They are endearingly called cookies, but they are often anything but pleasant, even though they prove most useful for profiling users for marketing purposes. Cyber cookies have been around almost as long as the Internet has existed and are a crucial component of the functionality and effectiveness of the digital ecosystem, from a simple navigation on a website to the complex architecture of a marketing campaign. It is therefore important to understand the meaning and functions of cookies, analyzing their historical evolution, their impact on data analytics, and their most recent legal implications.Understanding the complexity and importance of these digital cookies is critical both as Web users and as site owners or operators.
What a cookie is
Cookies are small text files that are saved on a user’s device during Web browsing.
el computer language, cookies represent text files containing data about a user’s browsing behavior. i are therefore digital traces that can include, but are not limited to, information such as user preferences, pages visited, login sessions, and other details useful for personalizing the user experience.
When we visit a website, it sends a cookie to our browser; then, on each subsequent visit, the browser will send the cookie back to the site’s server, allowing the site to “remember” our previous interactions.
Although they may seem insignificant, they perform a number of essential functions that go far beyond simply storing login credentials. In fact, Internet cookies are used to store a variety of useful information to improve the user experience and for tracking online activity. For example, if we visit an e-commerce site, thanks to cookies the site can remember the products we have added to the shopping cart even if we close the page and return later, which makes our shopping experience much smoother and more personalized.
From the website owner’s point of view, cookies offer a huge advantage because they provide valuable data on user behavior, enabling optimization of content and marketing strategies.
But the use of cookies is not only limited to these aspects: due to their ability to track user activities, cookies have become an indispensable tool for web analytics and advertising targeting. However, their intrusiveness has raised privacy concerns , leading to the need for increasingly stringent regulations.
Cookies in computing: definition and meaning
Web cookies, also called Internet cookies, browser cookies or more simply and quintessentially cookies, are identifying trackers used by server-side Web applications to store and retrieve client-side information through an additional header present in an HTTP request (Cookie:) or response (Set-cookie:).
This is why they are also technically called “HTTP cookies” and, like much of the Web, are sent using the HTTP protocol. Each cookie is a key-value pair along with a set of attributes that control when and where the information is needed, set in an HTTP header or via the JavaScript interface that also defines their “expiration.” Web browsers store the cookies they receive for a predetermined period of time or for the duration of a user’s session on a Web site, attaching the relevant cookies to any future user requests to the Web server.
Technically, cookies are small text files containing unique data that identify a computer on the Web, and typically include a unique identifier and a site name-sometimes it may also contain personally identifiable information such as name, address, e-mail or telephone number, if the user has provided such information to a Web site.
In more practical terms, these are therefore small text files, usually containing letters and numbers, created by the websites visited and stored on any type of technological device connected to the Net (desktop PC, tablet, smartphone, other mobile device or Internet of Things tools) for two main reasons:
- Store users’ preferences and improve their experience of using a site or app by saving browsing data.
- Analyze traffic to that site and track users’ browsing behavior.
When we visit a website, the browser provides a cookie to be stored in a special file placed in the folder on the hard drive: on the next visit to the same website, the browser will return the cookie to identify the user, thus loading the website with a personalized experience.
A simple and common example of a cookie is the automatic filling in of account fields (username and password) on a site, or as mentioned the storage of products placed in the shopping cart even after closing the browser (to find them again later).
The explanation of web cookies
Going down a bit in technical explanations, a cookie is a piece of data stored in the browser that is used to maintain the status and other information necessary for a Web site to perform its functionality. This little one is stored on users’ computers, and the information it contains travels back and forth between the browser and the Web site.
Cookies are thus guarantors of a user’s online experience, because they can make websites more personalized and functional and thus improve the users’ browsing experience. In fact, as mentioned, they can be used to remember a person’s preferences, such as language or location, so that he or she does not have to set them again each time he or she visits the website, but also login status (to check if the user is already logged in, for example) and browsing information (such as pages visited or searches performed).
Despite their minimal size, these cookies therefore play a crucial role in the functioning of the web as we know it: without them, just to say the least, we would be treated as new visitors every time we visit a website. And that would mean, as a result, having to re-enter credentials every time we visit a site, or having to fill our shopping cart from scratch every time we return to an e-commerce site.
But cookies do more than just make our online lives more convenient: some are necessary for security reasons, such as authentication cookies, and others help Web sites to be informed about users’ preferences and choices. In this sense, they play a key role in providing personalized content because they can store our language preferences, the products we have viewed, or the content we have read, allowing sites to ensure a more personalized and relevant experience for each visitor.
Because of these very characteristics, advertisers in digital marketing use cookies to track user activity on sites to better target ads. Although this particular practice is usually offered to provide a more personalized user experience, some people also see it as a privacy issue, something that has been the focus of much attention in recent years (even prompting various changes by hi-tech giants).
Why are they called cookies?
The term “cookie” may seem unusual in the context of computer technology, but it has an interesting history dating back to the early days of the World Wide Web. The designation finds its roots in both technical and cultural analogies, offering a fascinating explanation of how this term entered the common language of computing.
It all stems from the concept of the “magic cookie,” used as early as the 1970s in operating systems. Within the world of systems programming, a magic cookie denoted a small packet of data used to identify or authenticate a connection or transaction during inter-process communications. This type of data token could be exchanged between a client and a server or between different programs to confirm identity or to maintain the state of a session by retrieving information associated with the token itself. The magic cookie metaphor was appropriate to describe small packets of information exchanged between machines without a continuous connection, somewhat like a cookie offered and accepted in a social conversation.
When Lou Montulli, an engineer at Netscape, introduced cookies in the early 1990s, he relied precisely on the magic cookie concept. He was creating a small packet of data that could be transmitted between the user’s browser and the Web server to store status information, easily transportable and recognized by both parties involved in the communication. Montulli’s choice to call them cookies not only respected the magic cookie tradition, but further simplified the term to fit a broader and more accessible context. At a time when the World Wide Web was still new to many, more familiar and less threatening technical terms like cookies made the technology more approachable and understandable to the general public.
The term “ cookie ” also conjures up images of cookies, rather than dry concepts like “token” or “identifier.” This choice of language helped make the concept more accessible and less intimidating, and it still perfectly reflects the technical and cultural nature of the device today, making it accessible to non-experts and helping to quickly integrate this technology into everyday online life.
What cookies are for: common functions and uses
Cookies serve a variety of purposes, covering a broad spectrum of applications beyond simple web browsing, with functionality ranging from authentication and personalization to data analytics and enhancing e-commerce sessions.
The first task of cookies is to keep a user connected to the site: thanks to these trackers, personal preferences can be stored for each site visited, previous interactions can be saved, previous account logins can be identified, sites can be made more operational, pages can load faster, statistical data on visitor behavior can be collected, and locally relevant content can be offered.
These digital cookies are then capable of storing personal data-such as IP address, user name, unique identifier, or email address-but can potentially also contain other non-personal data, such as language settings or information about the type of device used by the user. In addition, cookies can also contain tracking Id s such as advertising Ids and user Id.
Going into more detail, one of the most common uses isauthentication: thanks to cookies, a website can recognize the user during subsequent visits, saving the user from having to log in each time. This not only improves the user experience, making it smoother and more seamless, but also provides an additional layer of security, as it reduces the risk of phishing attacks.
Another crucial function of cookies is the storage of user preferences. Whether it is the language chosen, the themes selected, or personalized settings, cookies make highly personalized browsing possible. Imagine having to reset language preferences each time on an international website: without cookies, the experience would be significantly less smooth.
In addition, cookies are essential for behavioral analysis and personalization of content and advertisements. By tracking page visits and user interactions, website operators can collect valuable data that enables them to optimize content and marketing strategies. This type of analytics proves to be crucial for devising targeted advertising campaigns, increasing the effectiveness of digital marketing.
Finally, cookies play a key role in e-commerce sessions. Without cookies, an e-commerce site would not be able to remember products added to the shopping cart or complete the checkout process efficiently. In practical terms, cookies greatly enhance user interaction with web content, making possible advanced features that would otherwise be difficult to implement.
Main features of computer cookies
One of the key features of cookies is their duration. There are in fact session cookies, which are automatically deleted when the browser is closed, and persistent cookies, which remain on the user’s device for a defined period of time or until manually deleted. Cookies can also be classified into first-party cookies, which are created directly by the website we are visiting, and third-party cookies, which are created by domains other than the website we are visiting. The latter are often used for tracking and advertising purposes.
More specifically, there are various types of computer cookies that perform specific functions, and in particular to manage sessions, personalization and tracking.
- Sessions
These cookies allow website activity to be associated with a specific user, thanks to a unique string (a combination of letters and numbers) that matches a user session with data and content relevant to that user. In this way, they allow the site to recognize users and remember their individual login information and preferences. If user Max, for example, logs into her account on an e-commerce site, the site’s server generates a unique session cookie and sends it to her browser; this cookie allows the site to “remember” Max by automatically loading her account content and welcoming her with a warm “Welcome back, Max.”
But the role of cookies does not stop there: when Max visits a product page, her browser sends a request to the site, including her session cookie. This allows the site to recognize Max and keep his session active, avoiding the need to log in again.
- Customization
Cookies not only “remember” us, they also “remember” our actions and preferences, and so allow websites to personalize our experience by delivering targeted content and advertisements.
For example, if Max views certain products or sections of a site, cookies can use this information to create targeted ads that he might be interested in; and if Max logs off, his username can be stored in a cookie, allowing the site to welcome him with “awareness” (and username) on his next visit.
- Tracking
Cookies not only “remember” who we are and what we do, but also where we go. Some cookies, known as tracking cookies, record the websites we visit and send this information back to the server that originated the cookie; with third-party tracking cookies, this process happens every time the browser loads a website that uses that tracking service.
For instance, if Max has previously visited a site that sent a tracking cookie to his browser, this cookie might record that Max is now viewing a product page for jeans. hese could lead Max to see denim ads the next time he visits a site that uses the same tracking service.
Tracking cookies are not only used for advertising: many analytics services use them to anonymously record user activity, providing websites with valuable information about user behavior and site performance.
How many cookies are there: types and specific uses
In short, digital cookies are not all the same.
Different types of cookies have specific functions that meet various needs for both users and website operators.
Therefore, there are several categories of cookies, each of which plays a unique role in improving user experience and collecting useful data for site optimization and marketing campaigns. These include essential cookies, functional cookies, tracking cookies, and navigation cookies.
- Essential Cookies
Essential cookies are the backbone of a website’s functionality. Without them, many basic operations would not be possible. Think, for example, of the need to authenticate to a restricted area of a site: without these cookies, it would not be possible to maintain an active session, forcing the user to continuously enter their credentials. These cookies are used to ensure that operations such as secure access to protected areas of the site or shopping cart management in an e-commerce site are possible. Their importance is such that they are often excluded from user consent, precisely because without them the site could not function properly.
- Functional cookies
Moving on to functional cookies, we are dealing with tools designed to improve the quality of the user experience. Unlike essential cookies that are critical to the operation of the site, functional cookies focus on personalization. They allow the site to remember user preferences such as language, region, or other selected settings. For example, an international site might use a functional cookie to remember the language you selected during your first visit, thus avoiding the need to select it again in the future. Although not essential to the operation of the site, these cookies make navigation smoother and more personalized, increasing overall user satisfaction and time spent on the site.
- Tracking cookies
Finally, tracking cookies represent an extremely important category of cookies for the digital marketing world. These cookies are used to collect data on users’ browsing behaviors in order to provide personalized content and ads. Let’s imagine that we visit a clothing website and browse through various products without making a purchase. Using tracking cookies, the site can “remember” our interests and show personalized advertisements as we browse other websites. This approach, known as behavioral targeting, greatly increases the effectiveness of advertising campaigns because it shows users ads relevant to their interests. However, this practice has raised significant concerns about privacy and the collection of personal data, leading to the emergence of stricter regulations such as the General Data Protection Regulation (GDPR) in Europe. These cookies make more effective and targeted advertising possible, but they also require careful and transparent management to comply with privacy regulations.
How cookie storage works
Basically, each browser stores cookies in a designated file on the users’ device-for example, if we use Google Chrome, all cookies are stored in a file called “Cookies,” and we can view the cookies stored by our browser by opening Chrome’s developer tools, clicking on the “Application” tab and then on “Cookies” in the left-hand menu.
Local storage of cookies is not only beneficial to us, but also to web developers, because it frees up storage space on website servers and thus allows websites to personalize content without having to invest in expensive servers and storage space, saving money on server maintenance and storage costs.
Not all cookies, however, are necessary or desirable. Third-party cookies, for example, are used for advertising and analytical purposes, tracking our online movements and Internet searches. Although they are not as harmful as a virus, we may not like the idea of our privacy being compromised and our information sold to advertisers. To protect our online privacy, we can disable third-party cookies or adopt other small “workarounds” to prevent companies from tracking our online usage, providing greater protection for our privacy.
The types of web cookies: how many and what they are
However, let us recap the analysis of the types of cookies, distinguishing them according to their characteristics.
The biggest difference is between proprietary and third-party, depending on who operates the installation request.
To be precise:
- Proprietary or first-party cookies are set by the domain of the host site, the one the user is visiting and displays in the address bar. Only that site can read them, and they are usually used by page owners to save details such as users’ passwords, which will give them easier and faster access to accounts later. Generally, these cookies are safer, provided that you are browsing on reputable Web sites or that they have not been compromised by a recent data breach or cyber attack.
- Third-party cookies are created by a different site and hosted by the one the user is visiting. The domain that sets the cookies owns some of the content, such as ads or images, which uses them to deliver targeted advertising. Third-party cookies allow advertisers or analytics companies to track an individual’s Web browsing history on any site that contains their ads; following the legislative crackdown on data protection, allowing third-party cookies to access your browser is now optional in many countries and states. Today, most third-party cookies have no direct impact on our browsing experience, as many browsers have already begun phasing them out (Google has repeatedly announced the end of third-party cookies in Chrome, reportedly postponed until 2025), and many websites still function effectively and remember user preferences without using third-party cookies.
Some experts add two more categories, namely:
- Zombie cookies, which are a form of persistent third-party cookies permanently installed on users’ computers. Sometimes also referred to as “flash cookies” or “supercookies,” they are extremely difficult for the average user to detect and remove: in fact, they have the unique ability to reappear after being “deleted” from the computer because they create their own backup versions outside of a browser’s typical cookie storage location and use these backup copies for even after deletion (much like zombies in literature and horror movies). Like other third-party cookies, zombie cookies can be used by web analytics companies to track the browsing history of unique individuals (or to prohibit them from accessing content), but they are more commonly used by unscrupulous advertising networks and even cyber attackers, who use them to infect the system with viruses and malware.
- Essential cookies are currently synonymous with the pop-up that asks us to set or confirm cookie preferences when we first visit a website. They are proprietary session cookies, which are needed to run the Web site or services requested online (such as remembering login credentials).
Another important distinction is between:
- Persistent cookies, saved on the user’s computer until originally set expiration or manual deletion. Through these trackers, sites automatically recognize users accessing the site (or any other users employing the same computer), who nonetheless have the ability to manage preferences and possibly reject cookies through browser settings.
- Session cookies, which are deleted when the user closes the browser and therefore are not stored persistently on the device. They are temporary cookies, strictly limited to the transmission of session identifiers that are necessary to allow the safe and efficient exploration of the site, without therefore having to resort to other computer techniques that could be potentially detrimental to the privacy of users’ browsing.
The list of these valuable trackers is then completed with an even more specific classification, which identifies at least a dozen variants, divided into two broad categories:
- Technical cookies, required by some computer systems and necessary for the user to authenticate, take advantage of multimedia content or to set a navigation language.
- Non-technical cookies, used for profiling and marketing purposes, which in turn can be grouped into:
The complete list of computer cookies is therefore divided into:
- Authentication cookies, which help manage user sessions; they are generated when a user logs in to an account through their browser, ensuring that sensitive information is provided to the correct user sessions by associating user account information with an identifying cookie string.
- Functionality cookies, which allow users to use the core functionality of a website (such as language preference, displaying local news, and so on). They generally improve the performance and functionality of a website, and even some website features may not be available without the use and acceptance of such cookies.
- Analytics, the cookies used to collect and analyze statistical information about website access and/or visits, measuring parameters such as number of visits to a page, time spent on a page, or time to leave the site. Also called performance cookies, they collect data that, combined with other information (such as credentials entered for access to restricted areas), can in some cases serve to profile the user (particularly personal habits, sites visited, content downloaded, types of interactions performed, and so on).
- Widgets, graphical components of a program’s user interface, which facilitate user interaction with the program. Examples are Facebook or Twitter cookies.
- Advertising, cookies used to advertise within a site. Also called targeting cookies, they create a profile of the user based on the user’s interests, search history, and items viewed, then share that information with other Web sites so that they can send the person relevant products and services. This is why, if we search for example sneakers online on Google, after not too long we will be “bombarded” with ads on social media or in banner ads related to this type of shoes or relevant items such as socks and so on.
- Web beacons, code snippets that allow a site to transfer or collect information by requesting a graphic image. They can serve multiple purposes, such as analyzing site usage, monitoring and reporting activities on advertisements, and personalization of advertisements and content.
Lastly, to always limit ourselves to only the best-known and most useful types for our purposes, we recall the existence of magic Cookies and HTTP Cookies:
- Magic cookie, as recounted, is an expression from old computer science, predating the modern concept of “cookies” that we use today, which refers to packets of information sent and received without modification to the data. More precisely, they are data tokens that allow servers and Web browsers to communicate, especially within an internal corporate network, and originally served Unix programmers to authenticate and track users in a system. The data stored in magic cookies is encrypted and, under normal circumstances, only the server that created the cookie can read the data.
- HTTP cookies are the more modern version of the “magic cookie,” created for contemporary Internet browsing, designed specifically for the Web and progenitors of all the cookies we have discussed.
On the technical side, however, trackers can take the form of browser or HTTP cookies, or use lesser-known tracking technologies, such as local storage objects (Lso) or flash cookies, software development kits (Sdk), pixel trackers (or gif pixels), “like” buttons and social sharing tools as well as fingerprinting technologies.
Fingerprints in particular are believed to be one of the most aggressive forms of tracking cookies: they are small snippets of information that vary depending on the characteristics of the user (from the device owned to the fonts installed) and allow a unique identifier to be generated that can be used to match a user across websites. In addition, unlike with classic cookies, users cannot undo passive fingerprinting-related activities, and therefore have no control over how their information is collected.
The history of web cookies and applications in digital marketing
Let us return to the recent history of cookies, which began in the 1990s, at a time of rapid evolution and innovation in the field of information technology. To be precise, according to the most reliable reconstructions, the “daddy” of this technology would be Lou Montulli, an engineer working for Netscape Communications, who in 1994 sensed that the Web needed a way to keep track of user interactions (and in particular to check whether readers were new or returning), so as to make the online experience more seamless and personalized.
At the time, the idea was simple: create a way to remember session information between pages, a common problem in the early days of the Web. The need to store the state of user-server interactions was obvious, since the HTTP protocol is inherently stateless, meaning that each request to the server is independent and retains no information about previous requests. Lou Montulli proposed solving this problem with cookies, small text files stored on the user’s device and sent back to the server with each request.
The term “cookie” is derived from “magic cookie,” which as mentioned in programming describes a packet of data that is sent and then returned unchanged, and this is exactly what cookies do: they are sent from the website to our browser, which stores them and returns them to the site each time we visit.
After their introduction, cookies quickly gained popularity, and over the past thirty years they have enabled websites to “remember” users, making it possible to create online shopping carts, personalize content, and authenticate users. They are therefore an integral and fundamental part of the Web system, and indeed according to Ratko Vidakovic, founder of the consulting firm AdProfs, “without cookies, the advertising ecosystem we see todaywould not exist.”
Indeed, the online advertising and adtech industry makes extensive use of cookies at every stage, from campaign planning to retargeting to sales measurement and attribution.
The use of all trackers for advertising purposes has so far been one of the most profitable ways for the industry, because these data packets make it possible to fuel the delivery of targeted ads within seconds of a user opening a website and, more importantly, allow users to specifically monitor the content they access and how they behave by tracking their dynamic device Ip addresses or other similar information.
From this tracking, a profile is created that allows the user to be classified within a specific cluster, so that profiled and targeted advertising can be directed. In short, this information is valuable because it enables demand creation, “causing consumers to want products and services they did not know existed.”
Thus, over the years the functionality of cookies has expanded enormously, from simply storing session information to complex user tracking and profiling mechanisms. hile this evolution has brought with it enormous benefits in terms of personalization and marketing, it has also brought with it numerous debates regarding user privacy.
on the growing popularity of cookies, privacy concerns have in fact also emerged, putting third-party cookies in particular, which are often used to track user behavior across different sites, under close scrutiny, towards which data protection and online privacy concerns and critical issues have been raised.
Answering these concerns, various laws and regulations have been introduced over the years to protect user privacy, such as the ePrivacy Directive or the EU GDPR or state laws in the United States. esting to our continent, for example, users must provide “informed consent”-they must be informed about how the website uses cookies and consent to such use-before the website can use cookies (with the exception of cookies that are “strictly necessary” for the operation of the website itself); moreover, in the EU, cookie identifiers are considered personal data and consequently subject to very specific enforcement rules, which also affect all personal data collected through “cookies.” It is precisely because of these laws that virtually all sites display cookie banners that allow users to review and control the cookies used within them.
First applications and the most recent evolutions of cookies
And so, early applications of cookies were mainly focused on storing session information for e-commerce and to improve navigation. When a user visited a website, cookies allowed the site to “remember” his or her actions, such as items added to the shopping cart or browsing preferences. This not only improved the user experience, making it smoother and more seamless, but also allowed sites to offer features that would otherwise have been impossible to implement.
We are talking about years when the commercial Internet was just taking its first steps, and the idea of being able to store user preferences opened up new prospects for online business. The simple ability to store the status of a shopping cart between different browsing sessions was revolutionary. Thanks to cookies, e-commerce platforms could offer a much more advanced user experience, increasing the chances of customer conversion and retention.
With the passage of time and the evolution of technologies and also people’s needs, the use of cookies has evolved and expanded significantly. Today, cookies are not only limited to enhancing the user experience, as was the case in the early days, but have become critical for personalization and tracking of marketing campaigns. Indeed, cookies make it possible to collect a wide range of data on users’ browsing behaviors, enabling marketers to create detailed profiles and target their advertising campaigns with unprecedented precision.
A practical example is the use of cookies for retargeting. When a user visits an e-commerce website and views a product without making a purchase, cookies allow tracking of this action. Later, when browsing other sites, the user will see advertisements related to that specific product, increasing the chances of conversion. This type of practice has proven to be extremely effective in improving the ROI of advertising campaigns.
In addition, cookies have become an indispensable tool fordata analysis. Platforms such as Google Analytics use cookies to track users’ interactions with websites, providing valuable insights that help site managers better understand the behavior of their audiences. This data can then be used to optimize content, improve user experience and develop more effective marketing strategies.
However, despite the many benefits of cookies, their use also raises several legal and privacy issues. The ability to track user activity has led to increased awareness and concern about the protection of personal data. This has prompted several jurisdictions to introduce stricter regulations, such as the GDPR in Europe, which regulates the use of cookies and requires explicit consent from users.
The limits of cookies: not only security and privacy risks
Cookies are an integral part of the Web and continue to play a key role in making the online experience smoother and more personalized. Yet, it is impossible not to mention the concerns surrounding their use that, despite their undeniable benefits, make it important to assess the range of limitations and critical issues, especially in terms of privacy and security.
Then there is another technical issue concerning the evolution and technological limitations of cookies: with the advent of new technologies and the evolution of the web, the role of cookies is changing, and, for example, the rise in popularity of the mobile web has made cookies less effective for tracking users. At the same time, new technologies such as Local Storage and IndexedDB are offering alternatives to cookies for client-side data storage.
Far more pressing is the security issue: although cookies cannot carry or install malware on computers, they can be exploited by cybercriminals. For example, in November 2010 the Koobface worm exploited Facebook-related cookies to steal credentials and gain access to victims’ accounts, while in May 2011 an Internet Explorer zero-day bug was used to hijack session cookies through social engineering tactics, and again, in July 2011, an attack on several e-commerce sites used malware that sought Internet caches, cookies, and browsing histories to steal login credentials and other data.
Finally, there are the (complex) privacy implications for users, and choruses have long been raised about the possible criticality of using cookies in relation to the transmission of personal data and the tracking of browsing habits; for example, between 1996 and 1997, cookies were the subject of U.S. Federal Trade Commission hearings, and the Internet Engineering Task Force (IETF) formed a special working group to address cookie specifications, subsequently determining that third-party cookies were not allowed, or at least enabled by default. The most recent standard, updated in 2011, allows third-party cookies, but users can choose not to accept them.
To address privacy concerns, a “Do Not Track (DNT)” header mechanism was introduced for browsers that, when enabled, warns that users do not wish to be tracked and that any tracking or tracing of users between sites should be disabled. Mozilla Firefox was the first browser to implement this feature, followed by Internet Explorer, Safari, Opera, and Google Chrome.
But how do cookies affect user privacy? As described above, cookies can be used to record browsing activity, including for advertising purposes, and users often do not have (or at least did not have) awareness or control over what tracking services do with the data they collect. Even when cookie-based tracking is not tied to a specific user’s name or device, with some types of tracking it may still be possible to link a record of a user’s browsing activity with their real identity. This information could be used in a variety of ways, from unwanted advertising to tracking, stalking, or harassing users-obviously, this is not the case with all uses of cookies.
Legal aspects and regulations on cookies and privacy
For these reasons, over the years cookie management has become a central topic not only for web developers, but also for lawmakers and regulators around the world. Indeed, the growing concern for data privacy has led to the introduction of numerous regulations designed to control how cookies can be used and managed. Among the most significant is undoubtedly the European Union’s GDPR (General Data Protection Regulation), which has imposed stringent regulations on how user data should be handled.
The GDPR, which went into effect in May 2018, represents one of the most stringent legislations on personal data protection. Its main goal is to give individuals back control over their personal data, and cookies fall squarely into this category. The regulation stipulates that data saved and tracked through cookies must be processed in a transparent, lawful and fair manner. This has direct and significant implications for all websites operating within the European Union or processing data of European citizens.
GDPR and cookies
The GDPR introduced specific requirements for the management and use of cookies, forcing websites to obtain explicit and informed consent from users before installing nonessential cookies on their devices. This legislation has made obsolete previous methods in which simply using the site implied acceptance of cookies. Now, companies must provide clear and complete information about what types of cookies they are using and for what purpose, giving users the option to accept or reject each category of cookie.
For example, when accessing a website in the European Union, users are greeted by a banner or pop-up window explaining the use of cookies on the site. This banner cannot simply be ignored or closed without action, but must involve an active choice on the part of the user, who can accept or reject the various types of cookies (functionality cookies, tracking cookies, etc.). Only essential cookies, which are necessary for the operation of the site, can be installed without prior consent.
Implementing a GDPR-compliant cookie management system is not just a matter of placing a banner on the website. It requires a comprehensive review of data collection practices, mapping of cookies used, and documentation of all purposes for which data is collected. It also requires ensuring that consent is recorded and revocable at any time, giving users easy access to change their cookie preferences.
In addition to the GDPR, there are other regulations governing the use of cookies in different parts of the world, such as theCalifornia Consumer Privacy Act(CCPA) in the United States, which also imposes strict protocols for handling personal data and cookies. Although the details vary from one regulation to the next, the general principle remains the same: protect users’ privacy by giving them transparency and control over their data.
In this ever-changing regulatory environment, it becomes essential for companies to stay up-to-date with current regulations and implement technology solutions that ensure compliance. Failure to comply with these regulations can result in heavy financial penalties as well as significant reputational damage. User trust is a valuable asset, and transparent and respectful privacy management is not only a matter of legal compliance, but also a strategy for building and maintaining long-term relationships with one’s audience.
The key to successfully navigating through this complex landscape is to take a proactive approach, investing in the right technologies and resources to ensure that cookie management practices are not only compliant with regulations, but also aligned with data protection and user experience best practices.
To accept cookies or not? Consent for users
With the introduction of GDPR and other similar regulations, websites are now required to obtain informed and explicit consent from users before they can install nonessential cookies on their devices. This consent collection process aims to ensure that users are fully aware of how their data will be used and have control over their own level of tracking.
Consent should be sought through a clear and understandable interface, often implemented through banners or pop-ups when first accessing the site. Users must have the ability to accept or reject the various types of cookies (e.g., functional, tracking, advertising) with equivalent ease. It is critical that this choice be neutral and non-manipulative, avoiding practices such as dark patterns that may cause users to consent unknowingly or against their will.
Once consent has been obtained, sites must record and retain evidence of this consent, while also allowing users to revoke or modify it at any time. e Consent Management Platforms (CMPs) are essential tools in this process, as they automate the collection, storage and management of consent while ensuring regulatory compliance.
In addition to GDPR, other regulations such as the California Consumer Privacy Act (CCPA) in the United States require similar data protection practices, underscoring the need to take a comprehensive and proactive approach to privacy management.
These changes represent a significant step toward greater transparency and control for users, while challenging companies to innovate in their data collection and analysis practices, ensuring that privacy remains a priority.
Who cookies are for and how to use them on a site
From what has been written, it seems clear enough that virtually all websites use cookies and all benefit from them: from large social media platforms to small blogs, cookies are indeed an essential tool for providing a smooth and personalized user experience.
Digital marketing companies are among the largest users of cookies, which are used to track users’ online behavior, understand their interests and browsing habits, and then deliver targeted advertisements. This process, known as “behavioral targeting,” is the basis for much of online advertising.
Search engines, such as Google, also use them to provide more relevant search results, while e-commerce platforms use them to track products in users’ shopping carts and offer personalized suggestions.
In more detail, there are many reasons why a website should use cookies, including for example:
- Improving the browsing experience. Cookies can be used to store user preferences, such as language or location, in order to provide a more personalized experience for users. For example, an e-commerce website may use cookies to store a user’s preferred language so that the landing page is displayed in the correct language.
- Improve site functionality. Cookies can be used to store browsing information, such as pages visited or searches performed, in order to improve site functionality and provide a smoother experience for users. This can be useful for measuring traffic, improving the effectiveness of marketing campaigns, and better understanding user needs. For example, a news website can use cookies to store the latest news a user has read so that related articles can be displayed in the future.
- Tracking user behavior. Cookies can be used to track user behavior on websites, which can be used to measure traffic, improve the effectiveness of marketing campaigns, and better understand user needs. For example, an e-commerce website may use cookies to track pages visited by users so that related products can be displayed.
- Collect data for advertising purposes. Cookies can be used to collect data about users’ use of websites, which can then be used to show advertisements more relevant to users’ interests. For example, a news website may use cookies to collect data on users’ interest in certain topics and leverage the data to show advertisements related to those topics.
Lastly, to effectively use cookies on the site, some tips should be followed, starting with taking a responsible user-oriented approach, and especially remembering to:
- Be clear and transparent with users about the use of cookies, appropriately informing them about the purposes and types of cookies used (by displaying an appropriate cookie banner on the main page of the website).
- Do not use cookies to track users without their consent.
- Use cookies to improve users’ browsing experience and not just for advertising purposes.
Cookies and SEO: how to use cookies for visibility
Cookies also play a potential role in SEO, influencing various aspects of a website’s online visibility. We should not think of direct impact: cookies are not directly responsible for a site’s search engine ranking, but their indirect effects can be varied and significant, through the personalized experience they offer users and the signals they send.
Think, for example, of SERP personalization and user activity, which can affect key SEO metrics such as bounce rate, time on site, and conversions.
In this sense, cookies can store users’ search preferences and influence the results they see in Google. If a user frequently visits a site and interacts with the content in a positive way, Google is likely to consider this behavior as a signal of high quality, thus increasing the site’s ranking. In addition, cookies can help signal a site’s relevance to different audience segments, allowing Google to show the most relevant content based on the user’s previous interactions.
Again, when a website uses cookies to improve content personalization, it increases the likelihood that users will find that site relevant and of high quality, contributing to positive signals such as higher time on site and lower bounce rates.
Think, for example, of an e-commerce site that uses cookies to store users’ shopping preferences. If a user visits the site, selects various products, and then exits without completing the purchase, cookies can be used to show retargeting ads on other websites, which not only increases the chances of conversion but can also improve the user’s behavior upon return.
Interestingly, tracking cookies can also be used to collect useful data to analyze a site’s SEO performance. Analytics tools such as Google Analytics use these cookies to track user sessions, monitor the most visited pages, and understand traffic behavior. This information is essential for optimizing site structure, content and keywords, indirectly affecting search engine rankings.
In addition, data derived from cookies can be used to conduct A/B testing, a very common optimization practice in SEO. Using cookies, traffic can be split into test groups to compare different versions of a page and determine which one performs better. This data-driven approach allows you to make informed choices that improve the structure and content of your site, further increasing your chances of climbing the SERPs.
However, it is important to carefully manage the use of cookies, especially given current privacy regulations such as GDPR. Explicit user consent is now a must, and failing to comply with these regulations can lead to severe penalties. This focus on transparency and privacy compliance not only ensures legal compliance but can also improve brand perception, fostering a trusting relationship with users.
Either way, with the right strategy and the right technologies, you can continue to benefit from valuable data to optimize site performance, improve user experience, and build long-term trusting relationships with your audience.
Cookies and the Web giants: how the big companies have moved on
Partly in the wake of these laws-as well as user attention-the major browsers and tech giants have also taken various initiatives in recent years to address cookie usage and user privacy concerns. These efforts are often driven by the need to comply with emerging regulations, as well as by users’ growing awareness and demand for greater protection of their personal data.
For 30 years, practically speaking, cookies (especially third-party cookies) have been the cornerstone of Internet advertising and have allowed companies to reel in huge profits, but this is changing (more or less) suddenly. The first signs came in 2017, when the Safari browser began blocking third-party tracking cookies, followed in 2019 by Firefox, until Google’s decision earlier this year to permanently stop these trackers on Chrome, the world’s most widely used browser (about two-thirds marketshare).
Apple, with its Safari browser, was one of the first companies to take drastic measures against the use of third-party cookies. Through a series of updates, Apple implemented Intelligent Tracking Prevention (ITP), a set of measures designed to limit the ability of websites to track users through cookies. ITP uses advanced algorithms to identify and limit cookies that are used for tracking purposes, instead allowing only those cookies that are necessary for essential functionality.
With the most recent versions of Safari, Apple has further strengthened its privacy policy by introducing notifications that inform users when a website is attempting to track their activities. In addition, Apple has expanded its privacy initiatives with Privacy Labels in the App Store, requiring developers to provide detailed information on how user data is collected and used. This approach has solidified Apple as a leader in privacy protection, putting pressure on other industry players to adopt similar measures.
Mozilla Firefox has followed a similar line, introducing Enhanced Tracking Protection (ETP), a feature enabled by default that automatically blocks tracking cookies and third-party scripts known to collect data on user activity. ETP uses a list of known trackers to identify and block malicious actors, thus protecting users from invasive tracking without requiring manual intervention.
Mozilla has also launched other privacy initiatives, such as Total Cookie Protection, which isolates cookies at the website level, preventing trackers from building a complete profile of the user across multiple sites. This method of “sandboxing” cookies is designed to prevent cross-tracking while still maintaining basic functionality such as storing user preferences on a single site.
Outside of browsers, other major technology companies have also taken steps to address cookie issues. Microsoft, with its Edge browser, has implemented Tracking Prevention, which offers several settings to protect against trackers, allowing users to choose their desired level of tracker blocking. Facebook and Amazon, while largely dependent on data for their advertising operations, have begun to explore more privacy-friendly tracking methods and improve transparency with users about the use of their data.
Cookies and Google: the moves for Chrome and search engine
Even Google has had to shake up its system, trying to bring its Chrome browser and other ecosystem products in line with new sensitivities and regulations.
The promises have been lofty, with Google initially announcing a revolutionary plan to phase out third-party cookies from its Chrome browser by 2022 and develop alternative technologies for web advertising and analytics. This decision, which was complex and not without criticism, has slowly seen its timeline lengthened and in fact the elimination of cookies is still ongoing due to various issues, including issues with the CMA, the UK’s Competitions and Markets Authority, i.e., the UK government’s independent department responsible for ensuring that competition and markets work in favor of consumers, which has raised various doubts and concerns about the US giant’s moves.
In any case, as explained by Justin Schuh, director of Google Engineering for Chrome, the first goal was to block cross-website trackers to provide greater privacy protection and security for users’ browsing, putting in place a “strategy to redesign the standards of the web, to make it the default for privacy.”
The focus on third-party cookies is the main one because it is “one of the tracking mechanisms, but this is just one tracking mechanism and we call it that because it’s what people pay attention to.” In addition, Google is actively working “across the ecosystem so that browsers, publishers, developers, and advertisers have the opportunity to experiment with new mechanisms, test whether they work well in various situations, and develop supporting implementations, including ad selection and measurement, denial of service (DoS) prevention, anti-spam/fraud, and federated authentication.”
The first concrete effect came in 2020, when Chrome began limiting “cross-site tracking” and unprotected data sharing by introducing a new tagging system that incorporates the SameSite label to make explicit how cookies should be considered and treated, requiring that those tagged for third-party use be accessible only via an HTTPS connection. Without indication of the attribute, Chrome considers such trackers as first party only and therefore not distributable via external sites.
It should be clarified and emphasized that Google does not want all cookies to disappear: first-party cookies, created by the domain a user visits to remember shopping carts or user accounts, are not affected by abandonment and, indeed, see their value increase as a source of data to tailor ads to people.
Within the advertising market, this could result in a further shift in power, as the Financial Times noted, “It would shift from the open Internet, where adtech once thrived – and cookies tracked user activity between sites – to more closed domains that have detailed data on their direct users.” Such a closed world extends from small retailers or publishers, which might ask users to register or pay subscriptions, to large platforms such as Facebook or Google, which hold huge amounts of data about their users.
And there is no shortage of those who highlight the role played by Google, which should go a long way toward strengthening its market power, making Chrome an almost indispensable intermediary for advertisers who need data to accurately target ads and monitor their effectiveness.
What is Google’s Privacy Sandbox and other cookieless initiatives
At the heart of the initiatives is the Privacy Sandbox project, which aims to replace cookies with a credible and viable “open web” API technology for targeting and conversion tracking, created to protect users’ privacy while allowing advertisers to track them within the browser without sharing their data.
The Privacy Sandbox is specifically an initiative to create open standards to improve privacy on the Web while maintaining the ability to deliver relevant ads. The Privacy Sandbox involves the development of new technologies that enable ad operations without relying on identifiable identifiers such as third-party cookies.
It is thus a system that ends individual targeting to promote targeting by groups of users, so as to prevent abuse of various kinds and safeguard the display of advertising content.
The Privacy Sandbox remains Google’s main initiative to develop open standards and alternative technologies to third-party cookies. However, the path has proven to be more circuitous than expected.
For example, one of the first key proposals launched by Google was Federated Learning of Cohorts (FLoC), a method of grouping users with similar browsing behaviors into “cohorts” and serving ads based on those groups rather than individuals. FLoC immediately sparked heated discussions about its effectiveness and privacy implications-particularly because of potential discrimination and difficulty in ensuring user anonymity-and the company eventually halted development of this initiative in early 2022.
Google then focused on Topics, an API that assigns general interests to users based on browsing history, sharing this information with advertisers for ad personalization. Topics was tested extensively and then released starting with Chrome version 115 in 2023.
Other proposals for the Privacy Sandbox include:
- Protected Audience API. Formerly known as FLEDGE, this API aims to enable advertising retargeting without using third-party cookies, instead using aggregated and anonymized data.
- Attribution Reporting API. This API provides advertisers with aggregate information on conversions, allowing them to evaluate the effectiveness of ad campaigns without tracking individual users.
- Shared Storage API. Designed as an alternative to third-party cookies for specific use cases, such as fraud prevention and audience measurement, this API enables the storage of limited, anonymized information that can be accessed by multiple websites.
Backtracking: Google no longer deletes third-party cookies
Rather sensationally, on July 22, Anthony Chavez – VP, Privacy Sandbox at Google – wrote a post on the company’s blog in which he announced a hugely significant and important piece of news: the company has decided to maintain support for third-party cookies in Chrome. A complete turnaround from the 2020 moves, but without backtracking on the overall program that aims to improve web browsing security and protect user privacy.
The new approach includes the introduction of a new user experience that will allow users to make an informed choice about cookies, a choice that applies to all their web browsing and can be changed at any time. This strategy is intended to elevate user choice rather than completely eliminate third-party cookies.
In the article, Chavez said that early tests of the Privacy Sandbox APIs have shown their potential in improving online privacy while maintaining a thriving advertising ecosystem. However, he acknowledged that implementing these APIs requires significant commitment from industry participants to achieve their goals. Google also stated that it will not abandon the Privacy Sandbox API and will continue to develop and improve it, along with the introduction of new privacy features, such as IP protection for Chrome’s Incognito mode.
Google explained that the Privacy Sandbox project was developed with the goal of “finding innovative solutions that significantly improve online privacy while maintaining an advertising-supported Internet that supports a vibrant ecosystem of publishers, connects businesses with customers, and gives us all free access to a wide range of content.” During this process, Google received feedback from a variety of stakeholders, including regulators such as the U.K. Competition and Markets Authority (CMA) and theInformation Commissioner’s Office (ICO), publishers, web developers, standards groups, civil society, and advertising industry participants. This feedback has helped create solutions that “aim to support a competitive and prosperous marketplace that works for publishers and advertisers and encourage the adoption of privacy-enhancing technologies.”
Preliminary testing by ad tech companies, including Google itself, has indicated that the Privacy Sandbox API has the potential to achieve these goals. However, “this transition requires significant work by many participants and will impact publishers, advertisers, and everyone involved in online advertising.” As a result, Google is proposing an updated approach that elevates user choice. Instead of eliminating third-party cookies, Google will introduce a new experience in Chrome that will allow users to make an informed choice that will apply to all their web browsing, and they will be able to change that choice at any time. This new direction is currently being discussed with regulators, and Google will engage with the industry during its implementation, anticipating continued collaboration with the ecosystem during the next phase of the journey to a more private web.
Cookies and web analytics: how to do analytics without cookies, the alternative methods
We are still in an evolving situation, and it is still unclear if and how the abandonment of tracking cookies will happen and what impact this change will have, and Google’s Privacy Sandbox itself has undergone many changes and slowdowns from initial intentions.
Certainly, the time has come to start looking at data differently and prepare for this cookieless future: in order not to lose ground, brands will need to develop new skills, program systems to measure audience and campaign effectiveness, and be able to engage consumers as effectively as possible.
Web analytics has evidently undergone profound changes in response to growing privacy concerns and the introduction of stricter regulations such as GDPR. Traditionally, the collection and analysis of user data relied heavily on cookies to track user activity across different sessions and devices. However, with regulatory restrictions and browser initiatives to restrict or block third-party cookies, the web analytics industry has had to adapt quickly, exploring new ways to track user behavior in a less intrusive way.
Without tracking cookies, web analytics platforms have begun to develop and implement new methods to monitor user interactions while maintaining compliance with privacy regulations.
These technologies new web analytics techniques that do not rely on cookies offer innovative ways to collect data without compromising user privacy, responding to increasingly stringent regulations such as GDPR. From solutions that analyze user behavior passively to methods that use aggregated and anonymized data, the industry is evolving toward a more ethical and transparent approach to collecting and using information.
One of the main advantages of alternative technologies is that they can avoid the explicit consent issues required by cookie regulations, simplifying compliance without sacrificing the quality of the data collected. This not only optimizes the user experience by eliminating annoying consent pop-ups, but also allows website owners to maintain a clear and accurate view of their site’s performance. Adopting these new technologies requires a paradigm shift and a potential upfront investment, but the long-term benefits in terms of compliance, user trust, and data accuracy can be enormous.
Alternative technologies to cookies
One of the main emerging technologies for cookie-free analytics is device fingerprinting. This method uses a combination of unique attributes of the user’s device, such as browser type, screen resolution, installed fonts, and other system characteristics, to create a unique, traceable digital identity. Fingerprinting is particularly useful because it does not require data to be stored on the user’s device, thus avoiding many of the legal complications associated with cookies. However, it is essential that it be implemented ethically, ensuring that the data collected is anonymized as much as possible.
Another technology that is gaining traction is server-based tracking. Unlike traditional methods that store data on the user’s device, server-based tracking collects and analyzes data directly from the server that hosts the website. This approach not only reduces dependence on cookies, but also offers greater data security, as all information is centrally managed and can be better protected against unauthorized access. In addition, server-side tracking can provide more accurate and complete data, since it is not subject to restrictions due to cookie blocking by browsers.
Another less intrusive alternative is the use of aggregated and anonymized data. This approach relies on statistical methods to analyze user behavior without collecting specific personal information. For example, one can track the number of visits to a web page or the average time spent on a section of the site, without tracking individual users. This type of analysis is extremely useful for obtaining general insights into site performance and user interest, while maintaining a high level of privacy.
Finally, it is interesting to note that some platforms are beginning to experiment with machine learning to predict and analyze user behavior without making use of cookies or other intrusive technologies. Using advanced algorithms, these platforms can identify patterns and trends based on a large number of variables, providing valuable insights without having to track users directly.
These technologies are a proactive response to growing privacy concerns and stricter regulations, offering practical solutions for data analytics and digital marketing. Although each of these technologies has its own advantages and disadvantages, taking a multifactor approach that combines different methodologies can provide optimal results while ensuring legal compliance and respect for user privacy.
The three paths to a cookieless future
Having to find new solutions in view of the obsolescence of third-party cookies over time are advertisers, vendors, ad tech companies focused on retargeting, and anyone whose business relies on performance, plus of course those who have relied on unsafe third-party cookies or fingerprinting.
An Engage article identifies three possible scenarios for those who need to change strategy and still acquire prospects and connect with their target audience.
- Use of other data sources
It is quite predictable to think that the end of third-party cookies will make other sources of data, such as second-party data (or login data), more important, meaning that advertisers “will have to rely more heavily on publishers and tighten relationships even more with premium publishers to ensure that brand safety standards and contextual targeting needs are met.”
In this scenario, “brands will need to take back control and better leverage their first-party data by incentivizing user authentication on their site or app through valuable content, loyalty programs” and more, “assigning the consumer a unique user ID at the time of authentication” to get “a clear view of that user’s cross-session and cross-device behaviors and actions.” In addition, it becomes critical to analyze trends and insights for planning one’s campaigns.
- Developing partnerships with the “big techs”
Big companies like Google, Facebook, and Amazon (which together swallow more than 70 percent of digital advertising revenue) will be increasingly necessary for brands in an environment constrained by new privacy regulations because they offer the best proprietary data sets. Thus, “identifying and targeting these channels will allow brands to continue to innovate and deliver targeted and engaging advertising to the right audiences.”
- Contextual targeting
The last avenue indicated by the article is the use of contextual targeting “to match ads to keywords and thus place them in a context relevant to one’s product.” Such a solution is aided by the use of Machine Learning and AI-based technologies, which “provide a more accurate understanding of content and allow for greater granularity by targeting video metadata, titles descriptions, keywords and even to comments inside and outside of content,” and allow contextual targeting “to go deeper into what consumers are actively looking for when they are hunting for something,” so as to deliver more personalized messages.
The case of Dutch state TV
It is precisely about contextual targeting that the site Professione Reporter talks about, which recounts a successful case of a brand that decided to preemptively opt out of cookies (and what the article calls “the empire of Google and cookies”): this is the Nederlandse Publieke Omroep, the public TV station in the Netherlands (like say, our Rai or the BBC), which since 2018 has adopted a revolutionary cookie policy.
After the introduction of the GDPR launched by the European Union to protect personal data and privacy, the Dutch TV decided that “visitors to its sites would no longer be forced to say yes or no to cookies,” and, unlike in almost all cases, “skipping the privacy notice would not be considered an okay to tracking, but a no.”
Ninety percent of users chose no, either indicating it directly or skipping the option, but this did not spell disaster for Npo’s advertising revenues-despite a Google study claiming that “opting out of cookies would have reduced ad revenue by 50 percent”-and in this 2020 decided to opt out of cookies altogether, relying no longer on programmatic advertising through Google, but on contextual advertising served by local agency Ster.
The result, the story of the past few months, is that the company’s advertising revenues have risen sharply, even after the shock of the Coronavirus, and Npo found “the advertisements served to users who rejected cookies had brought in the same or higher revenues than the advertisements served to users who said yes to cookies.”
In concrete terms, since the beginning of 2020, visitors to Npo’s sites have not been tracked: in January and February alone, “digital advertising revenues grew 62 and 79 percent, compared to the same months in the previous year, and even during the following Coronavirus months they grew in double digits.”
The explanation is simple: now Nederlandse Publieke Omroep “collects everything that advertisers spend to publish on its pages, whereas before it left a major chunk of revenues in the hands of bunch middlemen, the group of intermediaries (data management platform, demand-side platform, supply-side platform).”
How did Google Analytics change?
One of the most obvious effects of the new approach (by Google, but by the tech industry in general) we notice in Google Analytics 4, which, compared to the previous Universal version, uses cookies and analytics technologies in a less invasive and intrusive, more privacy-oriented (and law-abiding, especially with the latest changes) way.
Specifically, now-as noted on the specific service page-Google Analytics uses a number of cookies to collect information and report statistics on site usage without personally identifying individual visitors to Google; the main cookie used by Google Analytics is called ‘_ga’ and allows one service to distinguish one visitor from another and lasts 2 years. Any site that implements Google Analytics, including Google services, uses the ‘_ga’ cookie and each is unique to the specific property, so it cannot be used to track a particular user or browser on unrelated websites.
In response to regulatory changes and restrictions on cookies, therefore, Google Analytics has evolved its functionality to ensure compliance and offer alternative solutions for data collection and analysis. The introduction of Google Analytics 4 (GA4), a next-generation platform designed to be more flexible and privacy-friendly, goes precisely in this direction, as it adopts an event-based rather than session-based data model, which allows for greater granularity and flexibility in analyzing user behavior. In addition, GA4 natively integrates machine learning to provide insights and predictions based on aggregated data, reducing the need for individual tracking.
One of the distinguishing features of GA4 is its emphasis on cross-platform tracking, which allows data from different sources, such as websites and mobile apps, to be merged into a single view. This omnichannel tracking is done in a way that respects user privacy by using first-party identifiers that comply with data collection regulations.
Google Analytics has also improved its consent management capabilities, allowing site owners to configure Consent Management Platforms (CMPs) in a more intuitive and compliant manner. These tools help sites collect user consent for tracking and configure Google Analytics accordingly.