The Cookie Breakdown



Cookies have been on everyone’s mind lately. And no, not the gooey chocolate chip kind we love to indulge in on our cheat day. Cookies, or small data files stored on your computer, have opened up huge discussions relating to consumer data protection and privacy regulation. They have also been the main tracking technology used by advertisers and brands to better understand consumers and provide them with targeted, relevant messages to create a personalized web experience.


In this article, we will discuss what cookies are and how they work, while also taking a deeper dive into how cookie regulation is evolving and transforming today’s digital landscape.



Cookies are small files of data that contain random alphanumeric text used for a variety of functions from ensuring a website’s proper function to storing a user’s browsing data.


There are two types of cookies: a “session cookie” and a “persistent cookie.”


“Session cookies” only last as long as your session on the website and expire as soon as you leave. They are used to facilitate your activity within that site; for example, they enable you to successfully complete a checkout process on an e-commerce site.


The second type of cookie, a “persistent cookie”, collects data and  lasts way longer than your individual web session, sometimes for months or years. The contents are determined by the specific website that created that cookie and are then stored on your computer or device.


“Persistent cookies” provide convenient and rapid access to familiar objects, which enhances the user experience (UX)” according to’s definition. In other words, they enable the site to offer a customized experience tailored to that specific user.

“Persistent cookies” are usually the cookies being referred to when discussing subjects like cookieless targeting, user experience and privacy as they recognize user preferences, settings and information for future visits.


Going forward in this article, we will be referring to “persistent cookies” when we sling around the phrase “cookies.”



A cookie is designed to remember and tell a website useful information about the user.


For example, when you visit a website that sells athletic gear, a cookie will record the specific running shoes you were looking at. When you return to the website, your browser lets the site read the cookie and consequently show you similar athletic products related to the running shoes.


These are known as first-party cookies — they are put on your device directly by the website you are visiting.


On the other hand, advertisers also use cookies to show relevant ads. In our example with the running shoes, you could see other brands of running shoes or similar athletic gear when browsing other online sites. These are called third-party cookies. They are placed on your device by a third party, the advertiser, or an analytic system.


This type of targeting has been invaluable for brands, tech firms, and advertisers alike, making it possible to reach individuals based on browsing history.



With heightened awareness and increased privacy concerns, many people have raised concerns about how their personal data is being used.


While “session” cookies will continue to be used to ensure proper website function, any type of cookie used for targeting now requires explicit consent from the user (under the General Data Protection Regulation and similar sister regulations). Cookies used for analytics, advertising, and functional services, like survey and chat tools, which identify specific users, are seen as the “bad guys” here. Organizations need to either stop collecting the offending cookies or find a lawful way to process the data.


Cue the various regulations that have gone into effect like GDPR in Europe, the CCPA (California Consumer Privacy Act) in the state of California in the United States and Brazil’s LGPD (Lei Geral de Proteção de Dados Pessoais) federal data privacy law.



Another big shift that is already taking place is the abolition of third-party cookies. Web browsers Safari and Mozilla Firefox have already done away with third-party cookies in 2020, and by 2022, Google Chrome, the world’s most widely used web browser, will start blocking third-party cookies as well. Read more about the “cookiepocalypse” in our blog article where we go into more detail on the death of the third-party cookie and some of the alternatives.


ShowHeroes Group Country Manager Spain, Cayetano Chimeno, elaborates on what targeting will look like without cookies by saying,

"The use of cookies has its limitations and in fact has damaged trust in the digital medium. Google takes its share on the huge growth in video content consumption with YouTube, a medium that has many uncertainties for advertisers due to the large amount of user-generated content, its difficulty in measuring brand suitability and its large percentage of unviewed background playback."

Chimeno continues by underlining,

"It's time for a change. Quality editorial environments and contextual technologies will now gain in importance. Proposing alternatives to YouTube in premium environments with large audiences is a way of playing outside Google's rules. Finally, the services of market verification tools and intelligent campaign optimization through live user response monitoring can be very useful to work in real-time without relying on the ‘memory’ contained in cookies or behind unique identifiers."


Even after third-party cookies are abolished, it will be absolutely necessary to ask for user consent regardless of the tracking technology being used – be it alternative IDs, Local Storage or trust tokens.


When used to identify users, “[cookies] qualify as personal data and are therefore subject to the GDPR. Companies have a right to process their users’ data as long as they receive consent or if they have a legitimate interest,” as specified on the website.


Consent will be integrated even more closely and seamlessly with future alternative tracking technologies, and will remain the main focus for worldwide data protection laws like GDPR and sister laws like Brazil’s LGPD and California’s CCPA.


Websites will continue to be required to inform users about the technology being used to collect personal data, including the provider, purpose and duration, and the documentation of obtained consent – requiring at least annual renewal.


Consent not only remains fundamental to most data privacy laws, it is also becoming more and more central to the ad tech industry itself. Many top tech players are focusing their services to combine compliance and tracking with consent. For example, Google launched Google Consent Mode in September 2020 in order to allow websites to run all Google-services based on consent of their end-users.



With an inevitable cookieless future, there is a huge focus on new targeting alternatives that advertisers, brands, and ad tech industry leaders are already implementing in order to remain relevant.


In fact, we go into more detail on what we are doing at ShowHeroes Group with our Semantic Hero and contextual targeting capabilities here to provide both publishers and advertisers efficient solutions.

ShowHeroes Group Co-founder and CEO, Ilhan Zengin in his interview with MEEDIA states:

“Contextual advertising has also become significantly better. And companies will see that the advertising impact is rarely worse, often even better. Because let’s not fool ourselves: Even targeting with 3rd party data has so many probabilistic elements. After all, it’s never been entirely accurate. With the exception of retargeting. Context is more honest, more comprehensible to the customer. That’s a good thing. It also serves the need for brand safety.”

Specifically for publishers, first-party data sources will be key. The IAB suggests that email addresses or mobile numbers will be the next best thing once third-party cookies are abolished. This is great news for larger websites that can request a login for access to content or support newsletters and frequent communication.


For smaller sites with loyal users who visit often and consume a lot of content, but don’t rely on registered users, the best option will be to find a first-party data partner.