It’s no secret that the 21st century to date has been a boon for advertising. With consumers flocking to the internet for all of their information and shopping needs, advertising technology has found many ways to collect behavioral information and use it to influence consumer behavior. And adtech sitting in the middle, collecting all that consumer data, prospered to the point that advertisers and brands could fully rely upon them for all of their targeting and measurement needs.
Think about it: the technology platforms responsible for serving ads across the web have wide-ranging visibility into exactly what ads are clicked, sites visited, and actions taken by consumers. All of it tied together with cross-site user identifiers (third-party cookies). This is all supplemented by massive identity graphs to tie together all of a consumer’s devices and other forms of identification. While advertisers have been limited to a full view of behavior on just their own websites, they can throw gobs of money at their adtech partners to leverage the wealth of user data the technologies collect and control.
But things have gotten out of hand. It turns out, once consumers became aware of how they were being surveilled across the web, they didn’t like it. Consumer sentiment has changed such that more than 90% of consumers are distrustful about the security and usage of their personal data. In response, consumers have begun adopting technologies like ad blockers (33% of global web users) and regulators have begun passing comprehensive privacy legislation to grant consumers rights for the protection of their data. The architecture of the internet is also changing to better adhere to consumer demands by leading browsers deprecating support for the most commonly used cross-site device identifier (third-party cookies) which underpins and enables the whole process.
This change leaves brands and advertisers in a tough spot. There are still expectations from the business to deliver new users and a consistent return on advertising—while consumers are still expecting ever higher levels of a personalized experience. The question becomes, how are advertisers still supposed to accomplish common use cases like measurement, attribution, and personalized targeting in the new privacy-centric era?
To answer this question, it’s important to first take an account of what exactly goes away because of the new constraints introduced:
Privacy Regulations
Privacy regulations impose many requirements for the compliant collection and usage of information. Requirements such as disclosure, user choice, data access and deletion, and data minimization. Most impactful for the usage of data for advertising are restrictions related to user choice and consent. In Europe, an individual’s right to explicit consent for the collection and processing of their personal data means data can not be collected for all users. In practice, this means that for 40-60% of consumers there is no behavioral information available from them—no information about how they interact with a website; no information about what they purchase on a site; and no information about what their preferences are. In the United States, individuals have less control, but many states do grant people the right to opt out of the usage of their personal information for targeted advertising. In practice, this translates to 5-10% of consumers for whom a brand may have behavioral data, but it can not be used to target them with personalized ads.
Third-Party Cookie Deprecation
It is no secret that third-party cookie deprecation is happening in the world’s most widely used browser (Google Chrome) in early 2025. The second and third most widely used browsers (Safari and Firefox, respectively) have already deprecated support for these cookies. In practice, this means that advertisers lose the primary means to associate the behaviors of consumers across websites. This translates to the inability to target consumers based upon past observed behaviors for the vast majority of users as well as the inability to associate impressions or actions taken on one site (i.e. an ad impression) with the consumer’s behavior on another (i.e. a conversion). Both of these outcomes reduce the ability for advertisers to deliver and optimize campaigns.
First-Party Cookie Duration Restrictions
A bit more technical and nuanced, and thus often overlooked in the discussion of privacy changes impacting advertising and measurement, are first-party cookie duration restrictions. These are most pronounced in Safari and for consumers accessing a website via a device running iOS. But Firefox and even Chrome have modified their limits for how long a first-party cookie can be stored in a user’s browser. First-party cookies are the method used to assign a device identifier to associate actions of an individual on the same website over time. Reductions in the duration for which first-party cookies can be stored translates to more limited look-back windows for attribution as well as a lessened ability to build behavioral profiles for personalization.
While these changes are made out to be an existential threat to effective advertising, it’s not all doom and gloom. None of this means that it will no longer be possible to deliver personalized experiences and advertising—just that the methods of doing so will change. Let’s explore the new strategies that must be done right in order to be successful.
Improve the Privacy Experience & Grow Consumer Trust
Research from Google and Ipsos shows that 49% of consumers in the Americas (and 43% of consumers in Europe) state that they would switch from a first-choice brand to a second-choice brand if that second-choice brand delivers a more positive privacy experience. It’s clear from consumer sentiment that compliant and respectful privacy practices translate to improved business outcomes. Delivering a positive privacy experience means that a brand is clear and understandable in disclosures for exactly what data is collected, how and why it is used, and with whom it is shared. It also means giving consumers meaningful choices as it pertains to exactly what and how their data is used. Doing these things right translates to greater amounts of consumer trust, improved consent rates, and an increased willingness to share user information critical to informing advertising actions.
Improve First-Party Data Practices
There is no shortage of think-pieces about the “renewed importance of first-party data”. But it is not true that first-party data suddenly has become important—it always has been. Privacy changes just make it more important relative to third-party data, which was a safe-and-sound safety net in the era of surveillance capitalism. With restrictions imposed on adtech platforms for their usage of data and the deprecation of third-party cookies, that safety net is no longer there. Your first-party consumer data is all that is left to activate for effective personalization.
Data Collection & Governance
The increased relative importance of first-party data means that comprehensive collection of data for defined user actions is critical. It is also important to consider principles of data minimization. Only collect that which is necessary to accomplish your defined use case. Here, a sound measurement strategy is imperative to ensure all important user actions on digital properties are identified and all data requirements for downstream use cases are addressed.
Beyond just the collection architecture, standards for data taxonomies are also important. Gleaning true insights into who the most valuable consumers are, what products are best performing, and which campaigns drive the best return on ad spend depends upon having a comprehensive dataset. This is only possible via the integration of data from multiple sources, which requires sound governance standards and consistent taxonomies.
Expanding the Scope of First-Party Data
Traditionally, first-party data has been thought of as that which is collected directly from consumers in things like a CRM system and/or analytics platforms. But data derived from an advertisers’ investment, like campaign performance, cost, and audience data sitting in third-party adtech is also first-party. You paid for it, you should use it. Expanding the scope to include this data and bringing it into a first-party marketing data warehouse opens doors to conduct advanced analysis to better understand consumers, directly activate for targeting and optimization, as well as to measure and optimize campaigns.
Architecture Improvements
The first-party data architecture starts at the point of collection with the privacy experience. From there, it extends through collection and distribution with server-side tag management. It then continues through the downstream architecture of a marketing data warehouse and Customer Data Platform (CDP). If all of these components are not in place and properly integrated, value is being lost in the data supply chain.
The first-party data architecture also includes supporting platforms to conduct and productize first-party advanced use cases such as Vertex AI for machine learning and model deployment. Competitive advantage is not gained simply by collecting more, but rather by deriving more insights from that which you have. The technical architecture of the first-party data stack is what enables all this to be realized.
Improve Readily Available Insights from User Behavior
As first-party data architecture gets more complex, so too does the accessing of insights generated by those systems. It’s important to be able to surface insights in a way which marketing and advertising teams can readily leverage.
Optimize User Identity
It is true that things like privacy regulations and third-party cookie deprecation make it far more difficult to collect and use user identifiers for advertising use cases. But identity remains an integral part of both targeting and measurement. The only way in which to fully personalize advertising in a one-to-one context is through the use of common identifiers shared between an advertiser and publisher. Many solutions are being brought online to help with this.
It all starts with the advertiser getting all user identities and key behavioral information in one place. This will be a CDP. A CDP is a system in which to aggregate key consumer information and any identifiers that are present for consenting users. This becomes the foundation from which to segment users, leverage for audience creation in third-party adtech, and organize information for use in aggregate analysis platforms like Data Clean Rooms.
From there, platforms for identity resolution can help expand the scope, or “identity surface” to improve match rates when uploading audience lists or attempting to join first and second-party data for campaign measurement and optimization. There are many identity resolution platforms now in the market to support the usage of customer data and activation from the CDP—be that via a clean room or audience upload solution such as UID2.0 or PAIR.
Further, persistent identifiers such as a hashed e-mail from consenting users are what powers in-platform AI features in adtech used for modeling attribution as well as to expand audiences to target consumers similar to your high-value converting customers.
Anonymous Measurement
While identifiable users are important, identity is not ubiquitous. This is a primary impact from third-party cookie deprecation, which has been the traditional means used to identify consumers across websites. While research shows that upwards of 80% of consumers are willing to share their email with brands they frequent, most organizations have these identifiers for less than 30% of their overall consumer base. As a result, the vast majority of consumers will remain anonymous for purposes of cross-site activation. Due to this fact, it is critical to lean on anonymous and aggregate measurement techniques such as media mixed modeling, regression-based attribution, and aggregate campaign-level attribution for measurement and optimization.
“Cookieless” Technical Alternatives
As mentioned throughout, it is no longer sufficient to fully rely on third-party adtech partners to realize successful advertising outcomes—but they do still have a role to play. Primary for this role are new features and functionality, which can allow an advertiser to leverage things like the new Privacy Sandbox APIs to reach and measure the effectiveness of advertising for consumers using Google Chrome. In addition, new AI modeling capabilities being provided can help fill in the gaps in reach and measurement resulting from consumers who do not consent or are unwilling to share their personal information.
Taken together, these are the new requirements for success in advertising. Improve the privacy experience to build trust (and earn that trust through proper practices!) to collect data from more consumers. Enhance first-party data architectures to more efficiently collect and use first-party data from a variety of sources. Lean on new technologies, which support methods of activating data from identifiable users. And embrace new technologies that do not rely on identity but rather provide value from aggregate and anonymous data sets. Get these aspects right and you will realize a competitive advantage in the privacy-centric era of advertising.