Google Chrome’s SameSite Attribute And The Inevitable Cookieless Future
Google has made no secret of its march toward a cookieless world. One of its first measurable steps along the path has been the advent of Chrome’s SameSite attribute. EMX is on record as enthusiastically embracing Google’s direction and as being ready to engage whatever evolutions are necessary along the way. For this reason, EMX is prepared for this new, SameSite protocol.
Through its SameSite attribute, Google now enforces an added security layer to the way in which Chrome interacts with cookies. This attribute is simply another line of text in a cookie file that reads “SameSite,” and it can have one of three values:
Here is what these values connote:
1) With the value set to Strict, Chrome will only send the data to the website domain on which the consumer is browsing at that moment. This is useful for companies that store sensitive information (for example, financial institutions), to ensure Chrome sends data in their cookies only to the appropriate domains. All this is designed to prevent digital forgery by bad actors.
2) When the value is set to Lax, cookies can flow across domains if and only if the website domain in the address bar changes to the domain set in the cookie. This is known as Top-level navigation, and it means that Chrome can and will send cookies to the website domain the consumer is navigating towards. This is useful for companies that want to personalize the consumer’s experience, but don’t mind when the browser sends cookie data about consumers across domains. This comes in handy, for example, when an email service wants to pre-populate consumer email addresses on a login screen.
3) With the value set to None, cookies flow across domains without consumer knowledge or action. This is better known as 3rd party cookies. In other words, Chrome will send the cookies to 3rd party website domains that request their cookies.
How does this affect ad tech companies?
In the short run, the SameSite attribute is nothing new. It has been available in the past, but Google is now enforcing it by defaulting to Lax if the value is not present or not explicitly declared in the cookie. A ‘Lax’ setting, however, disrupts the necessary pixel firings needed to engage most 3rd party data engagements. Therefore, 3rd parties in the online advertising industry (e.g. DSPs, Exchanges, SSP, etc.), must specifically set their pixels to the ‘None’ setting in order to avoid disrupting the cookie-synch process they depend on in order to deliver relevant ads.
While there will likely be some churn and disruption in the online advertising space over the next few years, the good news is that change brings about innovation. It’s actually an exciting time for data providers because they are well–positioned to innovate towards cookieless solutions. These companies already have ways of segmenting consumers — the challenge for them will be to make those segmentation methods compliant with privacy regulations.
The truth of the matter is no one knows exactly what technological solution will ultimately replace the cookie, but there are several different routes that companies are pursuing. Some data providers are starting to shift their focus to the supply side to see if publishers are willing to share cookieless opt-in consumer data. Others are finding ways to gather consumers together in small groups that protect the privacy of the individuals yet allow for effective targeting. Probabilistic models have been around for a few years, and are also likely to become more popular as the industry transitions away from cookies.
As the year progresses, we will continue to update you on EMX’s efforts to transition our solutions to the new post-cookie world.
By Auric Adames, Senior Product Director, Technology, EMX