Key Cookie Tracking Statistics & Facts
- Google is eliminating third-party cookies for 1% of its Chrome users in the first quarter of 2024 and expanding to all users by the end of 2024.17
- Over 60% of marketers believe phasing out third-party cookies is bad for consumers.2
- Only 26% of websites secure their session cookies, leaving the rest at a high risk of cyberattacks.12
- More than 40% of websites use third-party cookies.13
This practice of advertisers tracking users and profiting from the surveillance has grown over the years, leading major companies like Google to phase out third-party cookies (3PCs). The company is eliminating 3PCs for 1% of Chrome users in the first quarter of 2024, followed by a complete phase-out in the year’s second half.17
This is huge, considering Google Chrome is the dominant web browser and commands over 60% of the browser market share.1
This will have huge repercussions for many websites, considering that Firefox and Safari have already started phasing out 3PCs. We will cover how far all three web browsers have advanced on later in the article. Before we dive into the top cookie-tracking statistics, let’s go over some basics.
What Is Cookie Tracking?
A cookie is a digital ecosystem text file containing data from a web server to identify the computer used to access a website. While there are many types of cookies, there are two that you should be concerned with before we start talking about cookie tracking statistics.
First-party cookies are placed on a site by the website owner to collect and store information to improve user experience. They’re also used to identify and manage important data like usernames, passwords and the parts of the site you spend the most time on, among other things.
Third-party cookies (3PCs) are installed on a site by someone other than the website owner. These cookies collect and store user data on behalf of a third party and build a profile connected to your computer.
Third-party cookies are mostly placed on popular sites like social media platforms or e-commerce sites. The website owner is paid to allow these cookies to tailor targeted ads to anyone who visits the site. Additionally, third-party cookies are trackers that follow users from site to site, which is why they’re getting disallowed at the browser level.
Other commonly used cookies include strictly necessary cookies, which are essential for using website features like accessing secure areas.
There’s functional cookies that allow websites to remember user preferences and choices like the language and the region they’re connecting from.
Finally, there’s performance cookies, which are used to gather data on how visitors use a website, the pages they frequent the most and the errors they get.
Types of Cookie Consent Management
There are three types of cookie consent management mechanisms employed by websites:
- Opt-in: where users consent to cookies not yet in use
- Opt-out: where users decline cookies that are active by default;
- No consent available: where users are forced to accept cookies.
Marketing Cookie Tracking Statistics
1. 62% of marketers believe the phasing out of third-party cookies will be bad for consumers
Most marketers in 2020 claimed that the impending elimination of third-party cookies would do more harm to user experience than good.2
Among them, 63% believe the changes will not improve consumers’ control over their data, and 55% think the changes will make the consumer experience less personalized internet. Half of marketers believe that privacy concerns will persist despite the drastic changes.2
However, these claims may be interpreted as a last-ditch attempt from advertisers to get consumers on their side. Using 3PCs has been effective for digital advertising, and phasing them out gives consumers greater privacy control.
2. 75% of marketers in major economies still heavily rely on third-party cookies
A survey of the U.S., the U.K., Germany, Australia, France, Japan, India and New Zealand found that 75% of marketing leaders still can’t do without third-party cookies in 2023.3
Overreliance is highest in New Zealand and India, standing at 82%.3
Three-quarters of marketers estimate that the potential end of third-party cookies will hurt their businesses significantly, with 16% convinced the effect will be devastating.3
3. The inability to track the right data due to 3PCs freeze is the biggest worry for marketers
Among marketers in the digital advertising industry, 41% believe their inability to track consumer behavior data will be the biggest challenge once third-party cookies are phased out.4
In order to hit their 2021 goals, 44% of marketers estimate they must increase their marketing budgets by 5-25%. Another 23% plan to invest in email marketing software as an alternative to third-party cookies.4
Cookie Privacy Statistics
4. The European Union has some of the strictest requirements for website cookies
The European Union cookie law — also called the ePrivacy Directive — was passed in 2002.5 This legislation requires websites to obtain explicit consent from online visitors before storing any personal information. The law also requires sites to provide their web visitor an option to reject cookies.
5. Some European websites still find a way around the GDPR
Despite the restrictions imposed by the General Data Protection Regulation (GDPR) in European countries, some websites have found workarounds.7
An investigation published by a group of researchers in 2021 found that some websites use first-party ID leaking, browser fingerprinting, and ID synchronizations to track users in the European Union.7
Furthermore, it was found that 75% of tracking activities are usually already in play even before users get the opportunity to accept or reject third-party cookies. This may explain why marketers believe banning 3PCs will not improve user privacy.7
To counter this tracking, there are newer and stricter ePrivacy guidelines, like the recent European Data Protection Board ban that targeted Meta.16
This ban was initiated after Meta was found guilty of processing personal data for behavioral advertising. The Irish Data Protection Authority had already fined Meta €390 million with an added order demanding that Meta align their digital advertising practices with GDPR compliance.16
6. Apple’s App Tracking Transparency feature is projected to have caused Facebook losses of over $10b in 2022
Apple introduced the App Tracking Transparency feature starting with iOS 14.5. It consists of pop-ups that ask users whether they want to be tracked by Facebook when they open the app. When users reject tracking, they effectively block Facebook from accessing the Identifier for Advertisers (IDFA) to track and target them with ads.8
Due to this move by Apple, reports showed that over 95% of iOS users were opting out of ad tracking. As a result, Facebook estimated that it was at risk of losing over $10 billion in 2022.9
7. The state of California adopted GDPR-like laws in 2018
California adopted privacy laws similar to the European Union’s GDPR in 2018. They were created to protect consumers from having sensitive data collected by online data management platforms.10
The California Consumer Privacy Act (CCPA) forces websites in the state to disclose to the user when they collect data. They’re also mandated to delete user data they’ve shared with businesses and to allow users to opt out of sharing personal information. The law was amended in 2020.10
8. Facebook was found guilty of infringing on Belgian privacy laws in 2018
In compliance with the ePrivacy laws in the European Union, Facebook was found guilty of not obtaining valid consent when using cookies in Belgium. The company was ordered to stop using non-functional cookies for tracking purposes and remove misleading information regarding how it used cookies.11
Also called “analysis cookies,” non-functional cookies mainly count the numbers of visitors a website receives and how they use it in order to improve user experience.
Facebook was fined €250,000 per day until it honored the ruling. However, Facebook took the case to the Court of Appeal of Brussels, which referred the case to the Court of Justice of the European Union for more clarification. The final decision is still pending.11
9. 55% of websites do not obtain user consent
A 2020 Deloitte research found that 55% of websites didn’t give users an option to decline cookies; 33% provided an “opt-in” option, while 12% offered users an “opt-out” choice.12
10. Just 26% of session cookies are secured
A key requirement for every website using third-party data-tracking cookies is to secure the personal data collected. However, only 26% of websites researched by Deloitte were secured, leaving 74% vulnerable to cyberattacks.12
The biggest risk that can result from this is session hijacking. This is where malicious actors recreate the cookies, impersonate the user and unlock an online account to steal data or money. Poorly secured data also creates the risk of leaks, with criminals potentially profiting off data dumps from third-party cookies.12
Cookie Usage Statistics
11. Advertising cookies are the most commonly used 3PCs
Out of six industries studied by Deloitte, 27% of all the tracking cookies used were from advertising, with the technology and media industries leading the pack.12
Here’s a table showing the breakdown.
|Tech, Media & Communications ➡️
|Energy & Industrials ➡️
|Financial Services ➡️
|Life Sciences & Healthcare ➡️
|Government & Public Services ➡️
Non-HTTP-only cookies don’t have the HTTP-only flag and may be vulnerable to client-side attacks like cross-site scripting, which exploits tracked user behavior through injected scripts. Examples of popular websites that use non-HTTP-only cookies include Microsoft, Apple, Twitter, LinkedIn and Digicert.14
13. Polish internet users had the highest cookie acceptance globally as of 2021
Almost two-thirds of internet users in Poland always clicked “accept all” when a website prompted them about cookies.Another 12% could neither agree nor disagree, while 21% didn’t accept cookies. Below is a table showing the top-ranking countries.15
|ACCEPT ALL COOKIES
|NEITHER AGREE NOR DISAGREE
|REJECT ALL COOKIES
The Death of Third-Party Cookies: An Overview
While third-party cookie tracking has been vital in creating personalized user experiences, privacy concerns cannot be ignored. Consumers are now more conscious about the aggregation of their data by companies, which puts power in their hands since businesses need consumer trust.
Google Chrome intends to block third-party cookies by the end of 2024, joining browsers like Safari and Firefox. Google has repeatedly pushed back the date to give advertisers a grace period to test new provisions and experiment with alternatives. This time, though, it appears to be serious.
Furthermore, Google claims it isn’t planning to develop a new ID to replace 3PCs, but it has changed its mind before, so it may backtrack on that.
What a Cookieless Future Might Look Like
Cookies may be relatively harmless, but anyone having that much access to personal data isn’t ideal. Such cookies falling into the wrong hands can compromise the digital safety of internet users.
When Safari and Firefox switched to blocking third-party cookies by default, advertisers who rely on these cookies to track and serve targeted ads to users saw their sales decrease. As a result, advertisers have to adopt new strategies to survive.
Some alternatives include contextual advertising, first-party data and other identifiers that don’t compromise user privacy. Until then, you can keep your online activities free from tracking by using pop-up blockers.
The end of third-party cookies isn’t the end of the world for the online advertising and marketing industry. This change is bound to cause ripples, but there are countless opportunities for those already running 3PCs alternatives like mobile advertising IDs and contextual targeting. Consumers and the law will have to catch up to preserve their privacy.
How often do you “accept cookies” in a day? Have you encountered a website that doesn’t let you choose what to consent to? Give us your feedback in the comments below, and thank you for always reading our content.
Are Tracking Cookies Common?Tracking cookies is very common across major websites like Google and Facebook. They’re used to monitor what web visitors click on so that specific ads can be tailored for them.
What Data Can You Pull From Cookie Tracking?Examples of user data that can be pulled from cookie tracking include search histories, clicks, locations, device specifications and shopping preferences.
What Is the Future of Cookie Tracking?Third-party cookies will be phased out on most major browsers in 2024. Websites relying on these to track users will have to switch to alternative methods like context advertising or first-party data.
- App & Browser Testing Made Easy – BrowserStack
- Preparing for a World Without Third-Party Cookies – Epsilon
- Adobe Study – Adobe Blog
- The Death of the Third-Party Cookie: What Marketers Need to Know About Google’s 2023 Phase-Out – Hubspot
- Cookie Law Guide for Businesses: EU, US, and the UK – Termlymly
- Cookie Crackdown Across UK and Europe – Lexology
- User Tracking in the Post-cookie Era – ACM Digital Library
- Facebook says Apple iOS privacy change will result in $10 billion revenue hit – CNBC
- Facebook blames Apple after a historically bad quarter – Africa Business Insider
- California consumer privacy act (CCPA)
- Court of Justice of the European Union vs Facebook
- Cookie Benchmark Study – Deloitte
- Usage Statistics of Cookies for Websites – w3Techs
- Usage Statistics of Non-HttpOnly Cookies for Websites – w3Techs
- Global: How Consumers Respond to Cookies Disclosures – YouGov
- EDPB Orders Stop to Meta’s Behavioral Advertising – Epic
- The next step in phasing out third-party cookies in Chrome – Google Blog