could say, tried to find a way to both have the cookie and eat it through a cross-industry collaboration called the Privacy Sandbox (PS).

The Privacy Sandbox has been (and still is) an iterative process where different APIs have been developed and deployed for testing. This process seemed to have reached a breakthrough in mid-2023 when the Privacy Sandbox initiative announced that they would release six new (cookie-replacing) APIs for Chrome version 115.

These were/are:

  1. Topics API
  2. Protected Audience
  3. Attribution Reporting
  4. Private Aggregation
  5. Shared Storage 
  6. Fenced Frames


These APIs are not necessarily “eternal,” and more will probably come. You can go to the Privacy Sandbox Website to track the progress. That site also gives you a comprehensive view of how Google is working to make Chrome more privacy-friendly while enabling non-invasive targeted advertising. 

But here’s a short rundown to give you a sense of what these APIs are trying to do or solve.

Topics API

This API enables the browser to show people ads based on what people like or are interested in—based on what “topics” they care about – without tracking them. A topic can, for example, be fitness, travel and transportation, or books and literature. Currently, there are supposed to be about 350 topics.

For the Topics API to work, it has to have been activated on a website. If you are a website owner who writes about and sells books, then a visitor who frequently visits your site can be categorized into the “books and literature” topic.

Protected Audience API

Note that the Topics API categorizes users into broad topic areas. Also, note that it is website-based.

Protected Audience API, on the other hand, is about specific interest groups. And it is a browser-based membership.

If a user visits a site that wants to advertise its products, an “interest group owner” can ask the user’s Chrome browser to add a membership for that interest group.

This API is illustrative because, traditionally, ad platforms have learned about user interests by tracking their behavior across sites. This API wants the user’s browser to hold the information about what the person is interested in—instead of the advertiser or ad tech platforms.

Attribution reporting API

This one helps the advertisers understand which ads work the best—without giving away who looked at the ad and who converted.

Private aggregation API

This one is no longer featured on the Privacy Sandbox Timeline because the trials for it has ended, and it is fully (99%) available.

Private Aggregation API is like Attribution Reporting API but in an aggregated way—a reporting based on the data from the Topics API and Shared Storage (see below).

Shared storage

Shared Storage allows advertisers to show “the right ads” to visitors without accessing any information about the visitor.

So, according to the Privacy Sandbox Initiative, it lets the website remember information about what a visitor does on different sites, but in a way that keeps the visitor’s browsing private. 

The data is said to be processed in a secure place that keeps the visitor’s information hidden from the advertisers.

Fenced frames API

Fenced Frames API allows websites to display ads without that display window being able to track or collect information about the visitor looking at the ad or tracking the visitor across the web. Think “a privacy-safe iFrame.”

How the third party cookie deprecation impacts different stakeholders

The third-party cookie deprecation in Chrome is a dynamic process with many moving parts.

And its story has several sides, depending on where you stand. I.e., depending on if you are a Consumer, Marketer, Publisher, or Adtech Vendor.

The consumer & the third party cookie deprecation

For a consumer or private person surfing the web through Chrome, it will mean specific prompts popping up asking for preferences and consent. One is the Tracking Prevention, which, from the URL bar, informs you that you are browsing with more privacy, which you can then say ok to or change. Tracking Prevention was launched in January 2024.

The Digital Marketer & The Third Party Cookie Deprecation

For you as a digital marketer, it is not so much that Chrome is deprecating the third-party cookie as what they are replacing this technology with—see the section above about the new APIs. But the most essential part of the latter is understanding the Google products you have or want to keep using:

So, hone in on how Google’s web analytics and advertising products fit into this new “privacy-friendly” browser ecosystem. Do so by becoming friends with GA4 and staying on top of Consent Mode v2. This is a good starting point, at least if you want to continue understanding the accuracy of your web analytics, the efficiency of your ads, and how to optimize the latter when we all move into this new Chrome experience.

In parallel, it is also wise to get comfortable with the concept of first-party data and how to set up your durable first-party data strategy. Looking for ways to diversify your ad strategy by, for example, exploring new independent options for contextual advertising, like this one from Kobler, is also advisable.

Chrome is, after all, not the only (soon to be) third-party-cookie-less browser on the market, and the reason for this is not only more enforcement and additional regulations but steadily increased consumer awareness around privacy and a positive correlation between digital trust and brand value.

For a deeper understanding of what the deprecation of the third-party cookie means for you as a digital marketer, see a bit further down in this blog post.

The Publisher & The Third-Party Cookie Deprecation

The web lowered the barriers to entry for anyone who wanted to create and distribute content. It became a network based on convenience, immediacy, and broadly available information online. And it has been revolutionizing.

But for publishers in the classical sense—journalistic publishing—the web evolution has deprecated their ad-based revenue streams, forcing them to adjust their business model to stay relevant for advertisers—not just by going online, but by trying to stay alive online in what has become a codependent relationship with the walled gardens in today’s web.

That the web challenged the publishing industry was not a problem within itself. What made the situation problematic was the nature of the ad revenue model underpinning the change and growth of the World Wide Web. Since it was fueled by unconsented personal data made available with third-party cookie technology.

Hence, the third-party cookie made the web fertile for emerging ad-tech companies like Google and Meta (formerly Facebook) and other walled gardens that wanted to offer ecosystems for hyper-targeted advertising based on granular profiling.

So now what? 

A technology that has changed and rattled the publishing industry to its core is about to hit the history books. What does this mean for publishers today?

First, publishers have rolled with the punches during the last two decades and diversified their revenue streams by exploring subscription paywalls, sponsored (native) content, etc., to create more value for their readers and advertisers. Doing so has taught them the value of first-party data, i.e., first-hand information about their customers and audiences. And expressly—consented—first-party data. 

With the third-party cookie on its way out, the value of—consented—first-party data and how to leverage it are becoming a strategic asset for every website owner and company wanting a trust-based relationship with the market, not just the publishers with a capital P. 

However, publishers are aptly positioned to continue leveraging the first-party data and build more strategies upon it. And they are.

The Adtech Vendors & The Third-Party Cookie Deprecation

At the heart of the cookie issue is advertising.

Ad-tech vendors are thus the stakeholders most acutely or directly affected by the deprecation of the third-party cookie and other tracking-limiting and privacy-enhancing features browsers impose.


Because third-party cookies are how ad-tech vendors can offer behavioral advertising solutions (to both publishers and advertisers) based on information like where a visitor is located and what he or she is browsing and buying online.

The third-party cookie, therefore, also enables the technology that automates the instant sale and placement of ads, including real-time bidding, by providing necessary data for these processes.

To summarize, the features and services that ad-tech vendors, specifically, and digital advertising, in general, can thank the third-party cookie for range from identification, frequency capping, measuring performance and attribution, audience activation, and cookie-syncing or matching between, for example, demand-side platforms and supply-side platforms.

Naturally, the ad tech industry stands to lose from the demise of the third-party cookie. Especially the vendors that operate outside the walled gardens. Because walled gardens—like Google’s Play Store, Google’s own ad-tech ecosystem, Google’s Youtube, Meta’s Facebook, Apple App Store, and other such closed platforms or ecosystems—have access to vast amounts of first-party data they can capitalize on in the third-party-cookie-less era.

To adapt, ad-tech vendors are seen to move in two directions.

On the one hand, some ad-tech companies are leveraging the value of first-party data by providing first-party data tools and services to businesses.

We also see how they diversify into Data Clean Rooms (DCRs). In this environment, first-party data from different sources can be aggregated and analyzed without, allegedly, exposing sensitive details or violating privacy regulations.

On the other hand, ad-tech vendors and the ad-tech ecosystem are developing alternative identifiers to take the third-party cookies place, but allegedly in a more privacy-friendly way. For example, Unified ID and ID5. So basically, an aim to create their version of Google’s Privacy Sandbox APIs.

The Third-Party Cookie Deprecation & Other Web Browsers

Chrome phasing out the third-party cookie has become synonymous with the end of the third-party cookie. As mentioned, this is because Chrome has the largest global market share, with more than 60%. And as also mentioned, the cookie deprecation did not begin with Chrome.

Apple and Mozilla announced in 2017 that their Safari and Firefox browsers, respectively, would say goodbye to third-party cookies. Apple now blocks first- and third-party cookies on Safari by default. Mozilla blocks third-party cookies by default and gives users control over the level of protection they prefer, with options to enable strict blocking or customized settings. 

Also keep in mind the app echo system. For example, in 2022, Apple required third-party apps running on their devices to obtain opt-in consent before they were allowed to track user activity on other companies’ apps and websites and launched a privacy feature in iOS14.5 called App Tracking Transparency Framework (ATT).

Safari's Intelligent Tracking Protection

Apple’s web browser Safari introduced Intelligent Tracking Prevention (ITP) in June 2017. This means that ITP became a feature of Safari’s WebKit browser engine, which was designed to limit cross-site tracking by restricting the use of cookies and (as of lately) all browser storage.

The impact of ITP extended across the market, particularly because Apple mandates that all web browsers on iOS use WebKit as their underlying browser engine. This requirement means that ITP’s tracking limitations affect not only Safari but also other browsers running on iOS devices, including Chrome for iOS, Firefox for iOS, Microsoft Edge for iOS, and Opera for iOS.

What does this mean?

Broadly, ITP has three implications:

  1. Third-party cookies are entirely blocked.
  2. First-party cookie restrictions: If a user does not interact with a website for seven (7) days, Safari erases first-party cookies set from the client side (the browser) and other browser storage items—regardless of whether the user has consented.
  3. Certain first-party cookies are exempted from the 7-day rule: Cookies set from the server side are good to go if they are not part of the so-called CNAME cloaking, which is a technique used to disguise third-party cookies as first-party to avoid detection by tracking protections like the ITP.

How does Safari's ITP affect digital marketers?

As with the third-party cookie deprecation in Chrome, what Safari is doing in Chrome affects you as a digital marketer in broadly three (3) ways:

  1. Your ability to track users’ activities across sites is very restricted, making it challenging to work with retargeting and personalized content strategies. 
  2. Since first-party cookie storage and other site data are erased if a user does not interact with the site for seven days, it skews how your returning visitors are counted, potentially underestimating repeat engagement and deflating your returning cohort. 
  3. Attributing conversions or engagement to specific marketing efforts becomes difficult.


So in one sentence: It makes it harder for you to trust the numbers you are used to study.

Firefox Enhanced Tracking Protection

Firefox’s version of ITP is called Enhanced Tracking Protection (ETP) and was rolled out in 2019. Firefox, by the way, belongs to Mozilla, which is an open-source project that sprung from Netscape. Firefox has a smaller market share than Safari but is still one of the more prominent browsers on the market.

What does the ETP mean?

Broadly, the ETP has, similar to Safari’s ITP, three implications:

  1. ETP blocks known third-party tracking cookies straight out of the box, using a regularly updated list of trackers.
  2. ETP also blocks fingerprinting and other hidden tracking methods, including “crypto miners,” which can use your device’s power without your permission.
  3. And with ETP’s Total Cookie Protection Firefox  ensures that first-party cookies are not misused for cross-site tracking.

How does Firefox ETP affect digital marketers?

For digital marketers, Firefox’s ETP shakes up the scene in two key ways:

  1. Retargeting Gets Rougher: Like with Safari’s ITP, tracking users across different websites becomes harder. If your marketing relies heavily on retargeting ads based on users’ browsing history, ETP’s blocking of third-party cookies will throw a wrench in your plans.
  2. Your Analytics Might Miss Some Marks: Although first-party analytics generally fare better with Firefox than with Safari’s ITP, the blocking of third-party trackers means some data points and user behaviors might not be captured as comprehensively as before.

Being Brave & Living on the Edge

Several other browsers on the market have also taken steps towards blocking third-party cookies and/or implement other privacy-enhancing measurements.

Two worth mentioning are Brave and Microsoft Edge.

Brave Web Browser

Brave has been a privacy-focused browser from the get-go, blocking third-party cookies by default. It also incorporates additional features like HTTPS Everywhere. It also allows the user to customize its privacy settings more granularly.

Microsoft Edge Web Browser

Microsoft Edge is based on Chromium, meaning it runs on the same engine as Chrome. It, therefore, has privacy features similar to those in Chrome. But it has not (yet) blocked third-party cookies by default. Instead, it offers users an option called “Strict” if he or she wants to block third-party cookies.

In conclusion, the industry lacks a common standard for how the web is made privacy-friendly even though (almost) every web browser agrees that the third-party cookie is a thing of the past.

The lack of an industry standard for web browsers

Browsers are offering a more privacy-safe experience. As we have learned, how they do it differs, meaning there is no industry standard for how the third-party cookie is blocked or phased out and how other tracking technologies are being tackled.

Google has, however, strived to get broad industry acceptance for the solutions from the Privacy Sandbox Initiative. To succeed with that, they have needed other browsers and the World Wide Web-consortium (W3C) to approve—which has not happened.

Hence, when Google announced that they would go ahead with their process to phase out the third-party cookie and enforce the new APIs, they did so, knowing there would not be an industry-accept for it.

Albeit this may not have come as a surprise, it still highlights how uneven the digital landscape that lies before digital marketers and advertisers will be. It’s a coarse situation, making advertising and analytics complex, where one needs to consider how different browser restrictions affect analytics and retargeting for a certain part of one’s traffic and hence analytics, while also keeping track of what Chrome’s more permissive solution means.

So, how, then, should a digital marketer navigate this new landscape deprived of the third-party cookie?

Best practices for the post-third-party cookie web

Whether you see yourself as a digital marketing professional or if you represent a company and a website publisher, third-party cookie deprecation is an opportunity to take a step back to figure out what a sustainable marketing model would look like for you or your clients. 

And keep in mind that there isn’t a one-size-fits-all template when navigating and setting up a post-cookie strategy. But an excellent place to begin is on your website by doing a data and tracking-inventory and ensuring you collect legal consent.

1. Get a solid Consent Management Platform

By understanding how much data you currently collect and hold and where it came from, you can map out how much of that data you act on and how much is collecting dust and taking up unnecessary server space.

Begin by installing a Consent Management Platform (CMP), like, for example, Cookie Information, on your website. A solid CMP can scan your domains and point out data transfer risks, links to each vendor’s privacy policy, and more. This gives you a list of services placing trackers on your site.

Do you see services you didn’t know you had?

Do you need all of them?

With a Consent Management Platform at the heart of your digital marketing, you also ensure a consent-based approach when you set your post-third-party cookie strategy—enabling compliance with the GDPR, the ePrivacy directive, and other privacy laws worldwide.

2. Make sure you have legal grounds for collecting data

With a CMP in place, you also have a system for managing consent from your users/visitors, which is why a CMP is at the heart of a privacy-friendly marketing strategy—especially in a post-third-party-cookie world. Also, ensure that the CMP has built-in integration with Google Consent Mode v2—if you want to use Google Ads and Analytics.

The Consent Mode v2 APIs communicate with GA4, Google Ads, and a range of Google’s other ad-tech products—making it a vital gear in Chrome’s post-third-party clockwork. Google has also made Consent Mode v2 mandatory and thus as unavoidable as their third-party cookie deprecation.

3. Understand your third- and first-party cookie situation

When mapping your cookie situation as described in point no 1, leverage this information to analyze what role these cookies have in your current advertising strategy.

How much of your marketing budget and impressions are tied to behavioral profiling?

Depending on what you see, keep the following in mind:

  1. Google’s display network is vast; keep track of how the new retargeting system, based on the Privacy Sandbox initiative, will pan out in Chrome and evaluate its efficiency. Other Walled gardens like Meta’s Facebook are still alive, albeit pressure from enforcement authorities is getting stronger.
  2. Diversify with contextual advertising solutions, which is a growing market.

4. Rethink your KPIs

The widespread use of ad blockers, privacy-enhancing browser settings, and consumers acting on their distrust have made it increasingly challenging to trust web analytics data and whether what we, as digital marketers, are measuring is relevant.

With that in mind, the post-third-party cookie landscape can be viewed as an opportunity to become more quality-focused and less vanity-focused, to put things crudely.

  1. Prioritize engagement and conversion metrics: With the effectiveness of retargeting ads impacted by privacy measures across browsers and platforms—focus on KPIs (Key Performance Indicators) that reflect direct engagement and conversion on your site, such as session length, conversion rate, and specific action completions.
  2. Consider a privacy-focused web analytics tool: With GA4, Google has made significant changes to how data is collected and processed, and it primarily uses first-party cookies to track user interactions. So, it naturally fits into Chrome’s third-party cookie deprecation plan and with regulations. 

But depending on your needs, consider moving to an analytics tool with a higher privacy-compliance profile and data ownership, like Piwik PRO, which also offers a solution to handle your first-party data strategy. The latter is also central to your post-third-party cookie strategy.

5. Set up a first-party data strategy

Begin by auditing the first-party data you have. Is the quality good?

How are you leveraging it today? Could you increase the quality of it?

Do not just think about growing your existing first-party audience but also how to deepen the relationships.

And do not collect data about people you do not need or can motivate. The GDPR has a strict purpose limitation rule, and you do not need more information just for the sake of it.

With that said, be creative with it and use it for emails, newsletters, surveys, promotions, digital events, loyalty and reward programs, building communities, and so on—the sky’s the limit.

6. Is server-side an option for you?

A server-side setup is less susceptible to browser-based restrictions, like blocking third-party cookies; it also gives you better control over the data collection process. So, this is becoming a natural step for many website owners and marketers. Albeit it may not fit every marketing department’s budget.

Most platforms and services offer APIs to set up measurement and tracking from your servers, or a server, instead of the client side (meaning the visitor’s browser), including GA4 and Piwik Pro, Meta, etc.

If you choose to run things server-side, it is crucial that you adjust your Consent Management Solution (CMP) so it blocks scripts set from the server, based on user consent.

Luckily, this can be easy—if you run with a tag manager setup and a CMP with Google Consent Mode v2. For example, if you use Google Tag Manager with Consent Mode v2, the consent signals can be accurately managed and sent from there; the same goes for PiwikPro’s Tag Manager.

This demo show how this can be done.

Marrying a server-side setup with a consent centered digital marketing strategy will give you reduced reliance on browser-based “limitations” and better control over your data collection process—which are good foundations for building a more trustworthy relationship with your leads, customers, and markets.

At least if you do the server-side set-up for all the right, compliant, reasons.

Get Post 3P🍪 Prepared Today
Get your engine for consented data, and set up your digital marketing for some serious future-proofed success.

Can Chrome's third-party cookie deprecation be stopped?

The Competition and Markets Authority (CMA) in The United Kingdom, has decided to oversee Google’s move to phase out third-party cookies in Chrome—and implement the Privacy Sandbox APIs.


They are concerned about Google and Chrome’s market dominance and want to ensure that the oncoming changes do not give Google and the Chrome browser an unfair competitive edge.

CMA only has jurisdiction in the UK, but what they enforce Google to comply with will impact all markets. Google has also agreed to work under the CMA’s scrutiny, promising transparency and fairness.

So what have they said?

At the beginning of February, CMA stated that Google “must not design, develop or use the Privacy Sandbox proposals in ways that reinforce the existing market position of its advertising products and services, including Google Ad Manage,” and that it should be clearer on its plan for the long-term governance of its Privacy Sandbox.

To this, Google has answered: 

“We continue to move forward with our plans to phase out third-party cookies in H2 2024, subject to addressing any remaining competition concerns from the UK CMA. We are confident the industry can make the transition in 2024 based on all the tremendous progress we’ve seen from leading companies.”