Cookies have been a crucial component in the architecture of the internet for decades – ever since Netscape programmer Lou Montulli devised a system in which text files can store user data.
Cookies were designed to personalize the online shopping experience and make the whole e-commerce process work better by storing items in a virtual shopping basket locally on a user’s device. In recent years, however, they have evolved to become far more sophisticated and give online services a much more accurate picture of who their customers are. These plain text files are harmless in isolation, as they don’t store any executable code, but the added functionality also comes packaged with privacy concerns, given how far they let websites track customers.
Concerns over privacy have accelerated a movement away from using cookies, with Google trialing new technologies including the Federated Learning of Cohorts (FLoC). The tech giant is hoping to move away from cookies entirely by the end of 2024, signaling the end of the technology across the wider digital industry. This is sure to have an impact on the way online services do business, as they must find alternative avenues to secure first-party data and understand how their customers behave online.
The pros and cons of cookies
Cookies have normally been categorized as first-party and third-party. First-party cookies largely relate to the user’s first-hand experience while browsing the internet, and storing information like their preferred language.
On the other hand, third-party cookies are created by the domains that users visit, which collect data as they browse the internet. This category includes tracking cookies, which are used to compile detailed information on a user’s browsing history in order to – in the words of website owners – better serve them more personalized advertising.
There are many reasons why preserving third-party cookies is advantageous, the main one being the personalization they enable. Being able to carry personal information across different forms when browsing sites, or having location data serve more geographically relevant information, has undeniably made things easier for internet users.
Ultimately, with online adverts now being an ingrained part of the web, it may well serve users to be given more personalized adverts rather than bombarding them with a random assortment. The tracking elements, in combination with using browsing history and other details, can combine to make browsing the internet a less grating experience.
For an organization, cookies are easy to implement and don’t demand any server resources – given they’re stored on a user’s PC. The information they store can be retrieved even if an online service’s web server fails, so long as they remain intact in local storage.
Nevertheless, the way in which cookies operate has led to a growing consensus that they represent an invasion of privacy. This is largely because they allow companies to track individuals’ browsing habits. There are also security concerns, in that the information they store might be stolen.
Charting the cookie crackdown
Privacy concerns have driven efforts to manage the cookie ecosystem and give users more control. In the UK, this took the form of the Privacy and Electronic Communications Regulations 2003 (PECR), with several pieces of legislation following in its wake. The Cookie Law was also introduced as a directive by the EU in May 2011 and has been adopted by all member states. It mainly asked organizations to seek consent from users for storing or retrieving cookies, and gave users the right to refuse cookies.
The EU would later pass GDPR in 2018, which considered cookie data as a form of ‘online identifier’, and therefore personal data. The most obvious change since GDPR came into force has been an explosion in cookie alert banners seen on the websites users visit, but serious reform has been saved for the EU’s ePrivacy Directive. This was first proposed in 2017, and is still being drawn up by officials.
Google, in the meantime, has drawn up its own vision for the end of third-party cookies. First announced in 2020, the tech giant has proposed a means for building an alternative system for identifying individuals and serving them with relevant and contextualized ads. The firm’s FLoC proposals were short-lived, with the company currently exploring a technology it brands Topics. Where the FLoC model involved grouping people into “cohorts” based on their browsing habits, Topics works by automatically assigning users a number of categories each week based on the websites they’ve visited.
Ditching cookies for the cloud
The direction of travel for cookies is clear, and they will be phased out over the next few years. Online services must seek an alternative mechanism based on securing a healthy stream of first-party data to maintain positive relationships with their customers. The way organizations collect data will have to change in a post-cookie landscape, revolving around customers voluntarily providing first-party data. This will be far more challenging than the status quo, with businesses needing methods to collect data from different sources, including at sign-up, or at new stages along the customer journey.
One way digital-first organizations are solving this conundrum is through the adoption of customer identity access management (CIAM). This technology lets businesses give their customers access to their digital properties, while also offering a means to securely collect, analyze and store user data. Okta’s Customer Identity Cloud is just one example of a tool that provides consistency and a personalized experience. It’s a modern CIAM system system that enhances the process of building vital digital relationships with customers. These begin with low-code features like universal login and single sign-on (SSO), which improve the user experience and reduce friction in the customer journey. Security tools like bot detection, breached password detection, and suspicious IP throttling not only protect the user, but businesses can rest easy knowing security is reinforced.
Third-party cookies are coming to an end, with Google’s 2024 phase out date looming large. That’s where technologies like Okta’s Customer Identity Cloud can come in, allowing for the deployment of Progressive Profiling to power faster sign-ups and enable insightful data collection. This is in addition to tools that let businesses get a 360-degree view of their customers, giving them more granular control over data.
Ultimately, the technology ensures businesses can form meaningful relationships with privacy-conscious and security-savvy customers. By adopting Okta’s platform, too, organizations are in a much better position to adapt to the ever changing regulatory landscape as privacy and data protection laws continue to evolve.
For more information about Okta’s Customer Identity Cloud, please visit https://www.okta.com/uk/get-closer-to-your-customers/
