Cookieless tracking: How to prepare for a web without cookies

With cookies a thing of the past in Apple and Mozilla’s respective browsers, Google is to follow suit in 2023 by blocking third-party cookies in Chrome, the world’s most used browser. What will the consequences be? Without third-party cookies (or 3P cookies), traditional online marketing tools such as tracking, and targeting will no longer work the way they used to. So, in order to survive the coming “cookiepocalpyse”, web advertisers will need to depend on alternatives. In the second part of our series on cookies, we will share the best alternatives for you. You can find the first and third article here: 

  1. Data protection: Third-party cookies vs. first-party cookies
  2. Cookieless tracking: How to prepare for a web without cookies
  3. 3 future-oriented marketing ideas without cookie-tracking

What you need to know in a nutshell

  • Nowadays, third-party cookies are almost always the reason why users receive product suggestions on websites of products they have previously searched for.
  • The basis for cookie-based targeting should always be consent. A cookie consent manager can help capture consent compliantly.
  • While we are not heading towards a cookieless future without online marketing, an era in which many browser providers turn off third-party cookies awaits. 
  • Deactivating third-party cookies can create many new opportunities for advertisers.
  • We present 5 alternative targeting methods: Cohort Targeting, Contextual Targeting, Semantic Targeting, AI and Predictive Solutions, and ID-Protected Targeting.

In this article

“I know you want what I’m offering”

Who of us hasn’t had this experience: You’ve just searched the web for a new winter jacket – now wherever you go online, you’re presented with offers for winter jackets. To some, it might seem eerie. But it becomes downright obnoxious when you’ve already ordered your new winter apparel long ago and still every website you visit is plastered with coat ads.

The culprit behind what one might call the Ghost of Web Search Past is an advertising strategy known as retargeting, where the user is shown ads based on past behaviour – a strategy driven by third-party cookies. Retargeting works by letting third parties save snippets of code in your web browser that in turn track your surfing behaviour across multiple websites. The data gathered is used to create user-specific interest profiles which are shared with third parties, who use them to define target customers to show them individualized ads.

Cookieless tracking to take the place of consent management

Data protection law stipulates that cookie-based targeting must obtain the consent of website visitors. Furthermore, website operators are required to establish consent management tools to comply with legislation. Not only costly to operators, consent management is often perceived by users as disruptive. It’s something of a privacy paradox: On the one hand, users demand a high degree of security with regard to their personal data while at the same time throwing up their hands in exasperation at the ubiquitous opt-in tick boxes all over the web. However, implementing a dedicated system makes it easier for website operators to manage user consent.

A new directive discusses proposals around this topic and you can read our summary blog here: The UK data reform: a new direction (or just a slightly different one?)

A strict ban on 3P cookies might seem like the way to go, but what will this development mean for advertising agencies and content providers who finance their services by selling ad placements?

Read more about third-party and first-party cookies in this article.

Will the cookieless web of tomorrow be an ad-free space?

The answer is a clear and resounding no! There are some grounds for optimism that without third-party cookies, things could actually improve for online advertisers. For one thing, in a cookieless Internet, target customers are likely to feel less spied on and hounded than before. Cookieless tracking will spare them the annoyance of retargeting ads while simultaneously saving advertisers the cost of futile marketing investments. As it is, marketing on the basis of 3P cookies may be a widely used tactic but is by no means ideal. Consider for instance that the behaviour profiles cookies create are specific to the device on which the user was browsing the web. Merging these to one single cross-device profile per user is no straightforward task – and typically only individual aspects of user behaviour can be compiled, leaving the picture incomplete.

It is possible that from the ashes of third-party cookies, alternative targeting methods will arise – alternatives that advertisers will be able to uniquely leverage against one another to create entirely novel marketing opportunities. As an online advertiser, it is in your best interest to find out now how to leverage the marketing methods of tomorrow. Read on for a quick overview of the top alternatives.

Alternative targeting methods for a cookieless age

Cohort-based advertising

The idea is simple: Instead of collecting personal data to target individuals with ads, this method instead targets an entire group of persons with similar interests. A so-called cohort may consist of thousands of individuals, meaning that for the individual user, there is anonymity in numbers.

On the technical side, browser operators are only shown a cohort ID; browser history and personal or device-specific data are not shared. While not the only such solution, perhaps the most well-known is being developed by Google itself under the project name “Federated Learning of Cohorts” or FLoC.

Privacy advocates have criticized this approach. For one, criteria for creating a cohort could be selected so narrowly that they essentially result in a cohort of one, defeating all the much-touted benefits of anonymity. To illustrate this point, imagine a high-profile celebrity like Britney Spears and her high-profile conservatorship court case, should a cohort be made using these criteria it would be easy to identify who it relates to.

Another point of criticism, only those with access to an ocean of browser data (like Google) will be able to build cohorts with any marketing significance. This may permit Google to expand its leading position in the advertising market to an outright monopoly. For that reason alone, it remains up in the air whether FLoC will be implemented at all.

Contextual targeting

Contextual targeting is really an old hat in the digital marketing game. It works by allowing advertisers to define keywords and relate them to their ads. Websites where published content matches these keywords will then show the relevant ads. For example, users might see a DataGuard ad when reading online content that mention “data privacy” and “IT security”, because we have defined those terms as keywords.

A weakness of contextual targeting is that the online environment where keywords appear undergoes no closer analysis. This might result in an advertising faux pas such as an ad for a travel agency related to the keyword “California” being placed next to a report on the 2020 fire in Sequoia National Park. Not to put too fine a point on it, but it seems unlikely an ad placement like that would be very effective.

Semantic targeting

This method is an advanced form of contextual targeting that employs an algorithm to analyse the entire semantic environment in which a keyword appears. Running on the ad server, the algorithm is able to detect whether the connotations of a keyword are positive or negative based on its semantic environment and will then decide whether to show an ad based on this analysis.

This increases the relevance of the ad to ensure that target customers only see ads on topics they are currently interested in. Semantic targeting minimises scatter losses and increases campaign performance.

To put it simply, traditional behavioural targeting based on 3P cookies looks backward to take its cues from the user’s past online behaviour. Semantic targeting on the other hand follows a strategy of the present: Target customers are addressed at the exact moment that they show interest in the specific context the ad appears in.

AI-powered predictive targeting

Predictive models that leverage artificial intelligence and big data are nothing new in the marketing world. Even after 3P cookies have gone the way of the dodo, large advertising networks and ad servers will still have enough residual data that ever-smarter AI solutions can leverage to make increasingly precise predictions.

Some types of data – including geodata and data on when a website was accessed or how long a viewer was on the page as well as the device type and operating system – can still be processed automatically and smarty linked with third-party data. This could act as a workaround, letting advertising networks create behaviour profiles even without the use of cookies. While the possibilities are practically endless, user consent is still required here.

One example: Under rainy skies, a wellness spa near Newquay might target mobile devices whose owners, based on location and usage data, are likely to be on summer holiday in the area with ads for indoor activities.

Device ID targeting

Major publishers and advertising networks are likely to rely increasingly on ID-based targeting solutions. The idea stipulates that people can opt in to see personalised content by logging in or identify themselves in a privacy-compliant (anonymised) manner by means of a mobile or device ID.

This consent requirement also applies to the latest machine-learning solutions that can assign IDs without the user logging in or the aid of other unique identifiers. A consent management tool can help advertisers manage user consent.

Consent Management Tool Example


ID providers are currently jockeying for position on the market – who ends up working with which publishing partner will determine a provider’s relevance in the marketing world of tomorrow. Single sign-on is a user authentication scheme that makes it easy for end users to opt in to device ID targeting: Users register with an ID provider to enjoy access to all partner websites in addition to the ease of centralised consent and authentication management through the provider’s privacy centre.

These novel ID targeting solutions make cross-device tracking possible, giving advertisers access to users across multiple devices for the first time.

The bottom line: To go cookieless, advertisers must get creative

The targeting alternatives presented here by no means make an exhaustive list. At best, this article gives you a first glimpse at how creative online marketers and publishers are now becoming in order to prepare for cookieless tracking in the post-cookie era.

The search for alternative, privacy-compliant and sustainably transparent tracking and targeting models is still in its infancy. Companies looking to advertise to loyal customers should not underestimate the power of generating their own data from customers directly. Besides offering unique insight into customers, so-called zero-party data is also honest and reliable. A transparent solution to gather zero-party data directly from consumers will go a long way in helping build customer trust while letting you deliver more personalised advertising experiences. But there are also even innovative cookieless marketing concepts that go one step further by sidestepping data privacy concerns altogether. Native advertising and influencer campaigns are just two examples of novel strategies for cookieless tracking and boosting organic traffic.

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessionsSubscribe now


About the author

Boris Otterbach Boris Otterbach
Boris Otterbach

Principal Privacy

Boris Otterbach is a lawyer and certified Data Protection Officer. At DataGuard, he supports clients as a Privacy Consultant, primarily in the areas of human resources, hospitality and gastronomy. In addition, he leads a team of lawyers and industry experts. During his studies, he was able to gain deep insights into Euopean law, international law and into the field of human rights protection. Data protection was a central aspect as well. For Boris, the GDPR stands for common European framework conditions to protect the people behind the data - and Boris aims to translate these framework conditions into pragmatic, everyday solutions. Before joining DataGuard, he was able to gain in-depth experience in the field of data protection at various companies: Among others, he worked for a large financial services provider and an international advertising agency.

Explore more articles

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies

100% success in ISO 27001 audits to date



TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk