A web cookie, also known as an HTTP cookie, is a tiny snippet of data that gets added to a user's web browser when they visit a website. The code is stored in the user's browser for a period set by its creators (or until the user deletes it) and helps the website remember information about the visit. This technology is used to facilitate various functions, including:
- Storing stateful data (e.g. the items you've added to your shopping cart on an e-commerce site)
- Retaining data previously entered into forms (used for autocomplete functions)
- Saving user preferences
- Authentication, communicating a user's account details and log-in status
- Recording user activity
Whether directly or indirectly, all of these web cookie functions have been used to facilitate digital marketing. However, the landscape is undergoing its most significant change in a decade.
How Cookies Traditionally Power Digital Marketing
For years, cookies have been the engine for many types of digital marketing. They store user data and behaviour information, which allows advertising services to target audience groups according to variables including age, gender, location, interests, and behaviour on websites, search engines, and social media.
This data has been fundamental to two key areas: targeted advertising and performance measurement.
Historically, platforms like Google Ads (rebranded from Google AdWords in 2018) and Google Analytics relied heavily on cookies. In Google Analytics 4 (GA4), the current version of the platform, first-party cookies like _ga and _ga_<container-id> are used to distinguish between users. These cookies typically last for two years, with the expiry date refreshing on each new visit.
This tracking is essential for measuring success. If you're using Google Ads and don't have conversion tracking in place, you're doing it wrong. With the full retirement of Universal Analytics on 1 July 2024 (or 1 July 2023 for standard properties), all tracking now runs through GA4. Conversion tracking helps you assess the effectiveness of your campaigns by logging when a user who reached your site via an ad completes a key event, such as making a purchase or submitting a form.
This works by linking your GA4 and Google Ads accounts and importing your designated "key events" from GA4 into Google Ads as conversions. To get the most out of it, you can assign monetary values to these conversions, allowing you to see the cost-per-conversion and return on ad spend (ROAS) for your campaigns. This helps you identify which ads are bringing in the best returns and which ones you should cut.
The Great Disruption: Phasing Out Third-Party Cookies
The traditional marketing playbook, especially for cross-site retargeting, is being rewritten. The catalyst is the deprecation of third-party cookies, a process led by Google in its Chrome browser.
While other browsers like Safari and Firefox have blocked third-party cookies for years, Chrome's market dominance makes its move a seismic shift for the advertising industry. The timeline has been fluid, but the direction is clear.
Google began its "Tracking Protection" test on 4 January 2024, restricting third-party cookies for 1% of Chrome users. While the initial plan was to phase them out completely by the end of 2024, this was delayed to "early 2025" to allow more time for testing and regulatory engagement.
In a major policy update in April 2025, Google announced it would not roll out a new standalone user prompt to deprecate third-party cookies. Instead, it will maintain the existing user controls in Chrome while continuing to develop its Privacy Sandbox technologies as tools rather than mandatory replacements.
Despite the revised approach, the message for marketers is unchanged: the era of relying on third-party cookies for cross-site tracking and advertising is ending.
The New Playbook: Marketing in a Cookieless World
As third-party cookies fade, a new set of strategies and technologies is emerging. The future is built on first-party data and privacy-preserving tools.
Google's Privacy Sandbox
This is Google's suite of APIs designed to support advertising use cases without cross-site tracking. Key components include:
- Topics API: Allows a browser to share coarse-grained topics of interest (e.g., "Fitness," "Travel") based on recent browsing history, enabling interest-based advertising without revealing specific sites visited.
- Protected Audience API (formerly FLEDGE): Designed for remarketing and custom audiences, this API enables on-device auctions to show relevant ads without reporting user browsing activity back to advertisers. It is important to note, however, that as of October 2025, Google's status overview lists this API as "scheduled for phaseout," indicating a potential shift in its long-term role.
- Attribution Reporting API: Helps measure when an ad click or view leads to a conversion, such as a purchase, without tracking individuals across sites.
Authenticated Identifiers
The industry is also developing its own solutions. One of the most prominent is Unified ID 2.0 (UID2), an open-source framework driven by The Trade Desk. UID2 creates an identifier from a user's hashed and salted email address or phone number, provided with their consent. By 2025, it has seen significant adoption from major publishers and platforms like iHeartMedia and Perion, positioning it as a key alternative for addressability in the cookieless world.
Cookieless Measurement in GA4
Google Analytics 4 itself has built-in tools to navigate the new landscape:
- Google Consent Mode: This allows you to adjust how Google tags behave based on the user's consent choices. In "Advanced" mode, if a user denies consent for analytics cookies, tags can still send anonymous, cookieless pings.
- Behavioural and Conversion Modelling: Using these cookieless pings, GA4 applies modelling to fill the data gaps left by users who decline cookies. This provides a more complete picture of site traffic and conversions in your reports, even with incomplete data.
Navigating Cookie Privacy and Regulations in 2025
The technical changes are happening alongside an evolving regulatory landscape. Techniques that were once common practice are now under intense scrutiny.
In the UK, the Information Commissioner's Office (ICO) published updated "Guidance on the use of storage and access technologies" on 20 December 2024, with the latest update on 7 July 2025. This guidance clarifies that the rules (PECR and UK GDPR) apply not just to cookies but to a wide range of tracking methods, including tracking pixels, device fingerprinting, and navigational tracking.
One technique the original version of this article called "controversial" was email retargeting, where anonymous web visitors are sent marketing emails after their IP address is matched to an email address. The ICO's position is now clear: this is not just controversial, it is regulated. The ICO considers online identifiers like IP addresses to be personal data in many contexts. Using them for marketing purposes requires explicit consent under PECR and a lawful basis under UK GDPR.
The message for marketers is clear: there's a lot we can do to improve the way we use the personal data of customers. While older reports from bodies like the Chartered Institute of Marketing (CIM) showed a gap in understanding data laws, the core lesson remains vital. Building trust through transparency is no longer just good practice–it is a legal and strategic necessity. We would argue that the answer is not to ditch innovative techniques, but to use them responsibly and in a way that enhances the user's online experience. Retargeting Technqiues That Work.
How to Manage Your Cookies and Prepare for the Future
As a user, it's insightful to see what data is being stored in your own browser. As a marketer, it's essential to understand the user's experience and the controls they have.
Google's official 2025 instructions for Chrome make it simple to view and manage your cookies.
On a computer:
- Go to Chrome's settings (three dots) → Privacy and security → Third-party cookies.
- Select "See all site data and permissions" to view and remove data for specific sites.
- You can also choose your default settings, such as blocking all third-party cookies.
On Android:
- While on a site, tap the lock icon to the left of the address bar.
- Tap "Cookies and site data" to view and delete the data for that site.
Viewing your web cookies can be a thought-provoking experience. Each one is designed to support a certain function and to subtly colour your experience of the internet.
For marketers, the path forward is clear. The decline of the third-party cookie is not the end of digital marketing, but a call to evolve. Success in this new era will depend on building direct relationships with customers, mastering first-party data strategies, and embracing new, privacy-centric technologies. While the tools are changing, the goal remains the same: creating a better experience for your users and a better marketing setup for yourself.
Citations:
"Source: blog.google"
Source: blog.google, 2025
https://blog.google/technology/ads/new-advertising-brands/"Source: developers.google.com"
Source: developers.google.com, 2025
https://developers.google.com/analytics/devguides/collection/ga4/tag-options"Source: developers.google.com"
Source: developers.google.com, 2025
https://developers.google.com/analytics/devguides/collection/ga4/reference/config"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/analytics/answer/9973999?hl=en-uk"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/google-ads/answer/2375435"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/analytics/answer/14710559"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/google-ads/answer/13064032"Source: blog.google"
Source: blog.google, 2025
https://blog.google/products/chrome/privacy-sandbox-tracking-protection/"Source: privacysandbox.com"
Source: privacysandbox.com, 2025
https://privacysandbox.com/intl/en_us/news/update-on-the-plan-for-phase-out-of-third-party-cookies-on-chrome/"Source: blog.google"
Source: blog.google, 2025
https://blog.google/products/chrome/privacy-sandbox-tracking-protection/"Source: privacysandbox.google.com"
Source: privacysandbox.google.com, 2025
https://privacysandbox.google.com/topics/"Source: privacysandbox.google.com"
Source: privacysandbox.google.com, 2025
https://privacysandbox.google.com/private-advertising/protected-audience-api"Source: privacysandbox.google.com"
Source: privacysandbox.google.com, 2025
https://privacysandbox.google.com/overview/status"Source: developer.chrome.com"
Source: developer.chrome.com, 2025
https://developer.chrome.com/docs/privacy-sandbox/attribution/"Source: iheartmedia.com"
Source: iheartmedia.com, 2025
https://www.iheartmedia.com/press/iheartmedia-announces-adoption-unified-id-20-through-integration-trade-desk-enhance-audio"Source: perion.com"
Source: perion.com, 2025
https://perion.com/press/perion-announces-adoption-of-unified-id-2-0-powered-by-the-trade-desk-to-bridge-first-party-data-and-omnichannel-scale/"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/analytics/answer/10000067?hl=en"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/analytics/answer/13644080?hl=en-NA"Source: ico.org.uk"
Source: ico.org.uk, 2025
https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guidance-on-the-use-of-storage-and-access-technologies/"Source: ico.org.uk"
Source: ico.org.uk, 2025
https://ico.org.uk/for-organisations/guide-to-data-protection/what-is-personal-data/"Source: ico.org.uk"
Source: ico.org.uk, 2025
https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/electronic-and-telephone-marketing/electronic-mail-marketing/"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB&p=cpn_cookies+"Source: support.google.com"
Source: support.google.com, 2025
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en-GG